Wireless Security

An article online at the Denver Post reports that a local TV channel demonstrated the lack of security in wireless neworking by showing that they could gather personal information from a traveller at Denver’s airport when it was sent unencrypted over a wireless link at an airport hot-spot.

Clearly some sensationalised reporting since it would be silly for the traveller whose information they sniffed from the air to be sending such personal information unencrypted anywhere over the internet, wireless or not.

That said, at least for hot-spots that require a username & password before you can connect (such as the T-Mobile ones in many airports and coffee shops) there is a good solution: WPA with 802.1X authentication. Both are built into Windows XP and MacOS 10.3, and can be added to Linux easily (see http://hostap.epitest.fi/). This will allow for authentication, and perhaps more importantly, encryption. When WPA2 becomes available that will further enhance the security of the connection to the access point.

Of course, that only encrypts the connection to the local access point. Once there, it is back in plain text for the rest of its journey unless some other form of encryption is in use (VPN, SSL etc).

Web email portals, such as Yahoo! Mail could help here by providing SSL access to their email portals. Yahoo does at least offer secure login to protect your username & password from sniffers (though why it is not the default puzzles me). Adding fully secure access would seem like a sensible next step. Banks and other financial institutions, as well as the checkout pages of most online stores already use this technology so it is not something that is new or unknown by end users. Longer term it would be nice to see all IP traffic being secured (in addition to the planned improvements to the security on the wireless link).

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.