Print
Discuss
Send to friend
RSS feedsHotels now charge an arm and leg for Wifi access or a broadband Ethernet connection. Being mean, I don’t want to pay. And often I don’t have to.
There has been a fair amount of publicity over the way home Wifi networks leak free broadband access and file sharing into the street. Laptop leaks are a newer problem.
If you are staying in a hotel, try scanning for Wifi networks. Often a dozen or more will pop up. The same thing happens in airport lounges, and at train stations.
Some of the networks show up as ‘security-enabled’, sometimes with names like ‘This is Frank’s PC, now sod off’. They are using Wep or WPA encryption and need a shared key before an outsider can connect.
Many others show up as open, advertising themselves as ‘insecure’, and often with the Service Set Identifier (SSID) name still set at the factory default, like ‘Belkin’ or ‘Netgear’.
Some of these insecure networks reject any attempt at unauthorised connection, even though they have no security. They are most likely cellphones with built-in Wifi or leaks from laptops connected by an Ethernet plug.
Others let an unauthorised PC connect for a short while before shutting it off. These are most likely laptops with a software firewall that throws up a warning when an outsider tries to get in.
But plenty of the insecure networks are open. On a trip to Tokyo, I spent a week in a hotel saving $20 a day by leaching free Internet access. I didn’t try to explore anyone else’s files, but I probably could have done. This is happening because it’s so tough to get a home network working.
Making Wifi work is tricky too. Setting up firewalls and sharing takes more skill and patience. Most people are so thrilled when their home network works that the last thing they want to do is add security and risk shutting it down.
So home networks leak free access and when the owner takes a laptop out of the house and connects to a hotspot it leaks from there.
Webroot, Sophos, Sunbelt and Panda have all published surveys which highlight the problem.
The Panda study is the most thorough. Panda people drove round cities in nine countries sniffing for unsecured Wifi. Around six out of 10 networks had no security.
Four out of five in Spain were open wide. It is only a question of time, says Panda, before people are driving round deliberately infecting networks with viruses and worms.
Hiding the SSID, so that no-one can see it, obviously makes intrusion a lot more difficult. But many people will understandably be scared of making their home network invisible, for fear of never finding it themselves.
Says Andy McKewan, Panda’s security consultant: ‘Internet Connection Sharing is a cheap and easy way to get a home network working. When the laptop is away from home and connected to a Wifi service it advertises itself as an access point.
'If there is a good firewall running on the laptop it will warn when someone is trying to connect. But Windows won’t. Anyone with computer knowledge will be able to access files that can be shared on the home network.’
Even if there is a firewall, when it keeps on giving warnings the owner is tempted to click Yes just to stop the pop-ups. So the intruder gets in.
You can also forget all the fancy talk about the comparative strengths of Wep, WPA and WPA2. They are all equal if people don’t switch them on.
As the Wifi industry has done such a rotten job of warning and helping consumers on this, the next step should logically be an official awareness campaign. Unfortunately there’s a Government-created credibility gap to overcome.
In the run-up to the year 2000 the UK Government spent over £20m on scaring the public witless with warnings about the millennium bug.
The campaign team ignored ways to check the real level of threat, for instance with free software to check a PC’s Bios against a look-up list of known problem versions. This kept the campaigners’ jobs secure but meant the public were misled.
As a result the bug became a joke. Wifi is a more serious and real threat. It’s the answer to an identity thief’s prayer. But who will now believe anyone in Government who tries to say so?
del.icio.us
Digg this
reddit!
