The wireless access is part of a gradual rollout, to be managed by Boingo, over the next five years at stations throughout Manhattan, Brooklyn, the Bronx, and Queens.
One-click WiFi access (read: for a fee, probably $8 a month) will be available to Boingo subscribers on limited routes, as well as Boingo’s WiFi roaming partners, including Skype, Sprint, T-Mobile, and Verizon (read: free access within your subscription plan).
But what this really means is that more than 1.6 billion annual subway riders who connect to the Internet using their smartphones, e-readers, tablets, and other wireless devices while waiting for a train are potentially compromising their identities and online security.
Just as riders safeguard their purse or wallet on the subway, there is a need to think about preventing identity theft and fraud in the subway wireless world as well.
That’s because Boingo — the company behind the NYC subway wireless development — is aware that consumers risk their privacy and security in wireless hotspots.
Indeed, Niels Jonker, Boingo’s CTO, once said “open WiFi is inherently unsafe,” and with the “proliferation of unmanaged free networks and new hacker exploits, people need a tool to protect their personal information while they’re online.”
Jonker’s advice for consumers in wireless hotspots is to use a personal virtual private network to encrypt all communications. He suggested that “the single most reliable means of security when using public WiFi is a personal VPN.”
How VPNs Work
A VPN simply uses a public network to communicate securely between two points. The security is provided by encryption, and the two sides must both use the same encryption algorithm and key for it to work. This means that no one else can understand, or more importantly, modify the information being communicated.
That is important because there is no control over radio waves that are bouncing around the subway platforms and tunnels.
When you use a personal VPN like PRIVATE WiFi, it installs a small piece of software on your PC, which does the encrypting and decrypting. It connects automatically to a remote server which decrypts your communication and sends it on to the ultimate destination — whether that is an email account, a SMS user, or a shopping site.
While Private WiFi is currently available only for PCs, the same high-level security for smartphones and tablets will be available soon. Until Private WiFi offers a mobile VPN solution, it’s recommended that those in wireless hotspots disable the wireless connections on their mobile devices when they’re not using them.
Limit the sensitive information on your network and, of course, limit access to online banking or shopping sites.
Another suggestion is to check out a whitepaper from Cisco called “The Future of Hotspots: Making WiFi as Secure and Easy to Use as Cellular.”
We have warned about these kinds of hotspot attacks for years, but it is significant that Cisco agrees with our analysis. After all, Cisco is the largest manufacturer of WiFi equipment, having shipped 10 million WiFi access points to customers. If they are saying that wireless hotspots are inherently vulnerable to attacks, you can be sure that they know what they are talking about.