Wireless Security

Global WiFi Hotspot: FON

No, the SSID for this one is not “linksys”, its a new company called FON who just got some major investment from Google & Skype.
So here’s the deal, you take DD-WRT and hack it up so that they any Linksys WRT54G/GS/GL series 2-4 router running it can be part of the global hotspot network. Anyone who has an account can associate to one of the access points and gain access to the Internet. Cool huh? There are even different types of setups. You can be a Linus, a Bill, or an Alien:

A Linus is any user who shares his/her WiFi in exchange for free access throughout the Community wherever there is coverage. A Bill is a user who, instead of roaming for free, prefers to receive 50% of the fees that FON charges to Aliens. And Aliens are those users who do not share their WiFi access and therefore must pay FON a modest fee every time they connect through a Fonero access point.

I think this is a great idea, however it is severely flawed at the moment in my opinion because while they offer identification (username/password) they do not use encryption by default. It would be most excellent if they could implement this system using WPA(2) enterprise for encryption/authentication. Of course, they would then have to choose and EAP type (like PEAP or TTLS) which would be more difficult to configure and/or require a third party client. For example, you can get a free EAP-TTLS client for Windows called SecureW2, and OS X comes with an EAP-TTLS client, and is my recommendation for enterprise WPA at this time.

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.