Mobile Computing: Boost Your Wi-Fi Security

Feature: Boosting Wi-Fi Security

That soap opera cliché, the Evil Twin, is alive and well--and perhaps hanging out an Internet café near you.

In the past few months, reports have emerged of Evil Twin attacks (also called "wi-phishing") targeting wireless network users at public hotspots. This week, I'll explain how Evil Twin attacks work and how you can defend yourself against these--and other--Wi-Fi security threats.

The Creep at the Coffee Shop

Unlike wired networks, wireless networks broadcast data over radio waves, which can be easily intercepted. By its very nature, then, a wireless Internet connection is less secure than a wired one. Along with the usual concerns of any computer user--spyware, viruses, and other malware--wireless network junkies must also be particularly careful of hackers.

An Evil Twin attack is a good example of how vulnerable wireless networks can be to clever hackers. Imagine you're at a public hotspot, such as a coffee shop. To initiate a wireless connection, you open your browser to sign on to the network. At the sign-on page, you enter your password, credit-card number, or whatever else that's required. Nothing seems amiss.

But in reality, the Web page is actually an Evil Twin--a forgery--of the legitimate sign-on page. The look-alike was created by one or more hackers for criminal or malicious purposes. They want to steal your personal data, such as credit-card numbers, or infect your notebook with viruses.

How is this possible? In essence, the hacker has turned their notebook into a wireless access point. (An access point acts as a hub, connecting notebooks and other wireless equipped devices to the same network.) While you think you're connected to a Wi-Fi network, in fact you're connected to the hacker's notebook. Everything you type, the hacker can see. Each e-mail you read, the hacker can read. When you try to visit legitimate sites, the hacker redirects your browser to illegitimate ones.

And this is perhaps the creepiest part: Because wireless access points don't have an extensive signal range, the hacker must be physically nearby to pull this off.

For more on Evil Twin attacks, read "Does Your Wi-Fi Hotspot Have an Evil Twin?"

Defend Yourself

Now that I've sufficiently scared you, I'll offer some reassurance: There are plenty of things you can do to protect yourself at public wireless hotspots.

Change your default Wi-Fi settings. Does your notebook automatically scan for available wireless networks? If so, disabling this option can help prevent your notebook from inadvertently connecting to an Evil Twin site.

Here's how to turn off automatic wireless network configuration in Microsoft Windows XP: Right-click the wireless network icon in your system tray at the bottom-right corner of your screen, then select Open Network Connections. (Alternatively, you can select Start, All Programs, Accessories, Communications, Network Connections.) Right-click Wireless Network Connection and select Properties from the context menu. Click the Wireless Networks tab, uncheck the "Use Windows to configure my wireless network settings" option, and click OK. If the Wireless Networks tab doesn't appear, your wireless network adapter doesn't support this feature.

Look for the lock icon. Whenever you're about to enter personal data or conduct an online financial transaction, make sure a lock icon is displayed in the bottom right of your Web browser. The icon indicates that the Web page you're viewing has been encrypted and certified by a public certifying authority.

Check the URL. A Web page that's encrypted is designated with an "https" address, rather than the standard "http." For instance, your bank's Web site address may be, say, As you venture deeper into the banking site, you should notice that the URL displayed in the browser's address field begins with "https." If you don't see "https" in the address field on what should be a secure page, don't go any further.

Install security software. Yes, security software can be a pain to install, update, and manage. And yes, it can make your notebook performance a bit sluggish at times. All that said, a car's seat belt can wrinkle your clothes and be uncomfortable, too. But you wouldn't drive without wearing one, right? Whether you're on a wireless or wired network, make sure you've got firewall, antivirus, and anti-spyware software running (some programs offer all three functions). Head over to PC World's Spyware & Security Info Center for more information and to download the software you need. You'll also want to read PC World contributing editor Scott Spanbauer's Internet Tips column on updating your security arsenal.

Use WPA security. Older wireless network adapters, routers, and related equipment used Wired Equivalent Privacy, a wireless security protocol that is easily cracked. Newer standards such as Wi-Fi Protected Access and Wi-Fi Protected Access 2 offer stronger encryption. The Wi-Fi Security Alliance, a nonprofit association, provides an online search tool for finding products that support WPA, WPA2, and other security protocols.

Use a remote connection to your PC. When he's on the road, reader Dave Vogel of Acton, California, says he surfs the Web and checks e-mail on his notebook via a secure remote connection to his desktop PC back home, which has more robust security (such as a local-area network router with built-in firewall) than his notebook. Dave uses MyWebEx PC because it secures remote-access sessions with 128-bit encryption. The downside: Applications usually run more slowly when accessed remotely. MyWebEx PC is available in free or $10-per-month Pro versions. (I haven't used either one.) You can download the free version from the company's Web site.

MyWebEx PC Pro was recently selected as Best Buy in a roundup of remote-access products. For the review, read "PC in a Browser."

Check for misspellings. An Evil Twin site, phishing e-mail, or other online scam may look legitimate on the surface. But read closely and, inevitably, you'll discover misspelled words. For example, I received an e-mail from EBay "Costumer Support" that otherwise appeared perfectly legit. "Costumer Support," indeed. When I need EBay's help with my costumes, I'll ask for it.

Turn it off. To minimize the chances that a hacker can access your notebook, turn off your wireless connection when you're not using it. You'll save battery power, too.

Wait until you're wired. If you want to be as safe as possible, don't shop, check investments, pay bills, or conduct any business transactions on a wireless network, period.

Go to the Wi-Fi Alliance for more information about using public Wi-Fi networks.

Mobile Computing News, Reviews, & Tips

Hotel News: IPods at the Algonquin

New York's Algonquin is seeking to put a new-millennium spin on its long-held literary reputation (the hotel claims to be the birthplace of The New Yorker magazine). In May, the hotel began offering guests the use of Apple IPods preloaded with audio versions of current and classic books. The portable music players are free for guests to use. The hotel also offers in-room plasma TVs and Wi-Fi in the lobby.

Gadget News: Archos's Big-Screen PVP

"When someone comes out with a PVP [portable video player] that has a 6-inch screen or larger, records directly from TV, and costs less than $450, I'll be all over it," I wrote last fall.

Recently, Archos came extremely close to meeting my requirements. The company's new AV 700 handheld PVP features a 7-inch display, while most PVP screens are about 3.5 inches. And unlike Microsoft Portable Media Center devices, Archos PVPs can record shows from a TV, DVD player, or cable or satellite box. The only thing still holding me back is the price, and my spouse's potential ire: A 40GB AV 700 is $600, while a 100GB version is $800. But did I mention the 7-inch screen?

Notebook Accessory Review: Apricorn's Tiny, Portable Drive

Apricorn claims its EZ Bus Mini is the smallest external hard drive/disaster recovery system around. The 1.8-inch drive, about the size of a card deck (why is everything the size of a deck of cards?), is completely powered by your notebook's USB port; there's no need to fool with an AC adapter.

Based on my informal tests, the delightfully compact EZ Bus Mini is a convenient device for backup or extra storage on the road--though its 4200 rpm speed can feel slow. The hard drive comes with software that lets you create an exact, bootable clone of your notebook's internal hard drive, though I haven't tested this feature yet. It's available in 20GB ($179), 40GB ($249) and 60GB ($349) capacities. Our Product Finder has the latest pricing.

Reader Tip: Put a Lid on It

In response to my recent articles about computing while flying, Tom Brady of Medford, Massachusetts, wrote to share this tip: When you're on a plane, always close your notebook's screen when you or your neighbors are being served food or drink. "I had a flight attendant spill coffee on my laptop," Tom writes. Fortunately, his notebook was off and closed, so disaster was averted. The danger is that liquid can seep into your notebook and damage internal circuitry.

Tom's point may seem obvious, but I don't see many in-flight notebook users doing this. So remember this simple rule, fellow passengers: mouth open, notebook closed.

Reader Response: Winning the Reclining Seat-Back War

Here's another response to the computing-in-coach articles. C.C. of Jacksonville, Florida (he requested anonymity) suggests using Knee Defenders ($15) to prevent the person in front of you from reclining into your workspace. Plastic wedges that you snap onto the arms of your tray table, Knee Defenders act like door stoppers. When they're in place, the person in front of you is blocked from fully reclining.

C.C. says that only once in his many Knee Defender adventures has someone complained. The flight attendant told the complainer "there was nothing she could do about it."

Have any other notebook-toting travelers used Knee Defenders--or been prevented from reclining because of them? Tell me about it.

Wireless News: The Battle for Your Bluetooth Phone

Can someone else make calls on your Bluetooth phone--without physically touching it? Yes, according to researchers, pointing to security holes that enable hackers to take control of Bluetooth-enabled mobile phones, even when the handsets have security features enabled. For a wake-up call, read "Who Is Controlling Your Bluetooth Phone?"

Suggestion Box

Is there a particularly cool mobile computing product or service I've missed? Got a spare story idea in your back pocket? Tell me about it. However, I regret that I'm unable to respond to tech-support questions, due to the volume of e-mail I receive.

Sign up to have the Mobile Computing Newsletter e-mailed to you each week.

Subscribe to the Power Tips Newsletter