A TV program which specialises in demonstrating scams and confidence-tricks caught my attention the other day.
Parked in a van outside a house in a leafy suburb, a standard laptop with WiFi and commercially available software was used to scan the airwaves. It picked up four domestic WiFi hotspots, of which only one had any security enabled.
Targetting this and using easily availabile software, the WEP security was quickly cracked, allowing full viewing of web pages being surfed. Whilst those accessed from a secure browser page using HTTPS (such as banking and ecommerce sites) were not visible, most screens could be logged, stored and printed out for future reference.
Pages included full details of a holiday booking (including flight dates and times) and shopping baskets. The user was understandably shocked when these pages were shown to him - especially since he had thought that WiFi security was switched on.
The solution to this for WiFi is to enable the newer and more powerful WPA encryption, and restrict access to individual MAC addresses, but not all WiFi devices have this capability.
When using public WiFi hotspots, security is usually turned off by default (otherwise each customer must be given the secret key and would have to enter it into their computer). Whilst this makes it easy to find and use WiFi, especially if it is a free service, it also exposes the user to risk of interception. Some programs, such as Skype, automatically encrypt their data, and so are not easily hacked. Business users with secureID and VPN tunnels have their own separate security layer.
But as more users become aware of the problem, public WiFi for general use may get a bad name.
One of the key benefits of femtocells is that they adopt the existing 3G cellular security protocols already in place. The end user doesn't have to take any special action or input any key codes or passwords to access the femtocell. Quite apart from the difficulty in accessing and decoding the radio layer (you can't just use a standard WiFi adaptor or its equivalent), the traffic is normally encrypted over the radio channel. The secrets held within the SIM card are used to setup a temporary session, with the subscriber identity (IMSI) being substituted with a T-IMSI. The user's telephone number is not normally transferred over the air - all registration is based on the IMSI - so tracing specific sessions to a user from their telephone number is more difficult.
With the growing popularity of small notebooks and uMPCs such as the Asus eeePC, not to mention smartphones which come with WiFi built in, the security concerns of using public WiFi in this way are not yet fully appreciated. Perhaps once they are more widely known, the switch to mobile broadband data services is more likely - both for use inside and outside the home.
Whilst the competing dual-mode UMA/WiFi solution also encrypts voice and data traffic over the air, many using WiFi as a simple fallback on their laptop remain open to security threats. This is where using the femtocell with a local data offload would provide the dual benefits of secure encryption over the air with fast, direct access to any data devices on the home network or directly through to the internet itself via wired broadband.