Jason Palmer, CPA, CITP

Cyber Insurance Auditing

You are here: Home / Archives for wi fi

Hurricane Tech – Make your Smartphone a WiFi Hot Spot with Tethering

By Leave a Comment

WiFi TetherWhen the Power is out, if you do not have a Generator, access to the Internet through your home or office Wired or WiFi Router will be out as well.  Fortunately, Smartphones and many WiFi capable devices such as iPad’s, eReader’s, and Notebook Computers can run on Battery Power when Electrical Power is not available.

A technology called “Tethering” allows many Smartphones to share their Internet data connection capability through the embedded WiFi in the Smartphone.  This enables the Smartphone to become a mobile Hot Spot, similar to a MiFi so that any other WiFi enabled device, like your WiFi only iPad, eReader, or Notebook Computer can access the Internet through your Smartphone.

(For more details on mobile data Internet connections, see my article “Mobile Communications Technology Overview”.)

In many cases the Cellular Carriers such as Verizon, AT&T, and Sprint charge an extra monthly fee for the Tethering capability and a separate Data Plan for the additional usage.  This is especially true if your phone has a grandfathered “Unlimited Data Plan.”  Verizon requires Unlimited Data Plan users to have a separate data plan for Tethering.  With the new Verizon Share Everything Plans, the Data usage and Tethering capability are included and you only pay for the Data you use across all of the devices on your Share Everything Plan.  With other Carriers you may still be required to pay an extra fee for the Tethering capability of your Smartphone.

However, every rule has its’ exceptions.  With certain Smartphones based on the Android mobile operating system, (that would be most phones that are NOT iPhones, Windows based, or Blackberry’s), “unofficially” no additional fee is required.  At Verizon, it is official, based on the FCC Tethering consent decree in July 2012. You need only to browse the Google Play Store, searching on the word, “Tethering” to download an “App” that can turn the Tethering Feature “On” for you.

To clarify:  If you have either a 3G or 4G Tiered Data (like the Verizon Share Everything Plan or AT&T Mobile Share Plan), you can download any number of 3rd Party Apps which will enable your Android to Tether and become Mobile Hot Spot.  Unlimited Data Plan Users technically still need to pay Verizon or AT&T a Tethering Fee and have a separate data plan.  You should call your Cellular Carrier to verify the usage terms of your Agreement.

Be advised that right now some of the Carriers seem to be ignoring this grey area of the usage policy but that is subject to change. Keep in mind that the Carrier will absolutely know if you are sharing your Smartphone Data capability using Tethering – so you have been warned.  It is possible that you could get a call or letter from your mobile phone Carrier stating that you need to pay an additional fee or purchase an additional data plan.

A Special Note for iPhone Users:  If your iPhone supports Tethering, (IOS 4 or later), you may need to use either the USB Charging Cable or pair the Notebook Computer with your iPhone via Bluetooth to use the Internet capability of your phone with your Notebook Computer.  If you have an iPhone5, then you can definitely Tether via WiFi as described above. IOS 6 has a built-in App for turning the iPhone5 in to a Mobile Hot Spot. (Apple prefers to call it a “Personal Hot Spot.”)  If you use the native Apple IOS 6 App, you will definitely need either one of the NEW Mobile Share Plans from AT&T or the one of the NEW Share Everything Plans from Verizon or similar plan from your Carrier.

Securing the Home Network – Wi-Fi® Protected Setup™

By Leave a Comment

Almost every modern day Wi-Fi® Router and Access Point supports Wi-Fi® Protected Setup™ which is an optional hardware method for quickly enabling security on a Wi-Fi® network.  As you may recall, you have the option of manually naming your network with an SSID (Service Set Identifier) and specifying the specific password to be used by devices to connect. (See my article on “Securing the Home Network – Wi-Fi® Security.”)

Using the hardware based Wi-Fi® Protected Setup™ can be much faster than going in to the setup pages of the Router or Access Point.  It is far simpler and easier to “press a button” than to have to navigate through the configuration screens or even use a vendor provided setup program.  This does assume that all of the Internet enabled devices that you want to connect to your Wi-Fi® network support the Wi-Fi® Protected Setup™ feature.

To create a secure connection using Wi-Fi® Protected Setup™, you press a button (appropriately marked on the Router or Access Point), it usually flashes for a short period of time and then you press the equivalent Wi-Fi® Protected Setup™ button on your Internet enabled device or click on a soft button in the configuration screen of your Internet enabled device. Either way, in a matter of minutes, you have created a random SSID (network name) and random passphrase using WPA2 secure encryption to create a connection between your Router or Access Point and your Internet enabled device.

An alternative implementation of the Wi-Fi® Protected Setup™ is a predetermined “Personal Identification Number” (PIN) code that is usually printed on a sticker on the Router or Access Point.  If the Internet enabled device you want to connect does not have a Wi-Fi® Protected Setup™, you can enter in the PIN code from the sticker on the Router or Access Point in to the appropriate setup screen and accomplish the same automated setup.

In some cases, especially with Verizon FiOS Wi-Fi® Routers, both the SSID (network name) and Password (Passphrase) are written on a sticker attached to the Router.  No additional configuration of the Router is necessary.  You simply enter in the predefined SSID and Password to your Internet enabled device (Home Computers, Printers; Cell Phones, Tablets, Gaming Computers and other Internet enabled devices like Blu-Ray Players and Internet enable Flat Panel TV Sets), and you will be securely connected to your new Wi-Fi® network.

Security Note:  Unfortunately, in December 2011 a gentleman named Stefan Viehböck determined that the Wi-Fi® Protected Setup™ PIN could be guessed in a brute force attack of a Wi-Fi® Protected Setup™ Router or Access Point in an average of four hours.  This is due to a design flaw that enables an attacker to know when the first half of the eight digit PIN is correct.  Since there is no lockout after failed attempts at guessing the PIN, the attacker can more easily determine that the first half of the eight digit PIN is correct.  In addition, the fact that the last digit is checksum for the other seven digits, it takes only approximately 11,000 attempts to crack the PIN code completely.  For more details, read the United States Computer Emergency Response Team (CERT) Vulnerability Note: VU#72355 and Alert (TA12-006A) “Wi-Fi Protected Setup (WPS) Vulnerable to Brute-Force Attack”

It is for this reason that CERT recommends that Wi-Fi® Protected Setup™ NOT be used and that it be specifically “disabled” in the affected Routers and Access Points.  A few manufactures have corrected the design flaw and updated the firmware (programming) in their Routers and Access Points but many have not.

Keep in mind that your Wi-Fi® Router or Access Point would have to be the target of a specific attack for this to be an issue.  More likely, you would be the target of someone randomly testing their hacking skills than of someone specifically trying to gain access to your home Wi-Fi® network.  The risk of your Wi-Fi® Protected Setup™ is minimal.  To be absolutely safe, turn off the “Wi-Fi® Protected Setup™” completely and manually configure your Wi-Fi® Network Security.  (See my article on “Securing the Home Network – Wi-Fi® Security.”)

Securing the Home Network – Show me your MAC ID please

By Leave a Comment

Every network device has a MAC (Media Access Control) address.  This unique twelve hexadecimal digit identifier is similar to either a phone number or social security number for your network equipment.  No two should ever be identical.  This number is usually stored permanently in the device.  It is usually displayed on a label on the device in the form of: 00:23:6C:7F:38:43 or it can be displayed in the network information screen of the device.

If you want added assurance that only devices with “proper id” are allowed on to your Wi-Fi®  network, you can explicitly enter the MAC address of each of your Wi-Fi®  connected network devices in to your Wi-Fi® Router or Access Point, such as your Wi-Fi® (or Wired) Home Computers, Printers; Cell Phones, Tablets, Gaming Computers and Internet enabled devices like Blu-Ray Players and Internet enable Flat Panel TV Sets.

Even if a user has the proper SSID (Wi-Fi® Network Name) and Password, if the MAC address is not listed in the table in your Router or Access Point of “permitted MAC addresses” access will be denied and the device will not be able to connect.

The ability to configure MAC address restrictions is usually in the “Advanced Security Setup” area of your Router, Access Point, or Switch.  Almost all Wi-Fi® Routers and Access Points support MAC Address connection tables and restrictions.

Only higher end Wired Routers and Switches offering some form of Management have the MAC Address restriction capability.  Not to worry, the likelihood that someone you don’t know is directly plugging in via a “Wired” connection to your network in your home without your permission or knowledge is very small.

