In public spaces, Ian Stad protects his data by going online through his cell phone rather than wireless hotspots.
Boldface signs advertising free wireless networks hang on almost every coffee shop door in Centretown, beckoning thousands of users to log onto these hotspots to check their e-mail accounts every day.
But experts say infiltrating people’s online accounts and identities through unsecured networks in libraries, coffee shops and hotels has just become easier with a program launched last month.
The user-friendly hacking program called Firesheep has initiated some 550,000 Internet neophytes into the world of hacking.
It may raise WiFi security awareness in a city where 50 per cent of wireless networks are unsecured or weakly secured, says Michel Barbeau, a computer science professor at Carleton University.
“The risks of logging onto public networks have not been properly documented, especially for the public,” says Barbeau, who focuses on wireless security research with Carleton’s School of Computer Science’s Network Research Group.
Two of his students went on a hunt for unsecured WiFi networks in downtown Ottawa last April, with results that Nicholas Osborne, one of the students, finds “alarming.”
“It is shocking that half of the networks are easily accessible. It’s like leaving your door unlocked for people to come in, see what you are doing and raid your files,” Osborne, a fifth-year computer science student, explains.
A couple days after it became available, Firesheep was given a trial run by Ian Robertson and a colleague in local coffee shops.
An IT consultant for the House of Commons, Robertson downloaded the program and was able to access half a dozen Facebook accounts in the network “within a minute.”
“I logged onto my colleague’s profile and changed his status to single. And his girlfriend called within minutes,” Robertson describes. “Any John or Jane can use it. It makes you aware of the dangers out there.”
Dangers the public does not appear to be cognisant of, according to Robertson.
“And most people aren’t aware of the risks – nor are they concerned, to be honest,” Osborne agrees.
Kathryn Beemer is a weekly WiFi user at the Second Cup at Bank and Somerset streets who doesn’t worry too much about accessing her social networking accounts while sipping a soy latte.
“People take technology for granted. They don’t think twice about who might be intercepting or invading their online information,” Beemer admits as she scrolls down her Facebook page.
A barista at another Second Cup a couple of blocks down the road says in her two years of working at the counter, she has never had a customer inquire about the security levels or encryption methods of their wireless network.
“The public isn’t fully aware of the privacy issues, nor do they really seem to care. It’s just assumed that wireless networks are safe. No one reads, let alone questions, the pop-up windows that say the network is unsecured,” Tamara Lauzon says.
Barbeau partly blames the technical jargon on certificate warning messages for the public’s lack of understanding.
“To be honest, it is hard even for an expert to understand the language. There needs to be a push to make information more accessible,” he says.
When the Canadian Wireless Telecommunications Association announced the launch of North America’s broadest inter-carrier WiFi service in May 2005, it said that “customers can also rest assured that their login details and account information remain secure when authenticating with the high level of security provided by Canada’s licensed wireless service providers.”
But this “security” is fraught with risks, says Barbeau. He emphasizes that the responsibility of keeping online information safe ultimately lies with the individual accessing the WiFi network.
Jennifer Stirling, manager of digital services at the Ottawa Public Library, agrees.
“Our wireless networks are public, which means they are unsecured. The information about our networks is available on our website. It’s up to patrons to find out about the security issues and access the Internet accordingly,” Stirling says.
Robertson says he hopes programs such as Firesheep, will increase wireless security awareness.
“The creator of Firesheep did a service by bringing it to public attention, it’s time we stop acting so blasé about wireless security.”