by Mark Tiongco – March 21, 2010

Since it’s free, most establishments do not use Wi-Fi encryption to secure their respective networks thus offering hackers a way to steal your usernames and passwords.  For example, Panera Bread has signs that say “802.11b Wi-Fi” in their restaurants.  802.11b was created in 1999 which has little security so a hacker can literally intercept your Facebook username and password as you’re logging on.  Even if Panera Bread equipped their bakeries with WEP (Wired Equivalent Privacy), this security is so outdated that it can be cracked in under a few minutes.  With that being said, Barnes and Noble, Starbucks and McDonald’s also have zero security in place for their Wi-Fi.  Upon reading Starbucks’ Wi-Fi policy, they explained the reason for using unencrypted 802.11g was to ensure maximum compatibility between communication devices. 

"War driving" is the idea of driving around town and looking for a Wi-Fi network that is unencrypted or has weak encryption and can be easily cracked.  Wardriving can happen near a Starbucks, your neighborhood or a business park where Wi-Fi networks are online 24 hours a day, 7 days a week.  With zero or minimal security, a hacker can intercept, unscramble and figure out the information being sent between a customer’s laptop to the Wireless Access Point of an establishment.The essence of Wardriving involves time. For natural viagra example, a hacker can crack the password to a wireless network in possibly 3-4 hours.  You spend 8 hours sleeping and 8 hours at work.  So theoretically a hacker has 16 hours to try and compromise a home or office Wi-Fi network. And let’s not forget the fact that Notebook Computers have become more powerful over time. Multi-core CPU’s and on-board Video Cards processing power is being utilized to run more advanced hacking programs.Going from bad to worse, current WPA (Wi-Fi Protected Access) can be cracked in about 15 minutes along with WPA2 as seen in 802.11n network products. Two popular ways of cracking a wireless network are Brute Force and Dictionary Attack. Brute Force involves exhausting every single letter, number and special character in multiple combinations until the correct combination is found.  Dictionary Attacks utilizes a specific set of words and phrases from a dictionary to “guess” the correct password.  Another tactic that can easily swipe your login credentials is a Rogue Access Point. In this case, a hacker can set up a Wireless Access Point that imitates the true Access Point.  If your notebook connects to this Rogue Access Point, you won’t see any difference as the hacker can duplicate the log-in screen with near 100% accuracy.  This is like phishing, where you receive an alert email from your bank or credit card company asking you to click on their link and “verify” your account is okay by logging in.

There are a few steps you can take to minimize the chance of your information getting stolen:

• First, make sure your passwords are long and are fairly unique.
  Having “GOLAKERS_1981” as one of your passwords wouldn’t
  be difficult to crack.
• Second, speak to your employer’s IT department about a VPN
  connection.  VPN stands for Virtual Private Network and allows
  you to connect to your company’s network in a secure way. 
• Third, when logging in, pay attention to the URL address along
  with any inconsistencies with the log-in page (i.e. spelling,
  inaccurate pictures).

Also, check to make sure your laptop is connected to the correct Wi-Fi network and not to one with a questionable name.

• Fourth, access your important banking and credit card
  accounts at home so as to minimize the chance of
  being a victim of financial identity theft. 

Wi-Fi has come a long way in a short while with its speed, convenience and utility.  By knowing the risks associated with free Wi-Fi service, you can minimize the chance of a data breach and possible identity theft.