WiFi Security: New Users May Be Less Aware

Free wireless computer networks are becoming widely available
Free wireless computer networks are becoming widely available

RISMEDIA, September 7, 2006?(MCT)?Gordon Hamachi, a software developer who lives in Mountain View, Calif., just started using the new free wireless computer network that Google has launched to cover the entire city.

Hamachi, 51, said he is concerned about security when he uses the free network because he knows there is a chance intruders could access unprotected data on a public network. But he is more worried about people like his neighbors, who are not computer savvy.

“There are wireless risks and there are Internet risks,” Hamachi said. “I’ll have to train them about being safe on the Internet. It’s the equivalent of don’t talk to strangers if you are a kid.”

Free wireless computer networks are becoming widely available in Silicon Valley. That means a host of newbies are joining the wild world of wireless computing. But it is a world fraught with more risk than wired computing, and many new users may not be aware of the potential for others to steal sensitive data. Nor are they taking precautions to secure their computers.

“A healthy dose of paranoia is helpful,” said Sherman Hall, a task force agent with the Atherton Police Department, and a former information technology manager. “Assume others are monitoring your traffic.”

Soon Silicon Valley and the Bay Area will be blanketed with wireless networks, some of them overlapping:

Last month, Google introduced its free Google WiFi service to Mountain View, giving residents and employees free access to the Internet throughout the city that is home to the Googleplex.

Sometime next year, another, even larger free wireless network sponsored by the nonprofit Joint Venture: Silicon Valley Network, should be up and running. Wireless Silicon Valley will span 36 towns and cities, from Santa Cruz to Millbrae.

San Francisco is working with Google and Earthlink on a citywide wireless network, and San Jose has had free WiFi in certain areas of downtown for two years.

There are dangers. In an extreme example, two of three cybercriminals were sentenced to prison in 2004 for stealing customer credit card data, which they accessed from an unsecured wireless network belonging to the Lowe’s hardware store chain in the Detroit area.

While the Lowe’s case is a rare one, it shows the vulnerability of wireless networks. Industry executives and security experts said the growing number of new users of WiFi networks need to be aware of the potential for problems and protect themselves online – even more so on free networks provided by a city or another entity.

When consumers use a wireless connection, they are literally sending and receiving data via the air waves, just like cell phones, TVs and radios. The data goes from a wireless access card in your computer, which translates the data into radio signals, and is then received by an access point. A wireless router in the access point then translates the data back into its original digital form and sends it to the Internet. So unless your data is scrambled or encrypted, it can be preyed upon by intruders as it is sent from your computer to the access point, and then over the Internet.

“When it’s on its way, anyone can eavesdrop on that data,” said Stu Elefant, a senior product manager for new initiatives at McAfee, the security software company in Santa Clara.

Typically, employees access their company’s wireless network through a virtual private network, which scrambles the data and acts as a tunnel to secure the communication. Home networks, too, offer encryption options, but many home users don’t bother to turn them on, or they want to share their Internet access with others.

Break-ins can occur in a variety of ways. Intruders can sniff out unprotected data as it crosses the airwaves, or they can access files on a computer connected to an unsecure network. This is typically done by piggybacking onto someone’s network. Piggybacking, while seemingly harmless, happens when a neighbor uses the wireless network of another neighbor, often done because it’s free and easy rather than because anyone’s trying to pry or steal data.

Earlier this year, however, a man in Illinois was charged and fined $250 for remotely accessing another computer network without the owner’s approval. Intruders can come into an open network and access files or data if the network or the computer are unprotected.

According to a study last year by the National Cyber Security Alliance, a group of security software and networking companies, nearly half of home wireless users failed to encrypt their connections.

But consumers can take a few steps to protect both their computer and their data when roving into free WiFi networks.

Google, for example, offers customers its own virtual private network, or VPN, software for free download. Chris Sacca, head of special initiatives at Google, said VPNs are the most secure option. The most common wireless encryption standard, Wired Equivalent Privacy, has been broken into.

“Those traditional methods are not secure, they can be hacked,” Sacca said. “Rather than lead people down a path of false sense of security … we can offer the highest protection available.”

Google also recommends other VPN options such as JiWire, which charges $24.95 a year for its HotSpot Helper. JiWire and others includes tech support, not available from Google, an option non-techie users may want to consider if they plan to go the VPN route.

Other security measures include installing personal firewall software on a PC or laptop, available from virus software companies like McAfee and Symantec, and anti-virus software, to detect intruders on a network.

One easy solution for consumers who may have a hard time dealing with VPN software is to practice safe behavior while on a public Internet connection by not sending e-mail with passwords or account numbers. Anyone who wants to do banking or buy something online should do so only at Web sites protected by a secure socket layer (SSL). This means the communication with that particular Web site is encrypted. A Web site is an SSL site if there is an icon representing a padlock in the lower right hand corner of the browser. There is also a notice that the browser is going to a secure Web connection.

“If you are connecting through SSL, you are reasonably safe,” said Brian Hernacki, an architect at Symantec’s research labs in Cupertino.

Hernacki was returning from New York, where he talked with many users, including one woman who had thought that, because she downloaded the security feature offered in one WiFi network, it was automatically in use. She didn’t know she had to install the software after downloading it.

“It’s educational to get outside Silicon Valley,” he said. “People have a different understanding of security.”

Distributed by McClatchy-Tribune Information Services.