Threat Level offers some safety tips for laptop users accessing public hotspots:
“The most dangerous places to connect are airports, hotels, convention centers,” say Richard Rushing, Chief Security Officer for AirDefense, which does wireless security. “And most people use credit cards there.”
Oops. I am hooking up to the San Diego Convention Center’s wireless and paying for with a credit card as he says this. Apparently lots of other people are too because a snicker rings through the workshop here at ToorCon9.
By their nature, WiFi hotspots are insecure, he says, though they can be made more secure by using client isolation, which makes it harder to slide up and down the communications links from the server to the client and web.
“Client isolation should be turned on but we can still spoof the address or take the address backwards,” he says, noting that Macs are easily spoofed.
“Hot spots are really set up for the bad guys,” he says.
When Rushing looked at hotspot users, he found 30 percent have no firewalls and 3 percent have active malware they’re inadvertantly introducing to the servers.
This is probably an issue I should have mentioned in my Times piece. It’s true that the risks of sharing your wireless connection are not zero: it does make it the possible for other users on the network to scan your machine for vulnerabilities. However, the tips about public hotspots helps to put that risk in perspective; your laptop is far more likely to encounter someone malicious in an an airport or coffee shop, which is teeming with strangers, than in your home. So if you’re worried about the security risks of sharing your home wireless connection, you should be a lot more reticent about using public access points. The nature of the security risks involved are identical, and the number of potential adversaries is much higher on a public hotspot.