Friday, October 29, 2010

Twitter, Firesheep and the Unsecured WIFI at Delhi Airport

Yesterday, I had a long wait in the beautiful and comfortable Delhi domestic airport terminal. It was crowded as many fliers like me rued the congestion that delayed several flights. I was surprised at the ratio of laptops per person. A laptop per head almost!

I turned on the laptop WIFI to see what connections were available. There were a few paid and free connections which were either unsecured or secured with WEP. WEP can be broken by a hacker in 10 minutes due to a design weakness in the algorithm, and is therefore considered to be weak from a security point of view. By walking around, I was able to determine that a large number of users were actually working on their web mails. Others may have been working on social networking sites like Twitter and FaceBook to name a few.

None seemed aware or concerned on the possibility of their unsecured connection being snooped on or sidejacked. Sidejacking is a method of hijacking an active connection to a website, on a unsecured network (Wired or WIFI), by another user using a normal FireFox browser with a Firesheep plug in. This enables a malicious user to take over your account, write as you, snoop on your private information, emails and so forth.

For most of us, free WIFI is a wonderful productivity tool and a great way to pass time in cafes or airports. Given this risk, safe use is important. We can use these connections for surfing and connecting to end to end ssl protected websites (you will see the lock symbol on the browser). Logging on the social networking sites or other sites where users have accounts and are not secured with SSL should be avoided in public places over unsecured WIFI.Corporate sites which do not provide SSL to their Internet sites should do so. The other way to ensure security is to use a VPN connection which is an encrypted tunnel to a remote server which then connects to the Internet.

WIFI is inherently unsecure. When used in corporate offices we need to secure the wireless link through strong authentication and encryption such as the WPA standard. Strong encryption depends on the encryption standard and the complexity of the encryption key which is a user/administrator configurable parameter. Without this the WIFI is vulnerable.

I read a shocking statistic which stated that over 60% of WIFI networks at home or in small offices were unsecured or improperly secured. It is a cause of worry.

No comments:

Post a Comment