If you have a wireless notebook, there’s yet another way the bad guys can get past your defenses.
When you connect to a wireless access point, normally you’re in “infrastructure” mode. Network traffic to all the computers using the wireless network passes through a wireless access point. In a public place – an airport or hotel, say – you can reasonably hope the access point has some built-in security to keep each connected computer separated from each other.
Windows computers are also able to connect directly to each other wirelessly in “ad hoc” mode – no access point required. I can imagine sophisticated arguments about what that might enable people to do but here in the real world I’ve never ever seen anyone use that capability.
A computer in ad hoc mode is broadcasting a wireless SSID, a name that other nearby computers can see and connect to. Once the second computer joins the ad hoc network, it also broadcasts that name – and might continue to do that even after it gets to a different location. (Windows is designed to remember those settings by default. It’s a feature, not a bug.)
If one of the computers in the ad hoc network also has an Internet connection, all the connected computers can use that Internet connection to get to the outside world.
Enter the bad guys. You flip open your notebook at the airport and see a wireless network named “Free Public Wi-Fi” or “Free Internet” or “US Airways Free WiFi” or something else tempting; you highlight it and click Connect, and you’re able to get online. Great!
Unknowingly, you have joined an ad hoc network and every bit of data to and from your computer is going through the bad guy’s computer at the next table. Your login names and passwords, your email messages, your online accounts – the bad guy is logging it all, analyzing it, and preparing to clean out your bank accounts and mortgage your house. If you’ve set up your computer for file sharing, he’s rummaging through your files. If your security isn’t up to date, he’s installing software to send spam or let him control your computer at his leisure later.
This isn’t a new problem but a recent study found that 10% of all the wireless users it scanned across all airports were broadcasting at least one of these viral SSIDs, and in some airports, the percentage was much higher. I’ve seen “Free Public Wi-Fi” in downtown Santa Rosa – maybe a bad guy, maybe a laptop user who didn’t know his computer was broadcasting the fake name.
PREVENTION
Don’t connect to ad hoc networks.
In Windows XP, the icon for an ad hoc network is different than a conventional wireless network, and it’s described as a “computer-to-computer network.”
In Windows Vista, the only indication of an ad hoc network is the appearance of the icon!
There are settings in Windows to prevent your computer from suggesting ad hoc networks at all. In Windows XP, advanced wireless network settings include the screen below, which can be set to force connections only to access point networks.
If you’ve done a lot of traveling and used wireless networks freely on the road, you may want to visit your computer’s list of recognized wireless networks and clean out anything unfamiliar – especially a suspicious name like “Free Airport WiFi” or anything else on the list in this article.
There are more details in this article about how this works and steps to take to prevent being a victim.
And here’s a scary story where a traveler learned that it was possible to access anything in any folder on his computer – from two rows away on an airplane.
I’ll tell you more about how your security works and what you need to know, but as always, your best defense is your common sense. Don’t click on anything without thinking long and hard – especially anything free! Be careful out there!
Exactly the information I was looking for! I’ve heard of computers being sabotaged when using open networks. Now I know it is the adhoc networks that are the culprit, notwithstanding that the bad guys might get around security in secure open network. Thank you, Bruce. Great article.