Wifi security – getting control
- Details
- Published Date
Most motels and hotels offer a wifi hotspot for guests to use. It is expected of accommodation facilities these days. Unfortunately, some businesses have already had guests' credit card information stolen by thieves using the wifi hotspot to gain access. Offering a generic password for your guests to get access to your network is not enough. Thieves can get access to your systems through the wifi hotspot as your system needs to be connected to the Internet to process credit card payments and, in most situations the wifi hotspot you offer to your guests, is via the same access.
You do not have to be a hardcore hacker to access business's data. It is just there for the taking. Your whole network, including the information on guests' computers that may be accessing your Internet at the same time as the thief. In cases where the theft of credit card information from a business computer is proven, then the merchant (you) are liable for fines and suspension of merchant card services, crippling your business.
Researching this article, I typed into Google "how to hack a wifi hotspot" and was flabbergasted at the amount of sites that can 'hold my hand' to get me onto your network. It was frightening. You do not have to be an expert. Some people don't even know they are accessing your information, they just happen upon it. Deleting your data, copying it, changing it and worse still sharing a virus with your data is a very simple thing to do. While sharing files, printers, desktops and other services can be useful at home or in the office, doing so is inappropriate on a public network, where competitors or hackers can access this information.
So how do you secure your network?
If your business is using a domestic modem/router for your Internet access and most small to medium sized businesses are, we suggest that you purchase a commercial router based solution that manages the wifi hotspot and who gets access to it, therefore securing it from hackers/thieves. Alternatively, if using a domestic modem/router, the wifi hotspot and PoS computer needs to use two different Internet connections. You therefore have two Internet bills. This is not always the cheapest and easiest solution and it does not solve the issue of your wifi hotspot being secure to hackers or being abused by customers accessing it.
Domestic modem/routers are designed to share not only your Internet connection but everything on your network, therefore, not making it a secure business solution. Most commercial router solutions have the ability to funnel guests out on to the Internet and block them from accessing anything else on your internal network.
In 2007, the wireless network of TJX Companies, a US-based retailing empire, encountered the world's biggest known theft of credit-card numbers. Their network had very poor protection - the company did not adequately secure its wifi network and disregarded requirements imposed by Visa and MasterCard concerning how card information is stored and transmitted. A newspaper article quoted "it was as easy as breaking into a house through a side window that was wide open".
Offering unsecured wifi hotspots to clients is much like offering free drinks at your bar. Most likely everyone will have a good time but you will have the hangover. It's wise to assume that wifi hotspots attract predators. Take appropriate precautions and avoid the hangover. Close those side windows. A generic password is not enough.
Warning to US travellers
The FBI has warned travellers there has been an uptick in malicious software infecting laptops and other devices linked to hotel Internet connections.
The FBI wasn't specific about any particular hotel chain, nor the software involved but stated: "Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travellers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.
The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack.
By Judy Senn, Time Out Internet
