Reports that Starbucks (NASD: SBUX) will be offering free 802.11 wireless access at all US locations starting July 1st raised some speculative eyebrows with this Threat Blogger wondering about whether proliferation of open access points on a brand-name and nationwide basis will spread malware or increase the theft of identity rich account login information often transmitted across open channels. Now that this recession-busting offer will drive just about everyone needing a quick wireless connection during the summer towards the SBUX chain locations, expect that stateside cybercriminals will no doubt take note.
The move comes six months after McDonalds started offering free 802.11 Wi-Fi at just over 11,000 locations. Both of these locations combined will provide a virtual plethora of available potential victims should proper user or endpoint security precautions be ignored. And, cybersecurity being what it is, those precautions will definitely be ignored by most of us out there.
Analysis: Waterhole Not Secure – Proceed With Caution
I would treat any of these locations as being about as safe as a waterhole might be to drink at on the African Savannah: you’re part of the food chain and at risk from either lions or crocodiles before your lips touch the cool sparkling water.
On the upside, if these chains initiated a truly randomized method of assigning wireless security keys changed daily, this might be secure. But that’s a lot of money for very little benefit. It would also be a great way to spread the security evangelism necessary to inform the public – having Public Service Announcements spread across every McD’s and SBUX location, from the cardboard hot drink holders to the bottom of the receipts.
Until that day, I wouldn’t trust my access point security to a deep fryer chef or a latte barista any more than they probably would trust me to make their coffee or apple pies and nuggets.
Remedy: Use ESET Smart Security 4 Effectively:
There are options. As noted last year in an article published by ESET called Summer Surfing on Free Wi-Fi:
Choose Strict protection in ESET Smart Security 4.
Within ESET Smart Security 4’s Advanced options, use of the Personal Firewall’s Automatic mode is the best security option for open Wi-Fi usage.
- Are You Buck-Naked in a Coffee Shop? – Best Practices from Securing Our eCity and risk analysis of man in the middle attack.
- Tips for working securely from wireless hotspots – Securing Our eCity recommendations
- Fly By Wireless – David Harley’s excellent article
Securing Our eCity Contributing Writer
Update: [16:39 PDT] Privacy issue with Starbucks related to the login, but the good side is that maybe it makes up for the open access and keeps the information secure behind something substantial, not a weak WEP encryption:
- However, it should be noted that Starbucks will require each customer to log in to its Wi-Fi service and Starbucks Digital Network with a unique identifier.