Tuesday 2 March 2010

US Airways Free WiFi? No, not really.

I'm a pretty heads-up kind of guy.

Let me rephrase that. I'm pretty much a heads-up kind of guy. (I never claimed to be pretty!) Every computer I own or control has virus protection, firewalling (usually customised), intruder detection, and a whole bunch of other stuff I'm not going to discuss. So it takes a lot to put one past me.

Someone did.

This January, after the Consumer Electronics Show 2010 in Vegas, I was coming back via LAX. (That's Los Angeles International Airport, to anyone who still flies by boat.) I'm in the bloody-awful Air New Zealand lounge, which Virgin Atlantic has the misfortune to share. So I'm looking around for WiFi, and I spot "US Airways Free WiFi" on the list. Sounds good to me. LAX is a US Airways hub, and I've just flown from Vegas on a US Airways flight, so I'm entitled, right? I connect. Unfortunately, it doesn't seem to work, so I disconnect, and try one or two others. Eventually, I find one that does seem to work, check my email, and shut down the laptop.

Wind forward a month or so.

I'm at home, on the same laptop, when the router goes down. I power-cycle the router, and sit on the "Wireless Network Connections"¹ dialog, waiting for the network to come up again. And I see: "US Airways Free WiFi". Not in leafy Cambridgeshire, surely?

So, I've been "had". The apparent network I connected to at LAX was in fact an ad-hoc (computer-to-computer) network, not an access point. In my defence, if I'd not been exhausted from four days of exhibiting at the biggest trade show on Earth (and the inevitable evening entertainments), the subsequent teardown, and travel, I'd have spotted the "ad-hoc" symbol in the networks list, and avoided it like a leper. But that's exactly how hackers do these things. Travellers are weary mortals, and easy prey.

Ever since that airport incident, my own laptop had been broadcasting "US Airways Free WiFi" to everyone else, encouraging them to connect with me, and start broadcasting it for themselves. It's like sneezing in a crowded room.

What was lost? Nothing, as it happens. If I'd had any shared folders advertised, the peer to which I'd connected could have raided them, but for good and sound reasons I didn't have network shares enabled.

The fix is very simple, and I recommend it to anyone else who travels with their laptop. It assumes you're using Windows' own WiFi configuration tools: if you're using a vendor-supplied tool instead, you'll have to work it out for yourself.

The vast majority of computer users have never needed to use an ad-hoc network, so the sensible thing to do, since it's a vector for attack, is to disable ad-hoc networking completely until uncured ham flaps past the window, and you decide you do need to use it. Ad-hoc networking, that is; not the ham. Ahem.

Here's how you do it on Windows XP¹. I don't use Vista (in fact, I upgrade² all Vista machines under my control to XP), and haven't yet needed to buy a Windows 7 machine, so if you're using any other Windows, you'll have to adapt these instructions to your own operating system.
  1. From the Start menu, select Control Panel, and choose "Network Connections" from the list.
  2. Right-click on "Wireless Network Connection", and select "View Available Wireless Networks".
  3. In the left panel in the pop-up window that follows, click on "Change advanced settings". You'll get a list of all sorts of stuff you don't care about.
  4. Select the "Wireless Networks" tab at the top of the window.
  5. Near the bottom of the page that's now show, there's an "Advanced" button. Click it.
  6. There's a list of three options shown. Select "Access point (intrastructure) networks only". If the "Automatically connect to non-preferred networks" box is checked, uncheck that one too. Then OK your way out of the dialog, and close everything else.
You're now protected, at last. With that one, simple change, you've prevented hackers using your machine to propagate this meme, and you've prevented anyone from viewing your shared folders. Now, why couldn't Microsoft have done that by default?

¹ Yes, Windows. I know, I'm a Linux guy by preference, but I do use Windows. (And then spend most of my time in Linux sessions in VirtualBox, or over SSH-hardened connections to Linux boxes, of course.)

² When I install another OS version, and it goes faster, uses less resources, is more compatible with past programs, works with more hardware, has less bugs and dies less often, that's an upgrade, right?

3 comments:

  1. Had the exact same thing happen to me. I followed all of your steps, but the "US Airways Free Wifi" still shows up when I "View Available Wireless Networks". It is not in my "preferred wireless networks list". How can I get rid of it? Am I still broadcasting it?

    ReplyDelete
  2. Oops - sorry, Linda, I didn't spot your comment!

    It's possible that there's another machine within WiFi reach that's broadcasting that SSID. It might be worth asking around. Once you've set "Intrastructure only", you shouldn't connect to it automatically, anyway.

    ReplyDelete
  3. I just fell for this too... but incredibly stupidly, as I'm actually from Australia. It struck me after a couple of minutes (and suddenly realising it wasn't wireless and it wasn't doing anything) that I shouldn't be able to see any sort of US Airways WiFi from my house, so I googled it as it seemed suspicious and I found this page.
    But I operate Windows 7, and being a complete computer idiot, I can't work out how on earth to fix it. Speaking to my brother, he and my dad had also connected to it at some stage. Any idea what I should do?

    ReplyDelete