Piggybacking
Piggybacking refers to access to a wireless Internet connection by
bringing one's own computer within the range of another's wireless
connection, and using that service without the subscriber's explicit
permission or knowledge.
During the early popular adoption of 802.11, providing open access points for anyone within range to use was encouraged to cultivate wireless community networks, particularly since people on average use only a fraction of their downstream bandwidth at any given time.
Recreational logging and mapping of other people's access points has become known as wardriving.
Indeed, many access points are intentionally installed without security
turned on so that they can be used as a free service. Providing access
to one's Internet connection in this fashion may breach the Terms of
Service or contract with the ISP. These activities do not result in sanctions in most jurisdictions; however, legislation and case law differ considerably across the world. A proposal to leave graffiti describing available services was called warchalking. A Florida court case determined that owner laziness was not to be a valid excuse.
Piggybacking often occurs unintentionally, since most access points are configured without encryption by default
and operating systems can be configured to connect automatically to any
available wireless network. A user who happens to start up a laptop in
the vicinity of an access point may find the computer has joined the
network without any visible indication. Moreover, a user intending to
join one network may instead end up on another one if the latter has a
stronger signal. In combination with automatic discovery of other
network resources (see DHCP and Zeroconf) this could possibly lead wireless users to send sensitive data to the wrong middle-man when seeking a destination (see Man-in-the-middle attack). For example, a user could inadvertently use an unsecure network to log in to a website, thereby making the login credentials available to anyone listening, if the website uses an unsecure protocol such as HTTP.
0 comments:
Post a Comment