Free WiFi net is hackers dream: 4M open WiFi access, passwords stored in plain text

Blatant hacks, stolen documents and public spankings from hackers taught few lessons about security


Probably every user or owner of a wired router with a secondary WiFi capability has had the feeling something is going to waste as they email or Tweet or read online, making use of a tiny fraction of the bandwidth available both over the air and across the wire.

Some generous-minded souls – who are either unconscious about security, or know how to properly encrypt and lock down their own traffic without closing off the WLAN completely – are willing to share their bandwidth with the less well connected.

Usually that's a bad idea for both supplier and user. For users, there's no telling whether an open or "Free WiFI" SSID is a public resource, security honey trap or hacker's snare.

The British FON network tries to address that concern and to unite all the generous WLAN owners into a coherent network that allows members access to free WiFi anywhere other FON members network.

The FON site describes the concept as "crowdsourced WiFi" and advertises "free WiFi roaming" that is secure for both user and provider. It even provides a way for providers to make a little money sometimes.

FON is secure because a member's WLAN is subdivided into an encrypted private stream for use by the owner and a second (also encrypted) link available to paid-up FON members.

FON works for any device, is supported by more than four million members and is free for those who buy a FON-enabled router for between $49 and $99. (Those who don't pay a daily, weekly or hourly fee to either FON or a local carrier.)

The network is open, open-minded, egalitarian and very, very insecure according to Peter Legierski, a web developer at mobile app developer and digital content consultancy DeerDigital.

Legierski, a FON member who discovered while trying to retrieve a forgotten password, that FON stores passwords of at least some of its 4 million members in plain text – meaning anyone able to penetrate one or two layers of security and get close to the password database would have easy access to the bulk of the usernames and passwords.

Photo Credit: 


Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question