The popularity of public Wi-Fi
hotspots are growing tremendously and it is evident from the fact that Wi-Fi
hotspots are being embraced aggressively for various reasons, such as customer
acquisition for a business by offering Free Wi-Fi service, to promote some
service over public Wi-Fi network, to offload cellular traffic, or to provide
netizens access to the Internet at public places. Google
partnership with Ozone for providing free internet access for Google+ users in
India is one example of how businesses are using public Wi-Fi to promote
their services. Similarly, Malaysia
has introduced a law making it mandatory for eateries to provide Wi-Fi service
to their patrons.
Unfortunately, what is being
ignored in this popularity is that insecure Wi-Fi hotspots can pose serious
security threats to their wireless users. Majority of today’s public Wi-Fi
hotspots installed at Hotels, Cafes, and Restaurants, Airports and other public
places do not provide robust security to the user Wi-Fi connection, and hence hotspots
users are vulnerable to various security risks. Due to thesecurity
vulnerabilities, public Wi-Fi hotspots have become new haven for wireless
hackers, and therefore the hotspots are being increasingly termed as Hackspots.
In this blog, we will see types of Wi-Fi hotspot setups mushrooming in public
places and why they are being termed as next generation Hackspots.
Most of Wi-Fi hotspot deployments
can be categorized into two:-
1. Open Configured Wi-Fi Hotspots
In this type of Wi-Fi hotspot service, any user with
Wi-Fi enabled device can connect to the wireless network. Once connected, the
user gets redirected to a web page, also called as login/captive portal, for
carrying out user authentication with the service provider. At times in fee
based Wi-Fi service, wireless users have option to buy
data bandwidth from the same login portal.
data bandwidth from the same login portal.
In this type of Wi-Fi hotspots, user’s private data travel
unencrypted and hence can be snooped easily. Wireless users have to rely on
third party software which can encrypt data before transmitting them in the
air.
2. Password Protected Wi-Fi Hotspots
A lot of WISPs provide security enabled Wi-Fi service.
In this type of Wi-Fi network, same common password or key is shared among its
users. Wireless users have to use that key to make connection with the Wi-Fi
hotspot service. After connecting to Wi-Fi hotspot, users may be redirected to
captive portal for an additional user authentication, or for the purchase of Internet
usage.
In this type of Wi-Fi hotspots, though user’s private data
travel encrypted, yet they can be decoded easily as wireless key or password is
shared among wireless users.
A lot of wireless users have
misconception that they can use SSL secured websites in public Wi-Fi hotspots
e.g. accessing Google+ social network from any of free public Wi-Fi hotspots
allowing their users to access Google+ freely. They are unaware of wide array
of security problems that exist in public Wi-Fi hotspot and how SSL secured
website can be tricked to steal user’s private data. A more details explanation
is available here.
Even use of VPN does not provide
full protection. Unfortunately, in a Wi-Fi hotspot where users have free access
to a limited set of websites, it is impossible to use VPN for data privacy.
Wireless users unaware of the limitation of VPN service can find more details here.
Conclusion
In the absence of robust and simplified Wi-Fi security measures, today’s Wi-Fi hotspots have
turned into Hackspots, as hotspot user’s confidential data such as bank account
details, credit card number, private emails, instant messages can be sniffed
out from these Wi-Fi hotspots. Awareness about security threats of wireless
hotspots is also increasing causing lot of users to be hesitant in using the
services of Wi-Fi hotspots. The lack
of security requires immediate action from WISPs for provisioning robust and
simplified security measures for their hotspots, so as to restore the faith of
hotspot users by protecting them from hackers. Interestingly, new standard for
Wi-Fi hotspots, called Hotspot 2.0, has an option for secure Wi-Fi service. Unfortunately,
Hotspot 2.0 is a newly introduced standard by Wi-Fi alliance and hence its
adoption will take whole lot of ime as this requires millions of already
deployed wireless hotspots as well as wireless client device to be upgraded to
Hotspot 2.0.
Airegis unique and innovative solution helps WISPs uniquely
position themselves in the market by offering secure wireless service and
thereby helping wireless users use public Wi-Fi networks for all private data
communication without requiring any software upgrade on wireless client device
and without subscribing any third party solution for security. Moreover, it is
fully compliant with today’s most robust security configurations for wireless
networks. Hence any Wi-Fi client device certified by Wi-Fi alliance can avail
the benefits of secure public Wi-Fi networks powered by Airegis.
No comments:
Post a Comment