Saturday, April 28, 2007

Are you ready to open your life to the world with Wi-Fi?

No one in the evening crowd at a Starbucks here knew Humphrey Cheung. But Cheung, working on his laptop, knew things about them.

Several tables away was a guy sitting alone with his own laptop.

“He's starting a business,” Cheung said.
And the young couple in the far corner?

“They're getting married,” he confided.

Cheung isn't psychic. He had hacked into the coffee shop's wireless Internet connection on his Toshiba laptop. It took about five minutes to do so, using free software available online.

Public Wi-Fi, or “wireless fidelity,” is very handy for perusing the Internet away from the office or home. Just remember that you may have company while surfing.

Once hooked into the system, Cheung was able to monitor the online activity of other laptops in the shop. Luckily for the people around him, he wasn't snooping for any reason except to make a point: As wireless hot spots proliferate, the tools for secretly monitoring these Internet connections are becoming more sophisticated.

“When people are on a public wireless connection, they have the same expectations about privacy as when they are on the Internet at home,” said Cheung, 32, a computer security expert and an editor for TG Daily, a technology news Web site.

“But it doesn't work that way. Someone could be listening in.”

Cheung was using a “sniffer” program that intercepted online signals as they flew back and forth from the laptops to a wireless modem hidden somewhere amid the coffee paraphernalia.

Mostly, the monitoring was limited to tracking the Web sites being visited. Numbers correlating to Web addresses flew across Cheung's computer screen, allowing him to see that the couple was viewing pages at a wedding-planning site.

The man a few tables away started with sites selling high-speed broadband service, then went to a page about managing Web sites. Like a mystery yarn, the clues kept coming in.

“You start to get a story about someone,” Cheung said.

The company that provides Wi-Fi signals at Starbucks is T-Mobile USA Inc. It manages about 7,600 HotSpots nationwide, including in coffee shops, hotels and airports.

On its Web site, the company warns that communications in HotSpots “may be subject to unauthorized interception and are not inherently secure.”

But good luck in finding that security warning. The link to it is in small print at the bottom of T-Mobile's HotSpot Web page, grouped with 18 other links to various company Web pages.

T-Mobile offers a free software program, Connection Manager, to improve browsing security, said Mike Selman, the service's marketing director.

“You can use this to make sure you are connected properly to our network,” Selman said, “and that communications are encrypted from the laptop.”

But the security program also seems to be more or less a secret. Not only does the name of the program not mention security, but the link to download it also is grouped with other items in a dropdown menu. If you have a Macintosh computer, you're out of luck: The software comes only in a Windows version.

At least Cheung couldn't read e-mails.

Except in one case.

Most major e-mail sites on the Web — such as those run by AOL, EarthLink, Google and Yahoo — are protected by encryption. This is signified by the site address beginning with “https” instead of “http.”

Major banking and e-commerce pages that ask for financial information are https, too. But the Web e-mail page for Internet service provider Charter Communications Inc. is plain old http and not secure.

“You definitely want to make sure that if you are using Web e-mail on a wireless connection,” Cheung said, “that it's on an https page.”

On home Wi-Fi setups, password protection can be implemented on the modem, which offers a lot of security — although some hackers say they can break through the most basic protection regimen, known as WEP.

Public Wi-Fi setups, whether paid or free, don't have the luxury of using passwords. That would defeat the purpose of allowing a great many people to use them.

T-Mobile, which charges about $10 a day for HotSpot use, is working to get more people to use them. In March, the company finished installing a system at Los Angeles International Airport that covers 3.8 million square feet of space, making it one of the largest Wi-Fi deployments in the world.

Also, free Wi-Fi hot spots are being added to more outdoor areas by cities.

So, enjoy the freedom of Wi-Fi. But maybe you shouldn't surf to sites you wouldn't want people to know you're visiting.

“If you watch where people go, one site after another,” Cheung said, “it's almost like you can read their minds.”

No comments: