Here is a question for you. Have you noticed a strange, non functioning, un-encrypted ad-hoc wireless network occasionally popping up on your Wifi network list in your area? Yeah, I did too. When I first saw it at work, I thought someone in the building is messing around with at-hoc networks. Good for them. Then I noticed the same network popping up at home. Then at school, in a coffee shop and other places. I talked to my co-workers who travel a lot and they too seem to notice this strange network popping all over the country. And these networks never work and disappear as mysteriously as they appear.
To sort of gauge the magnitude of this phenomenon, I decided to search for “Free Public Wifi” on WiGLE. This is what I found:
via WiGLE – see the interactive version of this map here
Bizarre. I assume some of these hits are from genuine free public wifi networks. But I have a feeling that most are not. If you click on the link below the map, and zoom out a bit, you will be able to see that these things are also popping up all over Europe and in other places of the globe too. It seems to be a worldwide phenomenon.
So I decided to investigate. After some googling, I found out a really nice writeup of this issue written by y Zaib Kaleem at wlanbook.com:
The answer to why this SSID seems to be everywhere can be blamed on Microsoft, more specifically a Windows feature called Wireless Auto Configuration (aka Wireless Zero Configuration). Wireless Auto Configuration “provides automatic configuration for the 802.11 adapters”. In an attempt to make it extremely easy to connect to WiFi networks, Wireless Auto Configuration does the following when an 802.11 adapter is enabled and starts to scan for WiFi networks. (…)
If there are no successful connections and there is an ad hoc network in the list of preferred networks that is not available, Wireless Auto Configuration configures the wireless network adapter to act as the first node in the ad hoc network (…).
At one time or another somewhere out there someone connected to a real ad-hoc WiFi network that had the SSID “Free Public WiFi”. They added this network to their preferred network list. They then traveled to a location where this WiFi SSID didn’t exist (airport, airplane, and/or hotel). They powered on their laptop with the wireless card on and Wireless Auto Configuration took over and starting searching for WiFi networks. After trying [failing to connect to any viable network in range], Windows gave up and configured WiFi card to ad hoc mode with the SSID “Free Public WiFi” (since it was a preferred network).
A second person in close proximity to the user above also has a wireless enabled laptop and is looking to connect to a WiFi network. They scan to see what is available and notice an SSID called “Free Public WiFi”….they connect to it not knowing that it is an ad hoc network. After a few seconds of wondering why they can’t surf the web they disconnect from the SSID, shrug their shoulders and move on with life. Now they have the viral SSID in their preferred list too. The next time they power on their laptop it starts to look for the “Free Public WiFi” SSID. This process is repeated in many locations across the US and world again and again. Soon this SSID is in preferred wireless networks lists everywhere spreads like a virus.
Joshua Wright likened it to a zombie outbreak in the way it has likely started with a single ad-hoc network, and now took over most of the eastern seaboard and created hot spots on the west coast, and Europe. He posted about this weird issue over a year ago, and he also did that WiGLE mapping thing. Go check out his post and compare our maps. You can clearly see how this odd infection has spread since May 07 – the difference is huge. It’s growing!
Is this wifi zombie plague dangerous? Not in and of itself, but it does create certain risk. Whenever your laptop is broadcasting the “Free Public Wifi” SSID, it is essentially revealing itself to all potential attackers. Whether or not you are actually vulnerable to an attack depends on your system setup, and security software you are running. But you clearly become a more of a target due to increased visibility. And naturally any open public wifi hotspot is arguably a dangerous place to be to begin with. This goes double for public ad-hoc networks.
Few people really use the ad-hoc functionality on a regular basis, so it is probably a good idea to configure windows not to automatically connect to them anyway. This way you both immunize yourself to this non-malicious viral wifi worm, and protect yourself from accidentally stumbling into a trap network set up by someone with malicious intent.
[tags]free public wifi, wireless, hot spot, public wifi, wigle[/tags]