HomeIntelligenceBrief
BREACH BRIEF🟡 Medium ThreatIntel

Wardriving Assessment Reveals Widespread Unsecured Public Wi‑Fi in Mexico’s 2026 World Cup Venues

Kaspersky’s wardriving survey of Mexico City, Monterrey and Guadalajara uncovered thousands of public Wi‑Fi hotspots with default SSIDs, disabled encryption, and enabled WPS. The findings highlight a significant exposure risk for visitors and third‑party vendors during the 2026 FIFA World Cup.

LiveThreat™ Intelligence · 📅 June 02, 2026· 📰 securelist.com
🟡
Severity
Medium
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
4 recommended
📰
Source
securelist.com

Wardriving Assessment Reveals Widespread Unsecured Public Wi‑Fi in Mexico’s 2026 World Cup Venues

What Happened — Kaspersky’s GReAT team performed a passive wardriving survey of public Wi‑Fi hotspots in Mexico City, Monterrey and Guadalajara – the three host cities for the 2026 FIFA World Cup. The study identified thousands of SSIDs, many of which broadcast default router names, lack WPA2/3 encryption, or expose sensitive configuration data via WPS.

Why It Matters for TPRM

  • Unprotected public Wi‑Fi can be leveraged for credential harvesting, malware distribution, or man‑in‑the‑middle attacks against visiting executives and contractors.
  • Third‑party vendors (stadium operators, airport authorities, hospitality providers) may be indirectly responsible for the security posture of the networks they expose to guests.
  • Exposure risk spikes during large events when traffic surges, increasing the attack surface for supply‑chain and credential‑compromise threats.

Who Is Affected — Sports venue operators, airport authorities, municipal Wi‑Fi providers, hospitality chains, and any third‑party service providers that rely on or sponsor public wireless access in the three host cities.

Recommended Actions

  • Conduct a rapid audit of all public Wi‑Fi assets under your contract or oversight.
  • Enforce WPA3 encryption, disable WPS, and change default SSIDs/passwords on all access points.
  • Deploy network segmentation and captive‑portal monitoring to detect anomalous traffic during the tournament.
  • Include Wi‑Fi security clauses in vendor contracts and require proof‑of‑compliance before the event kickoff.

Technical Notes — The assessment used passive sniffing to collect SSID, BSSID, channel, signal strength, and security flags. Over 60 % of observed networks lacked WPA2/3, 22 % advertised WPS, and 15 % used manufacturer‑default SSIDs that reveal device model and firmware version. No active exploitation was performed. Source: SecureList – Wardriving assessment across Mexico: Preparing for the 2026 World Cup

📰 Original Source
https://securelist.com/wardriving-assessment-in-mexico-fifa-world-cup-2026/119996/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →