Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wifi with no password, security ramifications?

davidlv

davidlv

macrumors 68020
Original poster
Apr 5, 2009
2,291
874
Kyoto, Japan
I often visit a friend who has no password set for his WiFi (Apple base station).
What are the security ramifications with that infrastructure?
Sorry, I am really not well-informed about network-related issues.:eek:
 
Hi David

I imagine anyone that is within radius and can pickup the WIFI signal can piggyback his network.

Implications here are they might
- max out his download allowance
- be looking at offensive material which would look like it was being viewed by your friend
- browse your friends networked devices ( depending on how they were setup)

I'd urge him to put a decent password in place ASAP
 
There are no security implications, as there is no password, anyone/thing can connect to that network.

There are risks however.

Bandwidth is an issue - anyone connected to it can access the net for the most part, accessing anything unless you are using some sort of blocking, but even that could be circumvented.

Shared resources (printers, NAS, Samba or CIFs shares) etc, could all also be accessed, although these usually have some user and password associated with it.

For Windows, compromised computers for instance can connect. Some Trojans or Worms can seek out other machines on the same network and "do" things to them.
It would be easy for a computer with virus to see any connected drives on the network and infect them, anyone then accessing those files and running them are subject to the virus.

For Macs, the risks are less, but just as important - especially shared resources and bandwidth.
 
davidlv said:
I often visit a friend who has no password set for his WiFi (Apple base station).
What are the security ramifications with that infrastructure?
Sorry, I am really not well-informed about network-related issues.:eek:
Click to expand...

It really depends though. If he has no password but he is blocking all but specified MAC addresses then having a password is less important. However, if he just has his wifi wide open with no mac address restrictions, then he could be in for a world of hurt.

I'm not saying I did this but....

A few years ago my in-law's neighbor had an open wifi and someone connected to their network, logged into their router, added a password to their wifi network and changed the admin password on them thus locking out all their wireless devices from connecting.

Let's just say they had a new password on their wifi the next day.... I mean, errr, someone told me they added a new password the next day.....
 
The level of risk usually comes down to how many neighbors he has, how close they are, how clever they are, and how much time they have on their hands. Worst wifi admin experience ever was in a dense area surrounded by engineering students. Before leaving, I'd locked it down, hidden it, reduced antenna power, and taken out the DNS settings!

Worst case scenario is direct hacking or they monitor traffic and capture info like credit cards. But the same can happen on a public wifi. Which you can't see until it's to late. Everything else is reduced network performance and leaving you with the bill for bandwidth and content responsibility.
 
paulrbeers said:
It really depends though. If he has no password but he is blocking all but specified MAC addresses then having a password is less important. However, if he just has his wifi wide open with no mac address restrictions, then he could be in for a world of hurt.

I'm not saying I did this but....

A few years ago my in-law's neighbor had an open wifi and someone connected to their network, logged into their router, added a password to their wifi network and changed the admin password on them thus locking out all their wireless devices from connecting.

Let's just say they had a new password on their wifi the next day.... I mean, errr, someone told me they added a new password the next day.....
Click to expand...

Not that I've ever done it either, but the realization that I could has occurred to me when on an unsecured network before. That's probably the best reason I can find to make sure I've got a password.
 
Makes it easier for someone to snoop your clear text transmissions. https connections are not an issue but http and other protocols can be read by someone else.
 
paulrbeers said:
It really depends though. If he has no password but he is blocking all but specified MAC addresses then having a password is less important. However, if he just has his wifi wide open with no mac address restrictions, then he could be in for a world of hurt.
.....
Click to expand...

Absolutely! Someone could use his connection to download movies and then the MPAA attorneys would track him down and he'd have to defend against a very expensive lawsuit. Very expensive. It would be hard to prove that the movies were downloaded by an outsider, and the MPAA could argue that the no-password was aiding in theft... Don't rule out any silly MPAA attorney allegations.

Some places are trying to make it a crime to not have your wi-fi secured.
 
rctlr said:
There are no security implications, as there is no password, anyone/thing can connect to that network.
...
Click to expand...
Actually that is better phrased as "There is no security."

Anyway one can access the network. If they download/upload questionable content the friend would have a difficult time proving it wasn't his doing. There have been a coupe of case where people used an open WiFi to access child porn.
 
Your friend has basically left his front door unlocked.

How many people will walk through that front door? Unknown.

How many of those people will rifle through his papers? Unknown.

How many of those people will find a credit card number/SSN/whatever and use it to their benefit? Unknown.

Maybe he has nothing to hide, maybe he has little to steal.

That said, if someone does assume his identity for a brief period, he may end up having some rather unpleasant conversations with various creditors. Worse, he may end up being a bit upset by the sense of personal space violation, even if he ends up being absolved of personal financial liability.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back