One of the most common habits of those who connect to a wireless network at their office is that once computers have gained their first connection to the wireless network, they select the option for the machine to auto-connect every time in future as well. In the world of the hacker and spoofer, however, this habit of convenience is very often an open door for outside access.
The spoofer simply sets up another network in the same geographical area as the business WiFi network and uses a stronger signal that also allows automatic, non-password protected connections. Next thing is that Joe turns on his laptop in the morning and while sniffing around for a second, it connects to the spoofer’s network instead. Joe has his internet connection and begins work as usual. The spoofer notices the connection to his network of a new machine, and busily goes about accessing it and, worst of all, begins to raid the files and information on Joe’s laptop–all without Joe’s knowledge. With a bellyful of personal or corporate or private data (possibly including passwords to the actual WiFi network in Joe’s office), the spoofer drives away.
Joe’s laptop drops signal for a second, re-establishes a connection with his correct network almost instantly and Joe wonders a week later when a competitor has somehow suddenly stolen away most of his previous customers.
Poor Joe, or Joe’s assistant, or perhaps even Joe’s boss — any of their machines could have been accessed in precisely the same way.
IT Administrators should set up their WiFi networks so that there is no way anyone can connect to the in-house network without manually entering that network access password every time. Although it may take a second to re-enter a password each time, the level of security it demands is a small price to pay.
It certainly beats the thousands of dollars — or much more — that could be lost just because of a lazy habit that is so very easy to cure.