Filed under: Analysis / Opinion, Airport, Security
"Free Public WiFi" on a plane = XP wireless goof
The initial error was mine: I was running XP (in Boot Camp) before I got onboard, and forgot to reboot in Mac OS X (where my iTunes library of "hey kids, let's keep quiet while the other passengers sleep!" videos lives) prior to the flight. Once we reached cruising altitude, I fired up the MBP and quickly went to turn off my Airport card, as all good Americans must do... and what on Earth (or high above it) is that "Free Public WiFi" peer-to-peer network doing on a PLANE?? Someone is not paying attention!I had seen these "Free Public WiFi" peer-to-peer networks around before, usually in airports, and had ignored them as malware honeypots; the truth is apparently a little less malicious but still pretty scary. It seems that our friends in Redmond have (since Jan 06) some strangeness in the wireless network management routines under XP; any WLAN that a Windows machine joins gets 'echoed' back out as an ad-hoc SSID if the machine can't find the previous connection (an implementation of RFC 3927).
David Maynor, of "MacBook WiFi Hack" fame, posted on the quirky fun back in January, as did Brian Krebs. The result of this 'feature' is that certain bogus SSIDs spread in viral fashion wherever large numbers of Windows laptops congregate. Machines may be joining the same ad-hoc network unintentionally, and a malicious user could attempt exploitation of those machines without warning.
Reason #2048 why I love my Mac: wireless security flaws in OS X are obscure, debatable and mostly academic, not readily visible in every airport and bus terminal.

![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)


Reader Comments (Page 1 of 1)
jeremy burnich said 1:24PM on 2-23-2007
I have seen the same thing on the Metro North Commuter Railroad in CT/NY. I thought it was the most bizarre thing. It's there pretty much every day too - at least when I and the other party make the same train. At least now I have an explanation!
Reply
beercake said 2:13PM on 2-23-2007
Actually there are (or better: were) some airlines who offer(ed) WLAN access in the airplane itself: Lufthansa and Singapore Airlines among others - sadly the provider of those services (Boing I believe) went out of that business, because the whole setup was very expensive...
Anyway, it was cool to chat with people and send webcam pictures while in the air :-)
Reply
Nate said 2:24PM on 2-23-2007
Did you mean David Maynor?
Reply
Mark Studdock said 2:59PM on 2-23-2007
I had wondered about that. At my university sometimes I have seen p2p networks named the same as the university network in areas where I know there is no university wireless. I had thought it might be something malicious... this helps me feel a little more at ease.
Reply
marc cardwell said 3:32PM on 2-23-2007
i saw that too, in chicago, as i recall. there was a notice at the airport that warned that these were bogus wireless networks and that was why they charged for wireless: they were just protecting me.
Reply
JeffDM said 7:21PM on 2-23-2007
I think that Symantec logo shown in the screenshot is a greater menace to the Mac.
Reply
Jordan said 7:24PM on 2-23-2007
"I had wondered about that. At my university sometimes I have seen p2p networks named the same as the university network in areas where I know there is no university wireless..."
Wow. I have the exact same thing at my university too. Maybe its propagating in a similar fashion.
Reply
tk2k said 9:52PM on 2-23-2007
I saw this happen to me TODAY at the chicago airport, I had no idea what was going on!
Reply
Jeremy Seitz said 10:40PM on 2-23-2007
I was reading the NMRC article you link to that covers this issue. This paragraph regarding 3927 had me rolling:
"There is a warning about using Link-Local with wireless LANs due to the lack of physical security in RFC 3927 section 5 paragraph 3, but unfortunately Microsoft failed to properly heed this warning in spite of co-authoring the RFC."
Reply
Drupa said 9:00PM on 2-25-2007
I've seen that network in the air on several occasions. I've even attempted to join to see what happened - nothing of course. The Conexion system offered by Boeing was amazing. I had iChat at 30,000 feet from D.C. to Japan on ANA. My speeds were better than DSL and during my 12 hour flight, I had not connection issues. It was a quality service. I've wondered if it was a terror / security issue or something else which drove it away. It wasn't terribly expensive and everyone I knew who experienced the opportunity to use it was happy to pay for it. It just didn't make sense to turn it off. There must be a deeper back-story.
Reply
Michael Rose said 10:23AM on 2-24-2007
#3 -- yes, sorry, updated the post.
Reply