AT&T Contradictory on Wi-Fi Security
This post over at TUAW got my dander up late last night because of this quote:
From then on, all you need to do is walk into the Hot Spot, and you’ll be automatically logged in with a secure connection
Is your connection to an AT&T Wi-Fi hotspot secure? AT&T is a little self-contradictory on this. Here is what you’ll find in the marketing materials for AT&T Wi-Fi. (I picked this one up this morning in my usual Starbucks.)
I don’t know about you, but I’ve never had to enter a password or do anything other than the captive network authentication when I use AT&T Wi-Fi. But it gets even better. From AT&T’s own FAQ page
Does AT&T Wi-Fi provide any general security or WEP/WPA encryption for its wireless network?
AT&T does not enable WEP (Wired Equivalency Protection) or WPA (Wi-Fi Protected Access) on any of the wireless equipment used in its public Wi-Fi networks. Therefore, no special keys are required to use AT&T Wi-Fi public high speed Internet access. The AT&T Wi-Fi network supports secure Virtual Private Network (VPN) access. If you have VPN, AT&T recommends that you connect through the it for optimum security. AT&T also encourages its users to observe standard security practices, such as ensuring that computer hard drives are not shared and that laptops have firewall protection. As a member of the Wireless Ethernet Compatibility Alliance (WECA), AT&T supports ongoing security efforts for wireless public networks.
If you do not typically use a VPN, the unsecured nature of any public hotspot technology does enable technically astute people to capture data packets from your wireless device to/from the Internet. Wi-Fi customers can take precautions to lower the security risks:
Be aware that your surfing activities may be monitored in a public hotspot. It is advisable not to access any secure site such as on-line banking sites, portfolio management or other web sites supporting your personal data. Email access may be at risk as well. AT&T suggests you do not access any Internet web site or service where personal or private information will be provided.
File sharing, possibly enabled in your home wireless LAN environment to easily share files between your desktop and other laptop computers, may place your personal files at risk. Disable “File Sharing” on your Shared Documents or other shared folders on your device hard drive to minimize the risk of exposing your personal data to every device connected to a public hotspot. View HELP information within your device operating system for instructions on how to disable File Sharing. “Evil-twin” hotspots may be installed near any public hotspot. The evil-twin may have the same SSID network address as the public hotspot and enable Wi-Fi users to mistakenly logon to a service that looks like the hotspot welcome pages but is secretly capturing all your data packets as they flow to/from the Internet. Verify that your hotspot location is offering Wi-Fi service and that you are indeed logging into the Wi-Fi service provider’s authentication page. AT&T Wi-Fi service will force all users to an authentication screen branded with AT&T Wi-Fi and offer a pull-down menu of the appropriate AT&T login ID network names. Some Wi-Fi hotspots will offer a public PC directly connected to the Internet. An unsecured PC in a public environment introduces additional risks including the installation of key loggers, cached browsing history and saved login information. In these installations, ensure that you perform a “logoff” of web sites such as AT&T Yahoo! portal and you do not check the box offering to “Keep you logged on for XX days.” Using the AT&T Wi-Fi Service can be a fun and convenient experience if you are aware of your surroundings and the inherent security risks of the technology.
So, AT&T is being blatantly contradictory. They know better than to claim that their networks are secure and they big fat do it anyway. This is the most blatant case of false advertising I have seen by a respected legitimate big corporation in a long time. What’s worse is that outfits like TUAW that people turn to for reliable information are buying into the same misinformation and spreading it to their audiences too.
If you feel the same way, please consider contacting AT&T to have the message changed or removed from their marketing materials.
