Wednesday, June 18, 2014

A new home security threat: compulsory wi-fi hotspots

Subscribers to Comcast need to start worrying about that company's plans to make all of its cable subscribers into wi-fi hotspots, accessible to anyone driving nearby.  Nor is Comcast likely to be alone in this;  expect every other cable provider to do the same.  It's just that Comcast is the first to publicly speak about its plans.  The Washington Post reports:

Thanks to a growing network of Wi-Fi hotspots, Comcast is arguing that it, or another company piggybacking off of its technology, could shake up the wireless industry by delivering cheaper cellular service to consumers and introducing another competitor to the market. Comcast is already rolling out the infrastructure it would need for such a push; it operates 1 million Wi-Fi hotspots around the country and plans to expand that to 8 million by year's end.

Comcast says that it has no imminent intention to launch a cellular service. But in April, the cable company raised that possibility as one of several arguments to support its Time Warner Cable purchase.

"A ubiquitous Wi-Fi network built by Comcast could make a 'Wi-Fi-first' service, which combines commercial mobile radio service with Wi-Fi, a more viable alternative," Comcast wrote in its public interest filing to federal regulators.

With the technology, Comcast could route a portion of mobile phone calls over Wi-Fi, which is easy to do from a stationary location but harder to do while a caller is in motion because the call needs to be handed off from one Wi-Fi hotspot to another. Only a few companies, such as Republic Wireless, offer Wi-Fi-first calling right now. If a large company like Comcast can figure out how to do it, it would effectively turn the cable company into a wireless company with the resources to compete with the nation's largest providers.

There's more at the link.

This means that if you have a Comcast cable modem with wi-fi capability, the company is likely to use it as a hotspot without even telling you about it, unless you explicitly shut off that capability.  Off The Grid News shows you how to do that - at least for now, unless and until Comcast takes away that option.

The problem with this is that an unsecured wi-fi hotspot is an open invitation to malicious users to grab your wi-fi feed, log into Web sites and conduct activities that might attract law enforcement interest - for example, child pornography, drug deals on 'underground' Web sites such as Silk Road, perhaps even the use of terrorist Web sites to upload or download information.  By using other peoples' hotspots, they leave no trace of their own location - and police tracking such activity will be very interested to know why it's coming from your home's IP address.  If you get a visit from Officer Unfriendly, perhaps accompanied by a SWAT team, you'll have no recourse except to deny all knowledge of what they're looking for.  The problem will doubtless be sorted out in due course - but by then your reputation among your neighbors will be in tatters, your dog might be dead, and you can still find yourself in all sorts of trouble merely for being under suspicion.

I think this is a really, really bad idea.  However, I'm sure Comcast and companies like it don't care what people like me think.  They want to make money off their network.  I expect them to make it a condition of contract that we have to allow the use of their cable modems as wi-fi hotspots, whether we like it or not - and I certainly don't!  Trouble is, if all cable companies insert similar clauses in their contracts, what alternative is left to us?



Orphan Wilde said...

Alternative view: Plausible deniability built right into your modem. With the right case, getting into the right court, internet activity/internet logs might get thrown out as the valid basis for a warrant. (That will depend heavily on the test case, sadly.)

Bart Noir said...

I hope my Comcast modem will not overheat after being tightly wrapped in several layers of aluminum foil. Actually, I need to start a company making wire mesh Radio Frequency (RF) blocking cages that neatly fit around the existing modem models.

Bart Noir
Who will be rich, rich I tell you!

Rolf said...

That's one of those "cool idea, potentially horrible side-effects" things. Basically it will give plausible denyability as OrphanWild said, but likely ONLY to those wealthy enough, or connected enough, to lawyer their way out of it, but it would allow a wide-open door to allow *framing* people, or at least making their lives hellish and expensive. It's an absolutely wonderful tool to potentially abuse by both a police state and criminals (but I repeat myself).
Bart- you make a good, effective, reasonably priced secure RF "bottle" Faraday cage for modems, with proper hatches for cables, and I'm sure you'd sell a lot. The problem is that a lot of younger people are addicted to wireless.

Rawle Nyanzi said...

Using people's hotspots in this manner is called "wardriving."

Anonymous said...

Open the modem and snip wires 1,2, 3 to the antenna(s). Get your own wifi router and lock it down so that only you get access.

Oh, and wipe the fingerprints off the case, tough they really shouldn't be a problem since "of course I touched it while dusting, relocating, etc."

Coconut said...

On the other hand, you may be required to have a hotspot for a router, but there probably won't be a clause saying that hotspot can't be in a Faraday cage.

Until someone gets caught doing it, at least.

tweell said...

I used aluminum-backed insulation on my outside walls to 'go green' (saves me green every month). The attic is the same way. Steel doors and metal shutters over my double-paned windows make a fair imitation of a faraday cage; cell phones do not work inside my house. Good luck on using my mandatory wi-fi, cable companies!

Anonymous said...

From what I have read you can opt out of being a hotspot. Additionally, the hotspot would be on a different ip addressing/subnet scheme than the one coming into your Cable Modem.


Sevesteen said...

It is probable that the hotspot IP address and SSID will be completely different than the customer IP and SSID. This is fairly standard in corporate networks--we have production, office and guest SSID's among others, all with different IP ranges and different rules, but all sharing the same access points* but using different virtual networks keeping the traffic separate.

As long as the ISP doesn't have a security issue on their equipment, shouldn't be a problem...and if they do have a security issue, this isn't likely to make it any worse.

*A home router with wifi is actually a combination of a router and a wifi access point. Larger networks usually separate the functions--we have hundreds of access points, only a couple of routers.

HeroHog said...

I killed it on my Comcast router as soon as I got the notice it was active in my area! I tried to disable it's WiFi as I have my own WiFi router downstream of their router already anyway. When will those cages be available? I'll take one please!

Alan Simpson said...

I think this ranks up there with that other EXTREMELY bad idea. I'm referring to the idea of putting kill switches i n our smart phones.