Kaspersky Assesses Mexico's Public Wi-Fi Security Ahead of 2026 World Cup
Kaspersky GReAT conducted a wardriving assessment across Mexico City, Guadalajara, and Monterrey, analyzing public Wi-Fi security to identify potential risks for visitors attending the 2026 FIFA World Cup.
As Mexico prepares to co-host the 2026 FIFA World Cup, Kaspersky's Global Research and Analysis Team (GReAT) has conducted a comprehensive wardriving assessment in the three host cities: Mexico City, Monterrey, and Guadalajara. The study aimed to evaluate the security posture of public Wi-Fi infrastructure, anticipating a significant influx of international visitors and the associated increase in potential security risks stemming from public network usage.
The research involved passively collecting data on 84,588 wireless signals, analyzing characteristics such as Service Set Identifiers (SSIDs), default configurations, and security protocols like WPA2/WPA3. The assessment focused on areas expected to experience high visitor traffic, including locations around World Cup stadiums, airports, and popular tourist zones. The goal was to identify potential exposure risks without attempting to authenticate, intercept communications, or exploit any detected systems, adhering strictly to passive observation techniques.
During the analysis, mobile hotspots from cars and cell phones were filtered out to focus on fixed public access points. The study covered key areas within each city, such as Mexico City's Zócalo and Paseo de la Reforma, Guadalajara's city center and Zapopan, and Monterrey's Fundidora Park and financial district. This targeted approach ensured a representative sample of the wireless environments that attendees might encounter.
Findings revealed that approximately 34% of detected networks retained default SSID naming conventions, suggesting a widespread reliance on manufacturer or ISP defaults. Common ISP-related SSIDs like "Club_Totalplay_WiFi," "izzi WiFi," and "Megacable WiFi" were frequently observed, indicating significant standardization in wireless infrastructure deployment across the cities. Some networks also displayed location-specific identifiers, such as "XXXX-Internet para Todos-CDMX" or "RED JALISCO."
Further analysis identified sequential SSID naming structures, such as "INFINITUMXX" and "IZZI-XX," which point towards automated ISP deployment strategies and large-scale rollouts. While only a small fraction (0.0047%) of networks had invisible SSIDs, the majority actively broadcast their names. The homogeneity in default configurations and naming conventions could potentially facilitate passive infrastructure profiling by threat actors.
Regarding security configurations, the study examined the prevalence of open, insecure, and WPA2/WPA3 secured networks, including those with WPS enabled. While specific statistics on the breakdown of security protocols were not detailed in the provided excerpt, the assessment's focus on identifying "potential exposure risks" implies that insecure configurations were a key area of concern. The presence of default settings and standardized deployments could inadvertently create vulnerabilities if not properly managed.
The research underscores the importance of understanding the wireless landscape in high-traffic areas, especially during major international events like the World Cup. By mapping out the public Wi-Fi environment, Kaspersky aims to provide insights that can help authorities and organizations prepare for potential security threats and ensure a safer experience for visitors.
This proactive assessment highlights a critical aspect of event security that extends beyond physical measures, focusing on the digital infrastructure that millions of users will rely upon. The findings serve as a baseline for understanding the current state of public Wi-Fi security in Mexico's major cities and inform future mitigation strategies.