Free Public WiFi
The “Free Public WiFi” SSID seems to be everywhere – at airports, on planes, and in hotels. Based on what the SSID spells, it seems to be the perfect solution for those seeking to connect to the Internet because it is “Free”…cost nothing…”Public”…you break no laws connecting to it…”WiFi” …a few clicks and you’ll be surfing in no time.
Viral SSID
In reality, this SSID is just one of many viral SSIDs that exist anywhere people are with laptops (almost always Microsoft Windows based laptops). In almost all cases this SSID is not a real WiFi hotspot access point but someone else’s laptop in Ad-Hoc mode advertising this SSID. Why does this SSID always appear and more importantly is it harmful if you connected to this SSID?
If you connected to the “Free Public WiFi” SSID in the past, don’t worry…in almost all cases your PC is not infected with a real virus and no data was stolen. Just remember to stop connecting to random wireless networks that you can’t verify as being trusted, especially free ones!
Blame Microsoft Wireless Zero Configuration
The answer to why this SSID seems to be everywhere can be blamed on Microsoft, more specifically a Windows feature called Wireless Auto Configuration (aka Wireless Zero Configuration). Wireless Auto Configuration “provides automatic configuration for the 802.11 adapters”. In an attempt to make it extremely easy to connect to WiFi networks, Wireless Auto Configuration does the following when an 802.11 adapter is enabled and starts to scan for WiFi networks.
1. Wireless Auto Configuration attempts to connect to the preferred networks that appear in the list of available networks in the preferred networks preference order, if the preferred networks are configured to automatically connect (the Connect when this network is within range checkbox is selected on the Connection tab for the properties of the preferred wireless network).
2. If there are no successful connections, Wireless Auto Configuration attempts to connect to the preferred networks that do not appear in the list of available networks, in the preferred networks preference order. This is done so that a Windows wireless client can connect to a hidden wireless network, one that is either not broadcasting its SSID or broadcasting an SSID of NULL. Configuring hidden wireless networks is used as a security measure to prevent malicious users from detecting and attempting a connection to a wireless network. However, the SSID is included in other types of wireless connection management frames and is easily discoverable by either capturing wireless management frames or using tools available on the Internet.
3. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is available, Wireless Auto Configuration tries to connect to it.
4. If there are no successful connections and there is an ad hoc network in the list of preferred networks that is not available, Wireless Auto Configuration configures the wireless network adapter to act as the first node in the ad hoc network.
The problem occurs at step #4.
At one time or another somewhere out there someone connected to a
real ad-hoc WiFi network that had the SSID “Free Public WiFi”. They added this network to their preferred network list. They then traveled to a location where this WiFi SSID didn’t exist (airport, airplane, and/or hotel). They powered on their laptop with the wireless card on and Wireless Auto Configuration took over and starting searching for WiFi networks. After trying steps 1 through 3 above, Windows gave up and configured WiFi card to ad hoc mode with the SSID “Free Public WiFi” (since it was a preferred network).
How the SSID spreads virally.
A second person in close proximity to the user above also has a wireless enabled laptop and is looking to connect to a WiFi network. They scan to see what is available and notice an SSID called “Free Public WiFi”….they connect to it not knowing that it is an ad hoc network. After a few seconds of wondering why they can’t surf the web they disconnect from the SSID, shrug their shoulders and move on with life. Now they have the viral SSID in their preferred list too. The next time they power on their laptop it starts to look for the “Free Public WiFi” SSID. This process is repeated in many locations across the US and world again and again. Soon this SSID is in preferred wireless networks lists everywhere spreads like a virus.
Can this viral SSID be stopped?
Yes, but others exist like linksys, hpsetup, tmobile, default. Any SSID that tends be the default for consumer grade access points and computers tends to become viral ad hoc SSIDs. An easy way to reduce the risk of connecting to these SSIDs is to configure Wireless Auto Configuration to only connect to access points (infrastructure networks).
1. Click on the Wireless option in the System Tray and open the Wireless Network Connection window.
2. Click on “Change advanced settings”.
3. In the Wireless Network Connection Properties window, click on the Wireless Networks tab.
4. Click on the Advanced button.
5. Click on “Access point (infrastructure) networks only”