Hotel (In)security

22 Nov ’05

Via Steve Gibson’s Security Now podcast I learned of a recent Roger Grimes column in Infoworld that presented this alarming tidbit about the insecurity of hotel broadband:

For the past few months an acquaintance of mine has been sniffing various public wireless and wired networks around the world, looking to see what plain text passwords are visible. It was an eye-opening experiment.

She said about half the hotels use shared network media (i.e., a hub versus an Ethernet switch), so any plain text password you transmit is sniffable by any like-minded person in the hotel. Most wireless access points are shared media as well; even networks requiring a WEP key often allow the common users to sniff each other’s passwords.

She said the average number of passwords collected in an overnight hotel stay was 118, if you throw out the 50 percent of connections that used an Ethernet switch and did not broadcast passwords.

The vast majority, 41 percent, were HTTP-based passwords, followed by e-mail (SMTP, POP2, IMAP) at 40 percent. The last 19 percent were composed of FTP, ICQ, SNMP, SIP, Telnet, and a few other types.

Roger’s column has various tips to deal with this, and for a good general backgrounder on VPNs tune into Episode #13 of Steve’s podcast. More on VPNs follows in next week’s episode.

Update: this is not just about passwords – it’s about any plaintext – including the body of email messages and their attachments. Which is somewhat unnerving if one stops and thinks for a moment about the kind of information that is sent out by email by business travellers staying at hotels. Imagine the opportunity for corporate espionage. Steve Gibson talks about this issue more in Episode #14.

Previous post:

Next post: