The other day I was reading an excellent article over on CNET about the dangers of AT&T's "free" WiFi. Basically, your iPhone will automatically connect to any WiFi network that claims it is an AT&T network. This means that anyone with a WiFi router and a little free time on their hands can trick your iPhone into joining their network. (Credit for this discovery should be given to Samy Kamkar of the MySpace worm fame, I'd link to his site but he's a prankster and I don't want to risk my reader's machines getting punk'd.)
You can address this issue on the iPhone easily enough by turning off the "auto join" feature in the WiFi settings. However, it should be mentioned that there's nothing preventing someone from creating a rogue hotspot near enough to a Starbucks or other location where legit AT&T connections exist, so the only real protection is to stay off of AT&T's WiFi network until they improve client security on the iPhone.
My intention in this post is not so much to delve into the particulars of this iPhone vulnerability, it's more to use this example as a springboard for discussing home WiFi security...
I am still shocked when I drive around my neighborhood and see the unsecured WiFi networks with the default SSID (network name). I've gone over this before so I won't go into the general details of WiFi security, however the article at CNET brings up another reason that I haven't touched on in the past:
If your home network is set to the default settings, that means that your laptop/phone/etc. will connect to any other network that is set up the same way. Depending on your client's firewall settings, this could potentially expose you to viruses, malware, or even prying eyes of other users on the network.
All of this can be avoided by simply changing the SSID and adding some kind of wireless security to your network. Again, my guide to doing this can be found here.
If you take a little time to set things up right, you save yourself a ton of headaches down the line.
About Me
- Jonathan Watts
- Los Angeles, CA, United States
- I have over 15 years of professional experience in the I.T. field, working with individuals and small to mid-size businesses. I've received a certificate in Project Management from UCLA, and I am a member of PMI. I have expertise in Active Directory, Open Directory, VMWare, Windows, Mac OSX, *nix, Exchange, IIS, Cisco, Forefront TMG, MARS, ACS, CSA, EMC, NetApp, and Websense. I've worked in all aspects of I.T., from end-user support to engineering and design.
Subscribe
Posts
Comments