Skip to main content

Running Win XP? Beware “Free Public Wi-Fi.”

Part of Wright's job is to hack into a company's wireless network in order to expose vulnerabilities. When he sees Free Public WiFi, he says, "we break out the champagne."

Dave McClure

Oct. 12, 2010

I’ve written so often about the dangers of Wi-Fi I’m starting to bore even myself.

But the fact remains that any accountant who uses public Wi-Fi sources in airports, hotels, coffee shops or other venues should be tarred and feathered, if not de-certified.  If that seems harsh, take a gander at this information from National Public Radio in its report on “Free Public Wi-Fi.”

Author Travis Larchuck chronicles the story of wireless security consultant Joshua Wright, who discovered a curious phenomenon in an airport one day.  When he fired up his laptop and went searching for a Wi-Fi connection, an option popped up for “Free Public Wi-Fi.”  Only it turns out, this is not an Internet connection.  Exploiting a fault in the Windows XP operating system, this is an ad-hoc network that gives another computer access to your drives.  Click on “Free Public Access,” and in the time it takes you to figure out that you are not connecting to the Internet, a hacker can download most of your document files.  Including personal files, your Outlook PST file, your client files…well, you get the drift.

Microsoft has patched the fault, but there are still a lot of accountants running Windows XP on their laptops who have not applied the patch.  Larchuck sums it up this way:

No one knows for sure where Free Public WiFi began. One theory, Wright says, is that someone may have set it up as a joke. It might have been created to trick a friend into connecting “so he would get a Web page with some kind of a gross image or childish prank.”

Unintentionally creating or connecting to the ad hoc network isn’t inherently harmful, despite its virus-like spread. It does, however, provide an access point for hackers to come in and check out the user’s files.

Part of Wright’s job is to hack into a company’s wireless network in order to expose vulnerabilities. When he sees Free Public WiFi, he says, “we break out the champagne.  Because I know at that point I will be able to get unlimited access to internal resources just from that one starting point.”

The solution is simple.  Stop using any form of public Wi-Fi.  Period.  Use a cellular connection, or a wired ethernet solution, for any accounting work you do on the road.  Or risk the loss of your firm’s data and that of your clients.

Sigh!