Monday, May 21, 2012

Public WiFi Connections

I was speaking to a client about the WiFi connection they provide their customers. When you go to their cafe', customers can connect to their WiFi without needing to enter a password. I had to explain that although they were providing a wonderful service to their customers, they were also putting them at risk.

When a computer connects to a WiFi network without requiring the user to enter a password, the traffic between the computer and router is not encrypted. The problem is that there is a program that anyone can install on their laptop called Firesheep (https://github.com/codebutler/firesheep/downloads) which will allow anyone who is connected to that same public WiFi to see other connected users and their login codes in plain text. As of this writing, the Firesheep program has been downloaded over 2.2 million times. That means that there are a lot of people walking around out there with this spying ability.

The fix for this security problem however is extremely simple. When you require the user to enter a password to connect to the WiFi router, the traffic between the user and the router is now encrypted. It doesn't matter that the whole world knows what the password is, the router just needs to have a password. So the solution is to enable password security on the router and let your customers know the password. Once they login with a password, their traffic is encrypted and the Firesheep software is useless.

Keep this issue in mind as a consumer as well. NEVER connect to a public WiFi that doesn't require a password!

Netgear N600 RangeMax Dual Band Wireless-N Gigabit Router - Networking

No comments:

Post a Comment