CHICAGO (WLS) --The ABC7 I-Team has a warning about free WiFi. It's popping up at parks, libraries, and is now in almost a dozen Chicago neighborhoods. But the I-Team uncovered how cyber hackers can target those free signals and steal from you.
With just about $50, a tech expert can buy the right equipment and take your account numbers and passwords. Cyber thieves can do it by zeroing in on open, free, WiFi networks. The I-Team found out how it all works after asking questions about a new free WiFi service being offered in Chicago.
Tech security experts from Chicago's cyber crime fighting business, Trustwave, hit the streets of River North with the I-Team.
They showed us how easy it is to view your social media or even banking information if you're surfing on a free, open WiFi network that doesn't require a password.
In the first scenario, "the man in the middle" is a phony WiFi spot that uses the same name as a "free" hotspot, to trick you into logging in.
"Now he has joined my hotspot and I can route his traffic through him and out to the internet," said David Bryan, Trustwave.
ABC7's Jason Knowles says, "So he would be the fake victim, let's say, and you are the fake criminal, and you just stole his information?"
Bryan: "Yes, possibly."
The second scenario is known as "promiscuous mode." Cyber attackers can view the network to potentially see the traffic, passwords and account information, flying by.
"It is not a private network that just belongs to you, and the things you do or say on that network can be pursued by a third party," said Charles Henderson, director, Trustwave.
The city of Chicago offers free WiFi at airports, parks and libraries, but also tells the I-Team that "it isn't secure and the city doesn't assume responsibility for the configurations, security or files."
There's also open WiFi networks provided by restaurants and stores. And now, a private company called GOWEX, out of Madrid, Spain, is giving away free WiFi in more than a dozen Chicago neighborhoods.
"We like to say that WiFi is like water and water should be made to all of the population," said Carlos Pujol, CEO, GOWEX North America.
On Skype, Pujol said the company makes money based on advertisers, but he wouldn't say whether or not people should avoid surfing social media or banking websites.
Knowles: "When a user hops on any free WiFi they need to be careful about their private and personal information."
Pujol: "Yeah, they need to be aware of those things but hacking also occurs online with a wire connection."
GOWEX says it's connections are "protected under a secure, robust and a strong registration platform." But the Trustwave security experts and others we talked to reinforced that any open network can be susceptible.
Security pros say you can avoid free open network connections all together, or just visit non-risky pages, like news websites.
But even then, as you can see in these images from a security program, you can still be exposing unencrypted information.
"Any information that goes unencrypted over the network can be monitored by anyone else on a shared infrastructure," said Henderson.
And here again, watch as our fake cyber attacker shows us how he set up that phony hotspot to view his coworker's website.
"I would take that capture I did and reassemble it, and dig through it and pull information off it," said Bryan.
Banking sites with the right encryption can also protect your account numbers, but experts say it's still risky on an open WiFi network. It's also worth noting that hackers can also strike "secured" WiFi networks, but it is much harder.
If you want to surf on a free WiFi network, you can also buy a VPN, or a virtual private network. You can add that to your phone or laptop to add encryption and protection.