Paid Hotspots: Safety Not Included

While researching this article, I encountered a common misconception among business travelers and coffee enthusiasts— namely, the idea that commercial hotspots that require pay-per-hour or monthly subscription fees (AT&T, Boingo, GoGo, T-Mobile) are more secure than their free counterparts because a payment and a password are involved. In fact, these hotspots are almost always unencrypted, and they employ what is called a “captive Web portal” only to prevent access to the Internet until you enter a payment method (or a subscriber password). Tough this “gateway” Web portal is usually delivered over HTTPS (to protect the credit card in - formation or the password), all the post-authentication traffic on the wireless network is unencrypted. As a result, paying the service’s $10 monthly fee gives you access but not security. In fact, due to the nature of radio frequency transmissions, another person—even someone who isn’t a subscriber to the service—can view any unencrypted traffic you send, just by joining the same wireless network. This means that outsiders can easily observe and capture any regular HTTP Websites you visit, any unencrypted POP3 e-mail you access, and any FTP transfers you make. Talented hackers can even modify their own wireless card to clone the identity of your wireless card, thus obtaining free access through a commercial hotspot by “piggybacking” on your signals.

Source of Information : PC World July 2010


Subscribe to Developer Techno ?
Enter your email address:

Delivered by FeedBurner