The unvarnished truth about unsecured Wi-Fi - Security - News

Chances are you don't leave your front door unlocked. And you shouldn't leave your Wi-Fi network unsecured either.

Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here's why. With a US$50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected.

Someone could also join the network and launch attacks on your computer and any other devices using the network at that time. If file sharing has been left on or the personal firewall is misconfigured it's relatively easy to access the computer via an open Wi-Fi network. Someone could upload an executable program to a file on your hard drive that steals data or just leaves a back door for future access. And if you are using the network to connect to a corporate network through a VPN (virtual private network) an attacker can get into the corporate system too.

"The most dangerous thing is a direct attack," Don Bailey, a security consultant at iSec Partners who is also an expert on telecommunications snooping, told CNET. "The threat is not only that your traffic can be sniffed, but that an attacker can get access to all your data and connections on your computer, even those supposedly secured by SSL (Secure Sockets Layer) and TLS (Transport Layer Security) encryption."

Unsecured Wi-Fi networks can be attractive for scammers to launch spam and virus attacks because the attack would be tracked back to the Wi-Fi network but not to the computer of the criminal who exploited the open network.

"Someone could be using your wireless network, whether it's a neighbor or a customer, and you are taking on the liability of that person's action," Bailey said. "If they do something illegal, like break into computers, those actions are going to come back to your hot spot and the federal authorities are going to hassle you."

Even though many Wi-Fi routers come with WPA (Wi-Fi Protected Access) enabled by default, a lot of people don't want to be bothered with setting up a password, despite the fact that you don't have to type it in every time you log on. The Wigle.net (Wireless Geographic Logging Engine) site shows that of 26.8 million Wi-Fi networks logged by volunteers who were "war driving"--driving around in cars and using laptops or PDAs to find wireless networks--49 percent were listed as secured with encryption and nearly 28 percent were shown to be not using encryption. (On the remaining 23 percent the security level was unknown.)

There is also an interactive map on Wigle.net where you can zoom in to see individual Wi-Fi networks and even the SSID (Service Set Identifier) numbers associated with individual wireless local area networks.

Not only should you not host an unsecured wireless network, but you should definitely be extra careful when using other people's open networks.

There is no good way to tell whether a hot spot is legitimate, like a Starbucks Wi-Fi network, or if it was set up by someone for malicious purposes. Even if you are on what appears to be a Starbucks network, there could be someone on the network who is spying on other users.

There are also instances of inadvertent fake hot spots. Some older Windows machines running XP create ad hoc networks called "Free Public WiFi," which do not connect you to the Internet but to the computer broadcasting that service. The hole that enables this has been patched, but affected computers that haven't had an operating system update are still vulnerable.

Whether you choose to trust hot spots, configure your device--laptop and smartphone--to connect to open Wi-Fi networks only with your approval and not automatically. Wi-Fi-enabled devices may automatically open themselves to sharing and connecting with other devices, so be sure to turn file sharing off when using Wi-Fi.

"The best thing to do is to stay off hot spots all together," Bailey said. "If you are going to use them, make sure you have a firewall and VPN technology."

This article was first posted as a blog post on CNET News.

Comments