The Beeb yesterday published a story about the proliferation of Wi-Fi hotspots around the world, based upon new research from iPass.
The conclusion of that research was that there will be in excess of 47 million hotspots around the world by the end of this year and the UK already has a ratio of one to every eleven people.
So far.. so interesting…
But what stands out in the report is the fact that the majority of hotspots (around 34 million) are believed to reside in people’s homes. In other words, residential routers are being used to extend Wi-Fi ranges.
Here in the UK, British Telecom are employing home routers as hotspots to provide free coverage to other subscribers on their network.
Again, it sounds interesting, but so what?
ESET’s Mark James has hit the nail on the head here, saying:
“I think this research opens a few big security questions. Who is responsible for the router that is hosting the Wi-Fi spot, has the end user done all they can to ensure that default passwords are changed and their device has not been compromised, and has the owner of the router been fully informed on how to opt-out if they so wish?”
His point about router security is key here. With all the recent breaches and subsequent password dumps we know that the average internet user is likely to follow the route of least effort and either retain a default password or use a simple one, or re-use one they’ve applied elsewhere. So who is to say that there device has not been compromised. And would they even know if it had?
As for opting out, how many owners of service provider routers are even aware that they are being used as hotspots in the first place, let alone that they have the option of opting out?
James goes on to say:
“Generic logins and open Wi-Fi spots are a breeding ground for malware. Mobile security is becoming a much bigger concern with more and more devices getting bigger not just in storage size but also in physical size, this means we need to look at mobile security sooner rather than later.
Often the end user does not see a mobile device as a security hazard in the same way their desktop, but if you were to log time spent on each you would probably find the mobile wins. Operating system updates and application updating is part of your desktop life but when was the last time you checked your mobile phone to see if the software could be updated?”
Again good points and I would add that in many cases I’ve seen, desktop security has not been considered at all, which would suggest that many users are not contemplating locking down their mobile devices either.
James finishes by highlighting the increasing need for mobile data and full coverage and, in doing so, hints at just how many people may be using unknown networks to connect, something which in itself is generally not recommended:
“Virtually everything we do these days requires internet access. We strive for 100% coverage and often will look at internet availability before anything else, and that enforces the need for increased security. Free WIFI is great for keeping up with Facebook or email but the amount of information being exchanged is frightening. Virgin Media having recently introduced free Wi-Fi at 150 of the London’s underground stations, and they state that more than 3TB of data are consumed every day.”