Networking

Be aware of this wireless Internet access vulnerability

If a public hot spot advertises itself using a specific SSID, a hacker can set up another 802.11 access point using the same SSID. Here are some things to keep in mind concerning wireless Internet access.

Over the past few years, wireless LANs (WLANs) have moved from emerging technology and industry buzzword to a selling point for Starbucks and airports. The availability of low-cost WLAN equipment allows just about anyone to set up a wireless Internet access point.

WLAN access is certainly a viable way to set up a network, especially in cases where wiring isn't practical or desirable. However, don't mistake viability for security.

To believe that a wireless LAN is as secure as a wired LAN is a dangerous assumption. However diligent the Institute of Electrical and Electronics Engineers (IEEE) was in creating the 802.11 protocol suite (the standard specification for WLANs), the name Wired Equivalent Privacy (WEP)—a security protocol that's part of the 802.11 standard—is a misnomer.

Wireless access will just never be the equivalent of wired access. Several published methods and programs exist for breaking WEP. While it certainly takes time and effort to break WEP, if intruders want to get into your wireless network, chances are they'll succeed.

But this time and effort really isn't even necessary. A much more low-tech way to intercept wireless Internet traffic exists, particularly at the numerous public wireless "hot spots" that keep cropping up.

Wireless Internet access is a great way to bring customers into traditional brick-and-mortar establishments, not to mention a proven way for increasing coffee sales. Wireless Internet hot spots, typically found in cafes and public buildings, advertise who's operating the WLAN by using a service set identifier (SSID).

Typical public hot spots advertise themselves using the SSID, which shows up in the list of available wireless Internet networks you can connect to when you're in range. And if you're like the majority of users at public hot spots, you'll click the SSID, connect to the Internet, and think nothing more about it.

But it's this lack of thinking that once again exposes the technical immaturity of most computer users. In addition, it highlights a glaring oversight typical of overzealous deployment of new technologies without proper education.

The SSID for an 802.11 wireless access point isn't a unique identifier. I can take a short drive with my laptop, running a tool like NetStumbler, and find a dozen open 802.11 access points called Linksys any day of the week.

That means if a public hot spot advertises itself using a specific SSID, anyone who's marginally technically savvy and motivated to be malicious can set up another 802.11 access point using the same SSID. If the signal is stronger—and even if it's not—a typical user could easily end up connecting via the wrong wireless access point—if the user even gets to select the access point at all.

Researches who "discovered" this issue have dubbed the rogue hot spot an "evil twin" of the legitimate wireless access point. Once you've connected to an "evil twin" hot spot, your Internet traffic is at the whim of whoever is in control of the rogue hot spot.

But this isn't a new issue; the potential for it has always existed. And it's not just a concern for public hot spots—it applies to any wireless network that advertises the SSID.

How big a problem this is depends on the operating system in use and how easily duped the user is into thinking wireless Internet access is generally secure. For example, on Windows, you can configure wireless access to automatically connect to specific wireless networks when they're in range. Dynamic Host Configuration Protocol (DHCP) doesn't really care which hot spot you connect to; it just sets up the connection and doesn't worry about whether it's to an "evil twin."

Wireless equipment manufacturers have always stressed ease of use over security, and this vulnerability has been present all along. If you thought public wireless hot spots were secure, consider this your wake-up call.

It's important to remember that wireless Internet access isn't as secure as wired access, and it never will be. And that's precisely why I won't use 802.11 wireless Internet access anywhere, least of all at a public hot spot, unless I'm using some method of point-to-point encryption, such as SSL or an IPSec tunnel.

Want more advice for locking down your network? Stay on top of the latest security issues and industry trends by automatically signing up for our free Internet Security Focus newsletter, delivered each Monday!

Editor's Picks

Free Newsletters, In your Inbox