The idea of a police car roaring down the street to catch a roving online gaming junkie using someone else's wireless LAN (loca larea network) may seem silly, but there are real dangers if your network plays host to strangers.
The hazards you might face include eavesdropping, theft of data, painful legal hassles or even a conviction for computer-related crimes. And if you casually tap into your neighbour's Wi-Fi sometimes, the arrests of Benjamin Smith III in Florida and Gregory Straszkiewicz in Iselworth for such crimes signal that it's at least possible you might run afoul of a law and an irritated fellow citizen.
A typical home Wi-Fi signal can transmit about 150ft from an access point or router. Walls and windows will slow it down, but if it reaches the edge of your property, it won't stop there. In densely populated areas, it's common for a Wi-Fi device such as a notebook to detect multiple residential networks from one place.
It's not hard for an innocent user to tap into a broadband internet connection via an unprotected wireless LAN. As soon as the Wi-Fi client detects the network, the user can click on it and join. Some broadband subscribers even like opening their networks. But internet access may not be the only thing being shared.
"People who steal bandwidth aren't necessarily going to stop there; they might steal data as well," said Gartner analyst Richard Hunter. Most consumers wouldn't even know if a stranger was using the network, he added.
"If you've got an unprotected Wi-Fi network and you are in a populated area, then you really should do something to protect that," Hunter said.
Specifically, on a Windows PC, a intruder on your wireless LAN could get into any folder that is set with file-sharing enabled, Hunter said. Whatever is in the file could be modified, copied or posted on the internet. So whatever you do, file sharing should be disabled, or restricted to certain trusted people on every folder, he said. That would at least prevent "a very casual hacker" from snooping in your files. File sharing is enabled by default in Windows XP Home Edition.
Likewise, it wouldn't be hard for someone to monitor data being sent from that unprotected LAN out to the internet. That could include email messages and passwords. Even a low-priority password such as one for a free news site could pose a hazard for a user who sets up the same password on high-priority sites. For users of unprotected Wi-Fi networks, he recommends encrypting email and passwords with a tool such as PGP (Pretty Good Privacy), available as freeware.
Having an open wireless LAN also could make you more vulnerable to viruses and other malicious code. The biggest danger in that respect comes from users who just want to share an internet connection. Many home Wi-Fi routers are equipped with firewalls, which can provide protections such as deflecting attempts to scan your PC for vulnerabilities. Anyone who gets on your wireless LAN is behind the firewall, so if their systems are laden with viruses or other malicious code it can spread over the LAN. This includes tools that search for systems to turn into ’bots’ controlled by hackers.
One area where wireless LAN users have less to worry about is interception of online passwords. Internet commerce sites that secure customer transactions will encrypt passwords and other information all the way from the user's browser to the store's server, so the same protections are there on the LAN as on the internet.
However, if you instruct your browser to save your passwords, an intruder might be able to steal them from your PC, he added. In addition, some kinds of internet-borne attacks let hackers record your keystrokes, according to Gartner's Girard. For the best protection, you should have firewalls in both the router and PC.
Though it's less likely, an intruder could cause serious problems even without getting into your computer. Whatever that person does over your internet connection – which could include downloading child porn, sharing copyrighted content or executing a denial-of-service attack – can be linked to you. When crimes are suspected on the internet, usually the first piece of evidence investigators look for is the IP address from which the activity was carried out.
It's unlikely someone with an unprotected Wi-Fi network would be convicted just because a crime was committed from that network, but the investigation could include your computer being seized, and if there was anything illegal, such as downloaded music, you might get into trouble yourself.
For that matter, arrests for stealing Wi-Fi are still rare. If someone taps into your network, in some places it may be hard to prosecute them, Bankston said. It's hard to prove an intruder was deliberately snooping rather than just taking advantage of signal that was intentionally made public. The flip side is that if you're the one looking for a signal and you happen to find your neighbour's wireless LAN, the odds seem fairly slim that you'll be punished for it.
Estimates vary on the percentage of unprotected wireless LANs, but many observers agree on the main reason: the security is too complicated for the average consumer to set up.
All certified Wi-Fi gear made since late 2003 are equipped with WPA (Wi-Fi Protected Access ), an encryption system strong enough for business use, and earlier approved products have at least WEP (Wired Equivalent Privacy), a weaker system. However, consumers often don't use either because they aren't aware of the problem or can't figure out the startup process.
For example, setting up WPA requires the Wi-Fi user to come up with a good pass phrase, type it into the computer, and then enter it on the router via the network.
The Wi-Fi Alliance, the industry group that certifies wireless gear, wants to ensure easier setup for all consumers. In the first half of next year, it plans to create a standard that vendors can build in and have certified as a check-off item on their products. The standard won't be required on all Wi-Fi products because it wouldn't be appropriate for complex enterprise gear installed by IT professionals.
Some consumers will still choose to leave their networks open as a public service, an Electronic Frontier Foundation spokesperson said. In addition to possibly violating the terms of your broadband contract, that move calls for all the safeguards mentioned above.
"If you don't know how to control network permissions, you should not run open Wi-Fi," he said. "Even if you know what you're doing, opening up your network to the public will increase your risk."