Open Wireless Networks – Good for Vacationers, Bad for Your Security

Over the last several days, I have been traveling the eastern portion of the United States on vacation with 3 of my good friends. Along the way, I like to check my email and do random touchups on projects I have in progress. The one problem with this is that of all the friend’s relatives I have stayed with (totaling 5 so far), only one has had a wireless network that I could access.

So, how do I get on and check my email? I borrow a neighbor’s network. Of all 5 homes, I have been able to access an open wireless connection from 4 of their neighbors. While this is good for me, the average vacationer needing to check his email, it is a really bad sign for the security world.

It would be all too easy for me to drive up to one of the neighbor’s houses or just sit in the relative’s house (as I am currently doing) and “borrow” the network for illegal purposes. I could download all sorts of illegal material, pirate files, or even sniff the wireless traffic for unencrypted data. The FBI could swarm in on these houses for things I did on them, and the user would be completely clueless.

Sadly, of most of the networks I have borrowed to check my email, many of them were set on their default settings with default usernames and passwords. If you are going to use an unencrypted network, at least change the router password!

It still amazes me that of all the easy to implement wireless security standards (WPA2 anyone?) the users do not even take the time to use them.

The moral of the story: change your router passwords and encrypt your wireless networks to prevent huge problems from unfriendly vacationers.

This also applies to small businesses.  Note that open wireless networks violates PCI DSS (if you handle credit cards) and if not, is still terrible practice.  Ask TJMaxx how it worked out for them.