Dangerous, fake public Wi-Fi lives on in XP

Pirates may be the reason that omnipresent but bogus wireless networks have spread across the world using the empty promise of free internet access still exist, despite patches to stymie their expansion.

(Palming card trick image by Steven Depolo, CC 2.0)

These fakes, often labelled as Free Public Wi-Fi, hpsetup and tmobile, are open ad-hoc or computer-to-computer networks that use Service Set Identifiers (SSIDs) which appear to promise internet access. Instead they only connect curious users to the computer broadcasting the connection. Their origin is unknown, as is the time of their creation, but they have prevailed for years thanks to a surge in demand for wireless internet and slack security practices.

The phoney networks spread like fire through the network preference system within Windows XP's Wireless Auto Configuration system. The system maintains a list of preferred network connections and also rebroadcasts the SSIDs of previously connected ad-hoc networks.

A user need only create an ad-hoc network with an SSID that looks enticing, such as Free Public Wi-Fi, to have users connect and later rebroadcast the same network.

These networks don't seem to have any adverse effect on those who connect and rebroadcast them, but could easily be used by hackers to attack people.

Microsoft patched the Wireless Auto Configuration vulnerability in Service Pack 3, which also rendered many pirate editions of the operating system useless. The software giant also removed the problem in Windows 7 and Vista.

But the networks remain prevalent. Chris Gatford, director for penetration testing firm HackLabs, said users broadcasting the networks may be pirates who could not update to Service Pack 3, or simply those running outdated machines.

"It may explain why users have not installed the network patch and continue to broadcast the ad-hoc networks," Gatford said.

He said the ad-hoc connections also represent a significant security threat.

"It is a very powerful mechanism," Gatford said. "It would be trivial to have an attack configured to launch as soon as people connect to the ad-hoc wireless network."

He said he expects malware exists that is capable of exploiting the networks to steal data from users who connect to them.

Windows XP is estimated to be run on 30 per cent of personal computers worldwide, according to Gartner, with some 73 per cent of new PCs shipped this year running Windows 7.

The local prevalence of the bogus SSID "tmobile" suggests the ad-hoc networks may have propagated and travelled from the United States or Europe where the telco operates.