Unsecured Airport Hotspots

Most broadband operators in India, also operate Mobile Networks. Recently they have started to roll out Wireless Hot-spots in public places like Airport. This will add value to their broadband customers as most have Wifi at home and they can access the service from public places while travelling.

However, there is a security concern. They use unsecured Access Points, and once you enter the network and acquire an IP address, you start the browser where you are presented with a login page. You are provided a pseudo random number, as challenge, which you send it to a SMS gateway, from your mobile. The gateway sends you the response to the challenge authentication string. You enter this string as the challenge response to gain network access. Thus your laptop/netbook's MAC address is tied to your mobile number as your identification. That is the security is enforced at layer 7 of TCP/IP.

This scheme exposes the network to hacking and through MAC spoofing, the laptop used for the attack cannot be traced. Secondly, the user (subscriber) too is at risk. For example, if the original Access Point goes down for some reason, any person with a Laptop can masquerade by displaying the same SSID and when the unsuspecting user selects the rouge access point, they can be hacked into by the masquerader.  The equipment needed for both kinds of hacking is just a laptop.

Therefore, the MNO (Mobile Network Operators) should provide a secured access like I-WLAN (3GPP TS  24.234 ).