Hackers Go Wireless

Looking forward to strolling into your local Starbucks, popping that new wireless-network card into your laptop and surfing the Web while sipping a walnut Narino Supremo?

Still, don’t let your guard down.

Experts warn that you should remain wary when using Wireless Local Area Networks (or WLANs) wherever you are _ at home, in the office, even at those pleasant bistros offering free Internet connections. In fact, last year the lawyers at Starbucks issued a warning to customers when they announced the free Web access.

“These WLANs are not inherently secure,” the company said. “We therefore cannot guarantee the privacy of your data and communications while using this service.”

Simple cover-their-behind-ism? Not hardly.

“The human mind seems limitless in its ability to come up with mischief,” said Ellen Messmer, senior editor for Network World Inc. and a frequent author on security issues. “There is wide and well-founded concern that intruders can gain access here. What we call ‘over-air sniffing’ of data should definitely be a concern to anyone using public-access Internet.”

Dangers are even greater for companies and people who install wireless networks in their homes, inviting what experts call “drive-by hacking,” as illegal users try to crack into often woefully under-protected systems.

There already have been some spectacular abuses even in the earliest days of wireless systems. In 2001, for example, hackers in Spain launched a denial-of-service attack by releasing a worm (a self-replicating computer program) that attacked a wireless message service gateway, overwhelming the system. A Japanese municipal messaging system was disrupted when wireless hackers triggered a flood of meaningless telephone calls to the city’s emergency system.

Several American corporations have complained that drive-by hackers victimized them shortly after installation of their wireless networks.

“Threats against the wireless domain are evolving almost as rapidly as wireless technologies appear on the market,” said Jason Conyard, director of wireless product management for Symantec Corp.

The good news is that the computer industry has been working on the problem for years. Updates to the Windows XP Service Pack 1 (and later versions) and a new security standard called WPA, or Wi-Fi protected access, give consumers tools needed to establish fairly safe wireless networks in their homes and elsewhere.

The bad news is that many manufacturers are shipping wireless-connected laptops with default settings that turn these security measures off. Home computer users, giddy at wireless network routers that cost as little as $39, often rush to installation without serious concerns about security.

Critics have complained that it’s easy for hackers to pick up their laptops and stroll down suburban neighborhood sidewalks, easily locating homes with few or no wireless security measures.

But protection is now easily available, as long as consumers know to install it or, more likely, to simply turn it on through their operating software. If you’re using Microsoft Windows XP, you probably have already received an update to the Service Pack 1 or later versions.

“The industry could be doing a better job of explaining these issues and making it easier to use security,” Messmer said. “But the industry took a very tumultuous path to carve out authentication and encryption of wireless networks. That created a lot of confusions for corporations and consumers.”

(Contact Thomas Hargrove at HargroveT(at)shns.com)