Public Wi-Fi networks in three Mexican cities preparing to host matches during the 2026 FIFA World Cup continue to expose users to security risks, according to new research from Kaspersky, a cybersecurity company that operates the Global Research & Analysis Team (GReAT).
The study examined 69,473 unique public Wi-Fi hotspots and 84,588 signal records collected across Mexico City, Guadalajara and Monterrey. Researchers found that 17% of the networks used weak encryption or no encryption at all, creating opportunities for attackers to intercept traffic, monitor user activity, deploy rogue access points and harvest credentials. The percentage of potentially unsafe networks reached 16.5% in Mexico City, 18.5% in Guadalajara and 17.2% in Monterrey.
The analysis comes as Mexico prepares to host part of the 2026 FIFA World Cup, which begins on June 11. With large numbers of international visitors expected to rely on public internet access for navigation, payments, transportation and communication, wireless network security becomes a practical concern for both travelers and local operators.
Researchers also found limited adoption of the WPA3 security standard. Only 2.9% of the analyzed networks used the protocol, which is the most recent generation of Wi-Fi encryption. While many networks were classified as secure because they operated with WPA2 or WPA3 protections, the study identified another issue: the continued exposure of Wi-Fi Protected Setup (WPS), a feature designed to simplify device connections.
Among networks categorized as secure, 45% still exposed WPS capabilities. The figure reached 53.7% in Mexico City, 50.9% in Guadalajara and 47.5% in Monterrey. Because WPS has known security weaknesses, networks that continue to broadcast the feature may remain vulnerable to unauthorized access attempts and attacks targeting the protocol.
According to Kaspersky, users connected to such networks could face risks that include traffic interception, exposure of sensitive information, session hijacking and compromise of devices operating on the same network.
“One of the first things travellers do after turning off airplane mode is look for Internet access. Staying connected is now essential for navigation, transportation, payments, communication and social media. But convenience often comes at the expense of security. Our research found that while 83% of wireless networks in major Mexican cities appear secure, many still expose outdated convenience features despite using modern encryption standards. Travellers should remember that public Wi-Fi networks and the vulnerabilities behind them remain a prime target for cybercriminals, especially during periods of high tourist activity,” said Maria Isabel Manjarrez, security researcher at Kaspersky's Global Research & Analysis Team.
The research focused on areas expected to attract visitors during the tournament, including stadiums, airports, business districts and tourism hubs. In Mexico City, the assessment covered locations such as Mexico City Stadium, Mexico City International Airport, Zócalo, Paseo de la Reforma, Colonia Roma, La Condesa, Polanco and Coyoacán. In Guadalajara, researchers examined networks around Guadalajara Stadium, Guadalajara International Airport, Zapopan, Providencia, Avenida Chapultepec, Colonia Americana, Tlaquepaque and Andares. In Monterrey, the survey included Monterrey Stadium, Monterrey International Airport, Fundidora Park, Cintermex Monterrey, Barrio Antiguo, MacroPlaza and the San Pedro financial district.
The findings highlight how public connectivity infrastructure remains an attractive target during large international events, where concentrated visitor traffic can create opportunities for credential theft and other forms of cybercrime.