Technical Note:  In some cases, there are legitimate reasons why a network device would broadcast a MAC address different from the one permanently assigned.  This is called MAC Spoofing.  Some earlier Internet connection types required that the Cable or xDSL modem, the device that converts the signal from outside your home to Ethernet, be in “bridge” mode, or for all practical purposes, invisible.  In these situations, the Cable or xDSL modem would actually broadcast the MAC Address of your Computer instead of its’ own MAC Address.

Security Note:  MAC Spoofing can also be used for bad purposes and is not a fool proof security method.  It is just an added layer of security.  Even if you have a MAC Address permission table set for both your Wi-Fi® Router and any Access Points, almost anyone, with a reasonable amount of skill, can Spoof, or duplicate a legitimate MAC address which could allow them access to your Wi-Fi® network PROVIDED THAT they also know the correct SSID (network name) AND Password.  That is three layers of security instead of two.

In general, if you are extremely concerned about securing the access to your Wi-Fi® enabled network, setting the MAC Address of each Wi-Fi® enabled device in your Wi-Fi® Router and/or Access Points for your Primary (“Private”) Wi-Fi®  network will provide an added level of assurance that only legitimate, authorized devices are connecting to your network.  (For a discussion on Primary/Private vs. Secondary/Guest Wi-Fi® networks, see my article, “Securing the Home Network – Guest Wi-Fi® Networks”)

Verizon Share Everything Plan Review

By 1 Comment

Verizon Wireless, on June 28th, 2012, will introduce the “Share Everything” Plans.  For the first time up to ten devices that use 3G/4G data, such as smartphones, tablets, cellular data cards,  MiFi’s, and JetPacks  that are under one billing account can share a bucket of data ranging from 1GB to 10GB at a cost for the data portion of the plan of between $50 and $100.  An added benefit is that the fee for turning a smartphone in to a Mobile Hotspot has been eliminated as well.

A significant change in the new Share Everything Plans is that all phones will now have unlimited voice minutes and unlimited text messages.  Other features of the plans are standard and straightforward:   No Domestic Roaming or Long-Distance Charges;  Basic Voice Mail with Message-Waiting Indicator, Caller ID, Call Waiting, 3-Way Calling, Call Forwarding and No Answer/Busy Transfer; Access to personal email3 and corporate email4 (using Exchange ActiveSync® or Lotus Notes Traveler) is included with data allowance, if supported by your device – Data charges apply and coverage varies by area for all voice and data features.

The plans work as follows:  For each type of device, Smartphone, Basic Phone, Data Device (JetPack/MiFi, Embedded Cellular Data Card or USB Cellular Stick), and Tablet there is a Monthly Line Access charge ranging from $40 down to $10.  Then add a Shared Data Monthly Access Charge of between $50 and $100 for between 1GB and 10GB of data for all of the devices on the account to share.  Remember, all plans now include unlimited voice minutes (local, regional, and long distance) and unlimited text messaging.

Verizon Wireless is also offering a Data Only version of the Share Everything plan which includes from 4GB to 10GB of Data for as low as $30 up to $60/month for up to ten data only devices on a single wireless subscriber account.  And, for the customers that have Basic phones – 700 voice minutes – no text and no data allowance at $40/month and unlimited voice, unlimited text with 300MB of data for $70/month.

For full plan details, view the PDF file here.

To use the Share Everything Plan Tool Calculator to help determine which plan is right for you, click here.

Short Recommendation:  In general, even if you presently are grandfathered in with an unlimited data plan on your Smartphone or Cellular Data Card, if you are within the industry norms of using less than 2GB of data per month, per device, and predominantly use your Smartphone or Cellular Data Device to check email, browse the web, and chat, you will save an average of at least 10% or more by choosing some version of the new Share Everything Plan.  However, if you are a heavy user of data on your Smartphone or Cellular Data Card, for example, you spend lots of time on NetFlix or downloading music, you will have to carefully review the usage on your past months bills and determine if the savings is worth the trade-off.

Recommendations and Considerations based on the type of devices and amount of usage in your current plan:

Verizon Wireless Unlimited Tiered DataDo any of the Smartphones or Cellular Data Cards presently have grandfathered Unlimited 3G Data Plans?  – If yes, then there is a lot to think about.  As more and more applications become available and our need or desire to be always connected increases, even though you may not be using a significant amount of data monthly now, it is most certainly going to increase in the future.  Verizon Wireless has stated that customers will be able to keep their grandfathered unlimited data plans, moving forward, provided that they either renew a two year agreement prior to the start of the new Share Everything Plan or if after June 28th, 2012, users purchase their new Smartphone at full retail price (or from another source).  The premise being that Verizon Wireless will no longer subsidize your Smartphone if you want to keep your unlimited 3G/4G data plan.

