WiFi Security on the Radio

You've probably seen the film "The Truman Show".  It's about a chap who is is unknowingly the centre of a reality TV show. His life is being continuously filmed for a worldwide audience. Everything around him is choreographed so that the viewers can see his reaction to events. There's a memorable sequence in the film where Truman is heading out to work and all the traffic around him is planned like a military operation.

I was reminded of the film this morning when I was trying to drive into the middle of Hull to take part in a radio item about WiFi security. Everything, and I mean everything, seemed to be happening in a manner calculated to make me late. I had a mental vision of someone in a control room speaking into a headset and saying  "OK, he's had the slow running train and the reversing bus, now lets set up the trick cyclist and red light sequence......".

I was a bit late, but they managed to shuffle things around and we had what I thought was a good chat. It was in response to a piece in the news about a seven year old girl who had learned how to hack into an unsecured public WiFi system in around 11 minutes. You can read a good description of it here.

The story had been set up by a WiFi security company (who would have guessed). The girl wasn't actually a hacker in the proper sense, more someone who could find a video on YouTube and then copy the instructions in it. Actually I feel rather sorry for her, in that she now has "how to hack wifi" in her Google search record for the rest of her life. Oh well.

But the story did hold important lessons on security. The most important one is probably that folks need to be aware of the dangers that using free "open" wifi brings. By "open" I mean the kind of connection you don't need a username or password to access. When you use these your phone, PC or tablet will frequently give you a warning, and with good cause.

The open nature of these connections means two things. Firstly it means that the data exchanged between the network and your PC is not encrypted, so anyone can see what you are doing. Secondly it means that it is child's play - literally - to make a computer pretend to be the WiFi connection and perform a "man in the middle" attack, reading the contents of each of your messages before passing them onto the network.

So, using an open WiFi connection must be regarded as fraught with risk. If you have to use a a username and password to connect things are probably OK. Lots of hotels have a little printer on reception that prints out a set of credentials that you can use for a limited time. These are probably OK. But places where you can just find the site and then connect must be regarded as rather dodgy.

If you really must use an open site (and we've all done it - including myself who has been known to install Windows Phone firmware upgrades in Starbucks the world over) then here are a few tips:

  • Only visit  web sites that have https (and the little padlock in the address bar) while you are online. These encrypt the conversation between your computer and the server so that any eavesdropper will get an earful of meaningless chatter.
  • You can use your banking applications quite safely, as these will encrypt the data sent to and form the bank.
  • If you really, really, must log in to use sites that are not https secure, use usernames and password pairs that are unique to that site. One nasty trick that hackers have up their sleeves is to take credentials that you use in one place and then try them on lots of other ones. If possible you should really have different passwords on every site you visit to stop this from happening.
  • Once you have finished, check your device to see if it has remembered the connection. Lots of phones and tablets keep a handy list of sites so that they can reuse connections if they see them again. This means your phone might try to remake the insecure connection again without you knowing. I'd advise you to delete the connection from the list to stop this from happening.

Networked devices are massively useful and we have built large chunks of our lives around them. But you also need to remember that some of this wonderful technology was not really built for the nasty world that it is being used in and make sure that you limit exposure to these horrid tricks.