Open Wireless Networks – Good for Vacationers, Bad for Your Security
Over the last several days, I have been traveling the eastern portion of the United States on vacation with 3 of my good friends. Along the way, I like to check my email and do random touchups on projects I have in progress. The one problem with this is that of all the friend’s relatives I have stayed with (totaling 5 so far), only one has had a wireless network that I could access.
So, how do I get on and check my email? I borrow a neighbor’s network. Of all 5 homes, I have been able to access an open wireless connection from 4 of their neighbors. While this is good for me, the average vacationer needing to check his email, it is a really bad sign for the security world.
It would be all too easy for me to drive up to one of the neighbor’s houses or just sit in the relative’s house (as I am currently doing) and “borrow” the network for illegal purposes. I could download all sorts of illegal material, pirate files, or even sniff the wireless traffic for unencrypted data. The FBI could swarm in on these houses for things I did on them, and the user would be completely clueless.
Sadly, of most of the networks I have borrowed to check my email, many of them were set on their default settings with default usernames and passwords. If you are going to use an unencrypted network, at least change the router password!
It still amazes me that of all the easy to implement wireless security standards (WPA2 anyone?) the users do not even take the time to use them.
The moral of the story: change your router passwords and encrypt your wireless networks to prevent huge problems from unfriendly vacationers.
This also applies to small businesses. Note that open wireless networks violates PCI DSS (if you handle credit cards) and if not, is still terrible practice. Ask TJMaxx how it worked out for them.
Posted in Security | 2 Comments
June 25th, 2009 at 1:45 pm
I’m really sick of this fearmongering. Every few weeks the news publishes another sensationalist story about the horrors of open Wi-Fi.
With nonsense like this, it’s no wonder people are getting arrested for checking their mail on public Wi-Fi networks, counties are passing laws that make it ILLEGAL to operate a Wi-Fi network without encryption, etc. etc. It’s absurd.
http://www.techdirt.com/articles/20060512/1845239.shtml
Unencrypted public Wi-Fi is a great thing, and we should be encouraging users to share their connections and fighting against the stupid laws idiots make to “protect” us.
Learn how to do it safely; don’t just lock up your network in fear and force travelers to buy access through their cell phones or for-pay APs. Change the default password, set up a virtual SSID with restricted abilities and bandwidth, but don’t just close up everything out of paranoia. I have no problem sharing my connection with neighbors and travelers. Why should they have to pay to check their email?
You obviously think it’s beneficial for there to be free open Wi-Fi nodes for you to check your email with. Imagine how inconvenient it would be if everyone followed your own advice.
http://news.cnet.com/2100-1029_3-6088741.html?part=rss&tag=6088741&subj=news
http://www.addict3d.org/news/47783/Washington%20Post%20Latest%20To%20Join%20Open%20WiFi%20Fear%20Mongering%20Crusade
http://en.wikipedia.org/wiki/Wireless_community_network
June 25th, 2009 at 2:15 pm
It is convenient – sure – and yes, I did benefit from it.
The problem with your theory is that you would like people to learn to leave it open securely. I have no problem with that if they *secure* it. But that wasn’t the problem with these networks – they were wide open. No security. And in some cases, default settings, default password.
It is not fearmongering – in either case, people need to learn how to do it securely. Open networks are a security risk to the internet as well as a crime risk.