If you are well within your current monthly voice minute allowance, with or without the inclusion of the “Friends and Family” numbers, Free Night and Weekend Minutes, and you are using less than 1GB to 2GB of data per month and  do not expect your usage pattern to change and would like a subsidized Smartphone when your current agreement renews, then you will most likely save money by switching to the Verizon Wireless Share Everything Plan.  However, if you have recently discovered NetFlix or YouTube or have decided to start to use your Smartphone as an MP3 Player and are starting to download a significant numbers of movies, videos, and music, stay with your unlimited data plans for as long as Verizon will let you do so.

Verizon Data Tiered GraphAll of your Smartphones, Tablets, and Cellular Data Cards are already on a Tiered Data Usage Plan:  This is the much simpler case.  Most people will immediately save because all voice minutes and texts are unlimited and all data usage across up to ten of your devices is combined in to one data tier.  No longer will you be paying for data you do not use.  Right now, many customers have a Smartphone – which has a tiered data plan, and a MiFi or JetPack (for WiFi to Cellular Data Access) for their WiFi Tablet or WiFi capable notebook computer.  (Or, in some cases they have their Smartphone enabled as a HotSpot instead of using a MiFi/JetPack and are already sharing the monthly data allowance of their Smartphone – which is not considered in this example but would not significantly affect the math.)  Since the new Verizon Share Everything Plan includes Smartphone HotSpot capability for free, the Smartphone can replace the MiFi, JetPack, and/or Cellular Data Card for your WiFi devices that need access to the Cellular Data Network.   Instead of maintaining two separate 2GB tiered data plans at $30/month each, with the new Verizon Share Everything Plan, you could have just one 2GB plan for both devices.  This does assume that one of the two devices sits idle most of the time and that the total data usage of both devices is presently under 2GB/month.  Even if you select the exact same amount of data at 4GB for $60/month, at first it appears there is no benefit – until you add in the fact that now all voice minutes and texts for your Smartphone are unlimited.   Even if you were a mid-level voice plan, presently at $90/month for 900 minutes, the new cost for the Monthly Line Access would drop to $40.

Here is the math for a customer with One Smartphone with 900 minutes, 1000 Text Messaging Plan and a 2GB Tiered Data Plan, along with a MiFi/JetPack also with a 2GB Tiered Data Plan:

Smartphone Voice Plan w/900 Peak Minutes at $90/month, 1000 Texts  at $10/month, 2GB Data at $30/month and MiFi/JetPack with 2GB Data at $30 Month – Total of $160 exclusive of Taxes and Fees.

The same exact configuration under the new Verizon Share Everything Plan would be:

Smartphone Monthly Line Access at $40 with Unlimited Voice and Text Messaging, MiFi JetPack Monthly Line Access at $20 and a 4GB Shared Data Tier at $60 – Total of $120 AND a $40 Savings over your current plan.

You can save an additional $20/month if you use the  Smartphone HotSpot capability of your Smartphone and retire the MiFi/JetPack.

Exclamation ManIMPORTANT:  The above example is based on the current voice and data plan pricing for relatively new subscribers based on information published on the Verizon Wireless web site as of June 14th, 2012.  Many customers may have grandfathered Nationwide Access, Friends and Family, Family Share, or similar plans that had excellent promotional pricing that are still in effect.  For example, at one time Verizon Wireless offered 250 Text Messages for $5/month.  And some of the earlier versions of Family Share plans were $10 to $20 less expensive than the current offerings and had different buckets of voice minutes amounts.  It is critical that you review your billing for at least the past six months to verify the usage patterns and actual number of voice minutes, text messages, and data used to make an educated decision if switching to the New Verizon Wireless Share Everything Plan makes good economic sense.  This information along with additional tools to help you perform the analysis of your current Verizon Wireless usage on your account is all conveniently available at MyVerizon (Click here to access.)  You can also contact Verizon Wireless via telephone at 800-922-0204 or by dialing *611 from your cell phone.  Customer Service Representatives are available from 6am to 11pm Eastern Standard Time, Seven Days a Week, excluding major holidays.