The dangers of public wifi

I recently returned from the UK via a flight through George Bush International Airport (formerly, and to many of us, better, known as Houston Intercontinental Airport, hence the abbreviation IAH). During my wait for my connecting flight, I opened my laptop to see what kind of wifi signals I could find. I found four distinct wifi networks in the international terminal:

I don’t doubt that some entity related to the airport might provide wireless network service to airline passengers. However, I don’t for a minute believe four entities would do so within such a short distance. So rather than just jumping on whichever one will accept a connection (as many might do), let’s take a moment to consider the possibilities.

MiFi2200 F520

A Mifi 2200 is a portable device manufactured and sold by Verizon, a US-based telecommunications company, and used to route multiple wifi devices to the Internet via the Verizon mobile phone network. This would not be a cost-effective way for someone to provide public Internet access.

This could be someone with a personal Verizon router who mistakenly left it switched on while traveling. Just as likely, however, is that it could be someone with a Verizon router who wants to see who will connect to it to surf the web. In this case, the owner of the router would be able to read and/or copy all the traffic that passes through the wireless network. Also, if you weren’t running a good firewall, the owner or any other user on the network might also be able to scan your system and launch attacks through open ports.

I connected to this network and was able to access the Internet, however, I had no way of knowing if it was accidentally left active and the owner was oblivious to my activity or if my traffic was being actively monitored. In the few minutes I was connected, my firewall reported no suspicious connection attempts, so either the owner was not actively scanning people who connected or I was not connected long enough to be noticed.

Boingo Hotspot

Boingo provides wifi “hotspots” (access points) in many airports (including IAH, according to their web site) and charges for their use. I connected to this network but was prevented from accessing the Internet and presented with a sign-up page. Though not free, this appears to be the legitimate public wifi access point in the terminal.

dufry

Dufry is a company that runs duty-free shops in many airports. Because this network is encrypted, it may well be a legitimate wireless network that is not intended for public use. They are actively trying to prevent unauthorized use by securing the network with an encryption key. Anyone trying to spy on your traffic would be trying to encourage unauthorized use, so this network is most likely legitimate, but not available to the traveling public.

Free Public WiFi

“Danger, danger, Will Robinson!!” This is the scary one. This is a computer-to-computer (ad hoc) network, not a typical network configuration. Any real public wifi network will be configured to accept multiple connections, not just one. But a computer-to-computer network is easier for the scammer to configure on his laptop.

When I scanned for networks, I found four, one of which may have been another traveler passing through the airport (Mifi2200). At other times, I might have been presented with only the three options: (a) Boingo, which I would have to pay for, (b) dufry, which I could not access, and (c) Free Public WiFi, that conveniently appears to be just what I want.

My guess is no one in the terminal really offers a free public wifi connection. By posing as a free network, the scammer can lure unsuspecting travelers into connecting to his fake free wifi network and intercept or even alter their traffic to and from the Internet. I can’t say what happens when you connect to this network since I did not, but I’m sure it’s nothing good.

Don’t be fooled into trusting any network when you don’t know who runs it. There are enough dangers on a public wifi network at the local coffee shop when you trust the owner because you still can’t trust the other users who are on the network. But if you can’t even trust the owner of the network itself, you have no security whatsoever.

About these ads