Hannes Mühleisen, a postdoc researcher at CWI, recently found that he could see too much information from the wifi network in NS trains, which are passing close by his home - a houseboat in Amsterdam near Central Station. The network information is not encrypted. With two simple antennas Mühleisen has been gathering data for five months.
After trying to get in contact with the NS many times without success, he was interviewed by de Correspondent (in Dutch). It was published on 6 August 2015.
According to Mühleisen, people can best avoid using wifi in trains as long as it is not secure. He also recommends to use a VPN connection. The National Cyber Security Centre in the Netherlands published an updated fact sheet on VPN and wifi use for travellers on 6 August (pdf).
Several other media also paid attention to this news, such as:
- NPO Radio 2: Hannes Mühleisen was interviewed by Gijs Staverman in his programme Gijs 2.0’. The livestream was broadcasted on NPO Radio 2 on 6 August 2015 at noon on national Dutch radio. The interview with Hannes Mühleisen can also be found online (audio, in Dutch).
- NOS op 3 online: Vanaf je woonboot meekijken op de NS-wifi (video, 6 augustus 2015)
- Radio 3FM, interview door Arno LeBlanc: Wifi in de trein is zo lek als een mandje (audio, 6-8-2015)
- NPO Radio 1: de Correspondent journalist Maurits Martijn spoke in NCRV's De Ochtend (audio) with more information on the website of De Ochtend and a reaction of NS in De Ochtend (audio), with more information on the reaction on the website of De Ochtend.
- de Correspondent journalist Maurits Martijn spoke on BNR radio (audio), with more information on the BNR website.
- Information Age: Man on a houseboat secretly collects train travellers' sensitive data through unencrypted Wi-Fi network (7-8-2015)
- Joop.nl: NS: Wie gratis wil internetten betaalt met zijn privacy
- AD: 'Wifi-netwerk in trein onveilig'
- De Telegraaf: 'Wifi-netwerk in trein onveilig'
- NU.nl: 'Wifi-netwerk in NS-treinen eenvoudig af te tappen' and 'Openbaar wifi veilig te gebruiken met VPN'
- Security.nl: NS: wifi in de trein ongeschikt voor internetbankieren
- Nieuws.nl: 'Gebruik wifi in treinen NS onveilig'
- NL Times: Report: Free train wifi totally unsecured; NS ignored warnings
- and further a.o. EenVandaag, BN De Stem, RTV NH, het Eindhovens Dagblad, de Gelderlander, NieuwsUit.com, DeOndernemer.nl, Facto and Apparata (Wifi-gebruik in NS-treinen blijkt eenvoudig te bespioneren).
More information can be found at Hannes Mühleisen’s personal website with train data, 'Trainwatch' (http://trainwatch.u0d.de/) and Mühleisen's personal website.
Dr. Hannes Mühleisen is a computer scientist based in Amsterdam, interested in data management for statistical processing. He is working as a researcher at the Database Architectures group within the Centrum Wiskunde & Informatica (CWI) and also serves as an adviser for MonetDB Solutions. He was recently awarded a Veni grant.
Picture: Hannes Mühleisen.
