Lack of Wireless Security Still a Problem for Both Providers and Users

Ralph DeFrangesco

I am on vacation this week, taking in the sun and the sand on a very nice beach along the east coast. Of course, one of the first things I did when I arrived was to check out the connectivity to the Internet. What can I say, even on vacation I am a geek. I am staying in a condo that does not have Internet service, so I fired off my laptop, searched for all of the wireless networks in the area, and sure enough, found many to choose from.

 

Seeing all of the secured networks, I was curious to see how secure they really were. I always have to laugh when I see an SSID out there that says, "Linksys." I clicked on one and a box asking for a pass-phrase popped up. I typed "admin," and I was connected to the network. It was that easy.

 

I saw many hotels in the area running secured networks, as well. I clicked to connect to one, and another box asking for a pass-phrase popped up. The default didn't work this time so I got creative and typed in the name of the hotel. Sure enough, I connected to the hotel's network.

 

Since I work in security, and I am no longer on the dark side, I didn't want to wander too far into the hotel's network. My technical curiosity really wanted to see what I could get into, but I feel a technical and social responsibility not to exploit their site. If I have time at the end of the week, I might wander over to the hotel and try to find their security people and have a talk.

 

So now that I can surf unrestricted off of the hotel's network, I have to ask, is it by design, for the hotel guests, or just poor security practices? Either way, the net effect is the same. I can go anywhere I want using the IP address of the hotel. I can open a bogus e-mail account and spam my friends; I can visit any site I want. I can drop to a system prompt and launch a virus. Okay, it would take a bit more work to launch a virus, and remember, I am on vacation. And of course, since I am on the network, I am open to attack, as well.


 

I can understand a hotel wanting to make Internet access available to its guests, most of whom probably expect it as a matter of course. However, we need to look at the security repercussions of an open network and not using wireless technology securely. Letting anyone enter a network to surf unrestricted is a security nightmare just waiting to happen -- for both the provider and the users. And IT departments don't have to worry that they're repeating themselves too much when they advise users of the dangers of Wi-Fi. Even some of the most careful users can still be vulnerable, as this recent story about a flaw found by Radware security researchers shows.

 

I am now exploring a pay option; I really don't want someone smarter than me hacking into my system -- the way I am hacking into someone else's system.


Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.