December 02, 2003

Wi-Fi Hacker Arrest Raises Security & Liability Concerns

Per a recent CNET News story, an unusual arrest of a war-driver in Toronto is raising a lot of Wi-Fi security and liability questions. As CNET sums it up, "Toronto police said they stopped a car last week for a traffic infraction when they found the driver naked from the waist down with a laptop computer on the front seat, playing a pornographic video that had apparently been streamed over a residential wireless hot spot. The driver was charged with possession, distribution and creation of child pornography, as well as theft of telecommunications--a first in Canada, according to local authorities."

Now imagine that it was your Wi-Fi connection he hijacked, except that the authorities didn't catch the war-driver, but instead tracked the downloads back to your network from your ISP's logs. Talk about some explaining to do.

Study after study shows that the vast majority (more than two-thirds per one study cited in the story) of consumer Wi-Fi networks do not have even basic wireless security features enabled. The article further discusses some of the liability concerns for the owners of Wi-Fi networks, particularly on negligence theories. As most Wi-Fi networking components ship with most or all security features disabled for "easy setup", and the default passwords are well known, it certainly doesn't help matters.

All of the above clearly illustrates the serious need for a comprehensive set of "Wireless Best Practices". Here's some links to get off to a good start:

Naturally, there's much more information available on the web on this controversial topic. Some advocate the strict prohibition against Wi-Fi networks due to the valid security concerns. Others advocate its use by enabling as much security as possible, to make it "reasonably secure", which is subject to various interpretations.

There's no doubt that wireless networks are very convenient, but that needs to be balanced against the relevant risks. Each person or organization needs to make the call for themselves, but I'd rather see the decision made as an informed one -- hence the need for better Wi-Fi security education, best practices, and policies.

Topic(s):   Privacy & Security
Posted by Jeff Beard