Handing out WiFi keys is the same as no key at all

laptop-wifi-security-290x3001 I’ve been saying this for years but some still don’t believe me. Here’s a bit from Security Now 246 which echoes this perfectly:

Steve: …for example, there’s an Italian restaurant that I like that has a big "Free WiFi" sign on the front door. And the first time I went in with my iPad, I said, hey, I’ve never had an occasion to want to be on your WiFi network, but now I have that occasion because I have an iPad. And it was, I don’t know what it was like, it was, well, whatever the password was, the waiter just gave it to me. So it wasn’t open, and it was encrypted, but any customer asking could get the password. Of course we know what that means. That means that, even though you are in a secure network, everyone there has the password, meaning that anyone can listen in…

Leo: You’re still on a public network, in effect.

Steve: Exactly. You’re back to the exact equivalent of open WiFi because the password, even without it being complex, it’s something that anyone can know, and that’s all it takes then to be able to decrypt everyone’s traffic.

Leave a Reply

Your email address will not be published. Required fields are marked *