Tip o’ the Week #221 – Stay safe on WiFi

clip_image002

Following last week’s misty-eyed retrospective on WiFi and Bluetooth, it’s worth pausing a little to pass on a few safety tips too. If you’ve a WiFi network at home which does not have encryption enabled (using a decently strong password – known as a Pre-Shared-Key or PSK – and a modern encryption method, such as WPA2) then you must hang your head in shame immediately, that is, immediately after you go and put a strong password on your WiFi.

What should you call your home WiFi network? Well, if it’s “NETGEAR” or similar, then make sure you call it something else (in case a well-known exploit is found in every NETGEAR router, in which case you’ve just told every kerbside hacker how to break into your network). Also, it’s worth making sure you change the admin password for your router – it’s a piece of cake to find out the default password for well-known routers, such as NETGEAR ones.

How to name your SSID might depend on where you live, if you have any neighbours, if you trust them and so on.

clip_image004Serial ToW contributor Paul “Woody” Woodman has the mischievous idea of setting his SSID to be something eye-opening – in fact, the WiFi network set up by his phone’s Internet Sharing (as covered in last week’s ToW) has an interesting name…

So, Woody’s on the train, using his phone to connect to the internet, and all the other WiFi users in the same carriage are on their best behaviour…

The Huffington Post wrote about this phenomenon a few years back.

To get a more reliable connection, it’s worth setting your WiFi channel to be something that interleaves well with your neighbours, so you’re not both trying to blast out on Channel 6 – as a guide, check here. Try using a bit of software called inSSIDer to sniff your neighbourhood, see what their networks are called and what channel they’re on, then set yours to something complementary, if you can.

Stay Safe Online

Yvonne Puley made a suggestion about checking what WiFi networks you connect to, after reading a report on the BBC website and seeing an article on the BBC’s Click programme. The gist of the piece is that public WiFi networks – a hotspot set up by your local coffee shop, or even well-known WiFi networks provided by telco’s and the like – are not necessarily all they seem. A simple scam could be for a ne’er-do-well to set up a spoof WiFi network on their own laptop, and the unsuspecting browsers could connect to it and all their online movements could be recorded and tracked. Other hackers could stage a “man in the middle” attack using software that intercepts traffic on legitimate networks and can even decrypt supposedly secured SSL traffic.

In short, there’s no way for you to guarantee that what you do on any public WiFi network is safe from prying eyes. Europol (not to be confused with Interplod, as Arthur Daley might have ventured) says, basically, don’t use public WiFi networks for anything private, like online banking. If you want to scare yourself silly, then watch this Click clip.

clip_image006Anything that goes over VPN or DirectAccess should be OK, as the encryption mechanisms used are less susceptible to having a breaker on the side. Even when connected back to base using a more secure connection, though, ordinary web surfing and background updating of apps will typically go out via the public WiFi network. It’s worth also making sure you don’t give too much away – like when you first connect to the network, unless you control it, then you don’t want to “find PCs, devices and content” etc.

For more info on this setting, see here. Looking in the PC’s settings at the connection properties (as described in that article) also lets you see what kind of encryption you have running on the network. If you’re connecting to a WEP network (the traditional method for putting a password on a wireless connection), then think twice about trusting it – Wired Equivalent Privacy is anything but, and can be relatively easily cracked.

Tip o’ the Week #220 – Wireless networking, 15 years on

clip_image001

It’s amazing how quickly technology goes from an expensive frippery to a cost-insignificant near-essential. It’s not so many years ago that WiFi and Bluetooth first arrived (remember the Ericsson T29 or T68, the latter of which not only had a COLOUR screen but came with Bluetooth support – all you’d need is a £100 “Socket” Compact Flash card†, and your iPAQ could be GPRS enabled).

Bluetooth went from a travelling salesman’s “look at me” blinking earpiece, to wirelessly enabling things that don’t really need to be wirelessly enabled (and the seller’s earpiece is now pretty-much the territory only of airport taxi drivers). WiFi was developing in parallel.

clip_image003Here’s a photo from 13 years ago, where the serving UK Prime Minister was entertained by a demo in the Microsoft TVP atrium, of a mobile app (equipped with smoke & mirrors) which used a WiFi network – but it pre-dated the Microsoft rollout of WiFi, necessitating about £500 worth of kit just to allow the hand-held device to talk to the network.

Nowadays, we’d rock up at an airport and be disappointed not only if there wasn’t WiFi, but there wasn’t some kind of freely available service. Buses have free WiFi. Often you can price-check online as you’re walking around the department store. We expect WiFi to connect our phones without racking up 4G charges. Time marches on.

It was 1999 (with the adoption of the 802.11b standard) before wireless networks (becoming known as WiFi or Wi-Fi depending on your degree of pedantry) started reliably working with kit between different vendors. This opened the door to successful adoption and eventual embedding in all sorts of devices. Bluetooth also developed apace, and has now carved out a niche (especially with Bluetooth Low Energy, or BLE) for data comms over relatively short-range and comparatively low-power (against WiFi’s longer range, with higher power drain).

clip_image005Although both standards offered options for peer-peer communications and operating in an “infrastructure” mode where there was an established network to connect to, Bluetooth only ever took off as a means of linking devices directly, and the vast majority of WiFi is deployed as a network of base stations.

Windows Phone 8 GDR3 and Windows 8.1

One neat function that was included in the latest major update to Windows Phone 8 (released under the “Lumia Black” moniker for Nokia handsets), turns your phone into a WiFi hotspot that can be remotely controlled by Windows 8.1. If you go into settings -> internet sharing on the phone, and set up internet sharing for the first time, it’ll give you a broadcast name and a numeric password.

You can now connect from some other device to the phone over WiFi, and use its data connection to get on the internet. Once you’ve set the connection up for the first time, with your laptop or tablet is running Windows 8.1, you can establish the connection any time without even needing to get your phone of the pocket – just swipe from the right, look under the network settings and tap to connect.

clip_image006

† Whilst on the topic of old networking kit, here are some old Bluetooth bits that I found in my Man Drawer. The PCMCIA wireless cards have all gone the way of the Dodo – these ones evaded the net on the basis of their size and the amount of money they costs to procure in the first place.

How can you throw something away that cost hundreds of pounds in its day and is now worthless for any reason other than as a curio?

Might as well keep them and maybe someday they’ll be worth something as a museum piece…