Wi-Fi availability spreads, but just how safe is it?
While I am in job hunting mode, I find myself taking breaks from reading through the many verbose job postings on Indeed, Zip Recruiter, Monster, etc. to do a little file housekeeping. I found this OP-ED piece I wrote for the weekly newspaper, Inside Business*. Although it was written some years back, I found that it still stands up in terms of technology in the office.
Even the hacking software mentioned is still available. Without researching it I would bet a steak dinner that far more advanced hacking software programs are also widely available and free. Here is a cautionary tale for your workplace from 2005. Enjoy and comment.
Wi-Fi availability spreads, but just how safe is it?
Inside Business 11/7/2005
Tom Anthony
Imagine sitting in Starbucks. You open your laptop, no other computers are in sight, and you type in your T Mobile user name and password to cruise the Internet. What you don’t know until the bill arrives is that someone with a program named AirSnarf was sitting in the parking lot, recorded your passwords and has been using billable minutes like crazy. The AirSnarf program is a free download on a Web site which sells Wi-Fi security software.
Even creepier are programs that display, in real time, images passing through the network. So let’s say you hop on your hotel room Internet connection and load up the program. What you will see are all the pictures being viewed by all the other hotel guests. In a public hot spot like an airport or coffee shop, users see what the person next to them is looking at. Again, real programs widely available for free. It gets worse. Let’s visit your office building.
Time and again when our field engineers are on site in commercial buildings, to do routine network maintenance for our customers, they see more than one Wi-Fi network. Usually it’s the office next door or upstairs. Now let’s imagine that one of the college interns at the office upstairs downloads AirSnort or AirCrack. These real programs available for free download are used to crack wireless networks. They are passive, which means even if you know a little bit about computer networks, you would not know they are there. These programs patiently pick off packets of information that come through the air. Given enough time the program will get enough packets to crack a wireless network. For an average low-use hotspot, it might take a week, perhaps a lot less for an office network with a lot of traffic.
Let’s not kid ourselves; to some degree and especially if it does not “hurt anyone” human nature makes us willing to take advantage of our neighbors. At my mother-in-law’s condo of three neighbors who are close enough for my laptop to automatically pick up a Wi-Fi network, only one has any level of security. So whether or not she uses the free Internet connection, and as far as I know she does not, most of the 10 neighbors on that side of the building do have access to an Internet free for all. It does not seem like a stretch that at least one of them gets a free ride. How different is that from the mindset necessary to “snort” or “crack” Wi-Fi networks at the office? To me it’s obvious that it is a matter of when and not if people will attempt to take advantage of your Wi-Fi connection at home, at work, or even at lunch.
You might be thinking you are safe by using the security feature caned WEP, which is built into most Wi-Fi access points. If you have ever installed the software that comes with a Wi-Fi router or access point, you would have been asked to put in a name for your wireless network and a password. Securing your network this way uses WEP, and it is far from safe and sound. A new method called Wi-Fi Protected Access or WPA has been widely adopted, and it is much better than WEP. The problem is that the average user has no idea what WPA is or how to install it.
Based on feedback from our customers, I think most users have a false sense of security when it comes to their home or office network. Our field engineers visit commercial buildings every work day and routinely find dangerous security breaches. It takes ongoing training to keep up with the technology, yet most business owners leave two business-critical situations unchecked. They are network security, especially Wi-Fi installations, and off-site data back-up.
So, as a business owner, I would implore you to get a technology “gut check”. on your own system. Call any qualified vendor but call someone. It is likely you are at risk; it is likely that there is a practical solution. And by the way, who is that young man in your parking lot sitting in his car with a laptop?
* Inside Business is a weekly newspaper serving Norfolk, Virginia, and the Hampton Roads area. Its articles focus on the regional business community. Inside Business was formerly known as the Hampton Roads Business Journal, and is published by Pilot Targeted Media, a division of The Virginian-Pilot.