With our Internet-enabled cell phones, tablets and laptops, we are used to always being connected. Our coffee shops and bookstores now provide Wi-Fi connectivity, usually for free. But many corporations prefer to limit wireless access, requiring VPN encryption or prohibiting Wi-Fi entirely.
In such situations, it’s possible for tech-savvy users to set up their own Wi-Fi hotspots. They can then use their smartphone, tablet or other device without the “primitive” limitations imposed by corporate policy.
How do they do this? Unfortunately, it’s all too easy. Every home network typically includes a small device functioning as a router, network switch, and wireless gateway. Plug one of these into the corporation’s network, and presto! An unsecured wireless network appears. This wireless network offers access to the internet, and as a free bonus, corporate servers and other network resources. The 2013 Solutionary Global Threat Intelligence Report contains an interesting case study that demonstrates why this is a really bad idea.
At my previous company, an employee had connected a home router/gateway/WAP (wireless access point) to the corporate network so he could use his wireless laptop. We discovered it when we realized that any computer booting up on the network had only a 50-50 chance of connecting properly, because his router was also functioning as a DHCP server and interfering with the corporate DHCP server. A computer trying to add itself to the network may, or may not, get a valid IP address.
Good news: he was savvy enough to enable wireless security on his device. Bad news: if he had also disabled the DHCP function, he might have been able to use it for years. During that time, someone might have compromised his password or cracked the wireless security scheme he’d used.
Scanning for Rogues
There are several ways to check for these rogue Wi-Fi access points. A WIPS (wireless intrusion prevention system) is purpose-built for this type of scanning, but can be expensive. A quick alternative is to use your Wi-Fi device and look for any wireless network SSIDs which you don’t recognize. For more thorough scanning, install a wireless network analyzer tool such as inSSIDer or Wireshark. As with other vulnerability scanning, this process needs to be repeated on a regular basis.
Some home users have used these scanning techniques, or casually observed their laptop’s “available networks” list, and were surprised to notice an extra wireless network with a very strong signal. Where would this be coming from?
Public Wi-Fi Meets the Home
At least one major Internet carrier is deploying a “neighborhood hotspot” initiative. The plan is simple: since this carrier already provides wireless gateway/router devices to their customers, why not use those same devices to also provide public Wi-Fi access? It’s a SMOP (Simple Matter Of Programming) to add this feature to the router’s firmware. The router broadcasts a second Wi-Fi SSID, which is available for connection by any authorized user (typically, the same carrier’s other customers).
Given that a large Internet carrier will have thousands (or hundreds of thousands) of these devices in place, the resulting signals could blanket a densely populated area and provide widespread Wi-Fi access. What a great idea! So what’s the catch?
First of all, Starbuck’s knows that they offer free Wi-Fi. ‘Joe Consumer’ doesn’t. He may be surprised that his carrier-provided wireless router is broadcasting a signal for the use of anyone passing by. He might be miffed that he’s paying rent on, and providing shelf space and AC power for, this public-access device.
He may be concerned about security. Can the public see his private network? How sure can he be? Will the router be hacked? It’s happened before.
He may also be concerned about bandwidth. Even if the device is provisioned so that public utilization doesn’t affect his throughput, there is still only a certain amount of radio spectrum available. The public transmissions can’t help but cause some amount of interference, just as other nearby networks (or microwave ovens) can cause interference.
And what about content? Is he responsible if someone downloads illegal materials through his router, or sets up a P2P network sharing copies of the latest Harry Connick, Jr. CD? In this situation, he faces many of the same issues as the corporate network with a rogue access point.
The solution, in both cases, is to shut it down. If you discover that your carrier-provided gateway is broadcasting a second SSID, you can contact them and request to be opted-out of their neighborhood hotspot program. Otherwise one day, although you carefully deployed WPA2-AES with 256-bit encryption on your network, you may wonder why someone is parked outside using a laptop.
Don’t worry! He just stopped by to borrow a cup of Internet.