U-Fi insecurity


By Calder Phillips-Grafflin

How many of you use Union’s Wi-Fi network on a daily basis? How many of you use it check your email, Facebook, or Twitter accounts? “U-Fi” as the service is officially known, is certainly one of the most important pieces of infrastructure on campus. However, it has a fatal flaw that needs addressing, and that is its security. More precisely, it is the lack thereof. This is 2011, more than a decade after the first Wi-Fi security systems appeared, and it is fundamentally inexcusable for anyone, let alone Union, to run an unsecured Wi-Fi network.

Why does security matter? After all, security isn’t something that you can see. It isn’t something that necessarily makes your life simpler, and it certainly isn’t always easy. However, when you use an unsecured wireless network, any and all data you transmit over the network can be seen by other users. This has always been true, but it’s only recently that it was easy to access this data.

Late last fall, a Firefox plugin called Firesheep was released. Firesheep allowed users easily to identify and manipulate data from other users. In fact, it took only a few clicks of the mouse for a Firesheep user to access the Facebook and Twitter accounts of other users.

The good news, though, is that it isn’t hard to fix this problem. Ever since Wi-Fi was created way back in 1999, it has supported some sort of security. All 802.11-compilant (the technical specification for Wi-Fi) devices ever produced have supported at least the baseline of wireless security, called WEP.

A newer standard callled WPA2 has been supported since 2004 and required since 2006 for all new devices. WPA2 provides security comparable to that of using a wired Ethernet connection based on the proven AES encryption standard. It doesn’t take much to use WPA2; all laptops produced since 2006 almost certainly support it, and likewise, any desktop wireless cards support it too. Similarly, any Wi-Fi network infrastructure, like access points and routers, made in the last five years will support it.

If any of the networking hardware on campus doesn’t support WPA2, it should be replaced; keeping some old equipment to save a few bucks at the cost of security is extremely irresponsible and dangerous. In addition, since network access is controlled separately, the password for such a system needs not be secret or complicated. It could, in fact, be as simple as “unionwifi” and it would provide the same high level of security.

Wi-Fi security isn’t just an academic problem; it’s a very real security problem that threatens both Union students and faculty. Especially given the release of tools like Firesheep, this is no longer a problem that can be ignored. Given that wireless security has been available for over a decade, it is inexcusable that Union does not provide some sort of security. Providing security to U-Fi users will certainly take some time, and yes, time is money, but the expense is well worth the increase in security. It is long overdue.


Leave a Reply