Ask the Wi-fi Guru: Episode 40

By Aaron Weiss

October 03, 2011

Ever wonder how those free Wi-Fi networks know so much about you? Our wireless guru – that's right folks, no wires on this guy -- explains how free Wi-Fi hotspots recognize and authenticate you.

Ever wonder how those free Wi-Fi networks know so much about you? Our wireless guru – that's right folks, no wires on this guy -- explains how free Wi-Fi hotspots recognize and authenticate you.

Q: How does free Wi-Fi work? I went to my local coffee house and connected to the free Wi-Fi. I opened up a Web browser, and it asked me to accept the terms and conditions, which I did. It then let me connect to the site I wanted. I didn't not log on to any of my personal sites or use a credit card while I was there.

I cleared the browser of cookies and cache, and I closed the browser. Here's the thing; when I opened it back up, I could again browse to any sites without accepting the terms to use the free Wi-Fi again. I put a sniffer on the line, and it does not seem to be setting any cookies or other headers. How did the router know it was me, and is this a security risk? – Zack

A: Your cookies and your cache are forms of persistent storage that relate only to your Web browser. If the free Wi-Fi were basing your authorization on these, then you would lose access when you closed your browser.

Perhaps some hotspots work this way, but it would be unusual. Generally speaking, the hotspot is authorizing your whole computer -- not just your browser -- so you can use other browsers or some other network applications such as VPN, IM, email clients, and so on.

Every network device has a unique ID known as a MAC address. This is different from your IP address, which is just your temporary address on the network. Your MAC address is permanent and is actually associated with the network adapter being used.

Technically, your computer may have multiple MAC addresses if you have, say, both a wired network connection and a wireless adapter, or multiple wireless adapters (such as internal and USB).

The Wi-Fi hotspot is saving the MAC address associated with your wireless adapter. The hotspot software, which is probably built into the coffee house’s router, has been configured to give your MAC address an expiration time for however long they want your authorization to last. Depending on the location and the Wi-Fi policy, I have seen everything from 15 minutes (boo) to 24 hours (yay).

From a security standpoint, it is possible to spoof a MAC address. In fact it is fairly easy to do if you use the right software. Using a wireless network sniffer, someone could harvest MAC addresses actively communicating with the hotspot, and clone one of them. This could allow them to receive some of the traffic destined for your machine, although if you are both active at the same time it would probably just cause network malfunctions and odd behavior.

The more common scenario is for a hacker to spoof a known MAC address to access a paid hotspot. For example, suppose you are a guest at a business-class hotel and you shell out $15/day for wireless access. A neighbor in an adjacent room could sniff out your authorized MAC address from your activity (if he catches you while you are active), and then when you are away, spoof your address so he gets free access.

Of course, this is stealing. In theory, he could also do bad things such as transmit illegal material, and his activities would be traced back to your account. This kind of abuse requires both proximity and good timing, but is possible.

Q: How does Windows know that “additional logon information may be required?” When I connect to a hotspot, sometimes Windows pops up this message. When I open my browser, the hotspot requires me to agree to terms or to provide a username to access the Web like at a hotel or airport. How does Windows know this? Does it know the hotspots used at every hotel? – Anonymous

A: It does seem almost creepy, doesn’t it, when Windows seems to know that the hotspot requires a login before even you do? Thankfully the answer lies in networking smarts and not anything supernatural.

Whenever a Windows Vista or Windows 7 machine connects to a network, it performs a few quick diagnostics. One such diagnostic is that it attempts to send a Web request to the address www.msftncsi.com, and it analyzes the result.

If the connection is fully working, that address returns a simple text file that Windows recognizes.

Hotspots that require a login or a terms-of-service acknowledgement capture your Web requests and redirect them to the hotspot page until you are authorized. Therefore, when Windows tries to retrieve this file, it fails due to hotspot redirection.

To be clever, Windows then performs a DNS lookup on its own website. The hotspot will resolve the address, even though it won’t let you access the site. In this case, Windows then concludes you are at such a hotspot and pops up the “additional log on information may be required” message.

If the DNS lookup itself fails, Windows concludes that there is actually a problem connecting to the Internet, and instead displays the message “No Internet access.”



Comment and Contribute
(Maximum characters: 1200). You have
characters left.