Half of smartphone users leave their Wi-Fi settings on when they go shopping, according to retail analytics startup Viewsy.
"In our tests we find that between 40 and 55 per cent of people have their Wi-Fi on," said Thomas Bell, head of operations at the London-based company.
Viewsy deploys in-store sensors that track shoppers via their Wi-Fi-enabled smartphones. The sensors collect the unique MAC address of the phone via the Wi-Fi signal and provide anonymised metrics such as how often a customer returns, dwell time, stopping power (who is being pulled in off the street by a particular shopfront display), and how stores and franchises might be cannibalising each others' sales.
Talking to Computing at a recent Code_n big data startup event in London, Bell said that even if only five per cent of customers had Wi-Fi on, the firm's results would still be statistically valid, because of the sampling techniques used in the analysis.
Perhaps shoppers leave their Wi-Fi on because they plan to take a coffee break, taking advantage of a public Wi-Fi hotspot to check their bank details to find out how much they can afford to spend.
This is highly inadvisable, warned Troels Oerting, head of Europol's cybercrime centre yesterday.
"We have seen an increase in the misuse of Wi-Fi, in order to steal information, identity or passwords and money from the users who use public or insecure Wi-Fi connections," he told the BBC.
"We should teach users that they should not address sensitive information while being on an open insecure Wi-Fi internet."
Attackers using man-in-the-middle (MiTM) attacks frequently target public Wi-Fi hotspots, Oerting said, spoofing them in order to collect login information and other sensitive data or to manipulate the transaction.
Europol is helping a number of countries after such attacks, Oerting said.
MitM attacks are not new. They belong to a category of threats known as advanced persistent threats, which is where attackers are focusing their efforts. Others include social engineering, spear phishing and watering-hole attacks.
Through such attacks on individuals, perpetrators often hope to glean information that can be used for further attacks, perhaps on the organisation the person works for.
A recent Computing survey found that 77 per cent of IT professionals believe that such attacks present a real danger to their organisation.