FindLaw columnist Eric Sinrod writes regularly in this section on legal developments surrounding technology and the internet.
Like nomads searching for oases, we roam in our quest to find Wi-Fi hotspots from which to connect to the wireless world. Unfortunately, these cozy areas where everything seems so right actually can be black holes where our private data can be siphoned away.
Indeed, BBC's Watchdog reports that connections provided by three major Wi-Fi networks in the United Kingdom are susceptible to hacker attacks, making network users vulnerable to potential fraudulent activities. Watchdog, in a recent program, indicated that literally thousands of UK hotspots, in places such as airports, trains and food establishments, are not as secure as people may think.
To prove its point, Watchdog itself implemented equipment easily available on the Internet to hijack wireless traffic at a number of hotspots. True hackers doing the same thing could take control of the Internet accounts of hotspot users and from there they could obtain private data to access their accounts at banking and shopping Web sites.
This can be likened to a "man-in-the-middle" attack. A hacker establishes his or her own hotspot while naming it the same as the official hotspot and at the same time as routing traffic through his or her hotspot to the official system. In the process, the private data within the Internet traffic, such as credit card numbers, can be harvested.
This certainly does not present a pretty picture. However, there are potential technical protection measures. For example, a Virtual Private Network (VPN) can be set up for a public hotspot. This puts in place an encrypted pathway between the source device or computer and the ultimate destination site, while blocking the access to data along the way. But still, some Wi-Fi networks do not offer VPNs for download as users gain access to the network.
Wi-Fi access at hotspots now is part of our modern life. Cross your fingers and hope that your data remains safe.
Eric Sinrod is a partner in the San Francisco office of Duane Morris LLP (http://www.duanemorris.com) where he focuses on litigation matters of various types, including information technology and intellectual property disputes. His Web site is http://www.sinrodlaw.com and he can be reached at firstname.lastname@example.org. To receive a weekly email link to Mr. Sinrod's columns, please send an email to him with Subscribe in the Subject line.
This column is prepared and published for informational purposes only and should not be construed as legal advice. The views expressed in this column are those of the author and do not necessarily reflect the views of the author's law firm or its individual partners.
- DOJ: Hacker Stole 130 Million Credit Card Numbers (FindLaw's Blotter)
- One Country Makes High Speed Internet a Legal Right... (FindLaw's Technologist)
- Speeding Up The Internet For Americans (FindLaw's Technologist)
- FindLaw Legal Technology Center