SEOUL, Nov. 27 (Korea Bizwire) — The government will strengthen security of public Wi-Fi hotspots like coffee shops and various other public establishments by mandating an ID and password so that the incidence of personal information breaches can be reduced.
The Ministry of Science, ICT and Future Planning, jointly with the National Information Society Agency and three mobile communications service operators, will introduce an authentication scheme as a way to beef up public Wi-Fi security numbering more than 7,000 across the country.
The job to build the authentication system will be completed by the year’s end and available for use by early next year. The cost to build the system would be shouldered equally by the government and the three mobile carriers. The standard to be used for security certification is WPA2 (Wi-Fi Protected Access II) that has been adopted by the Hong Kong government.
An official with the National Information Society Agency said, “WPA2 is the latest encryption standard after WEP and WPA and offers the strongest possible security with dynamically generated keys. But it is likely the current log-in scheme will be used in parallel with the new way requiring an ID and password for the time being.”
The reason the government is trying to build up security of public Wi-Fi hotspots is that these hotspots have become targets of hacking attacks. According to The Independent, the UK daily newspaper, based on a survey on 3,349 public Wi-Fi hotspots across the world, 61 percent, or 2,048 of them, are vulnerable to security attacks.
As much as 58 percent of the Wi-Fi networks have no content filtering capability so that there is no way to find out whether a user within the network logs in to illegal sites. This is the same for domestic hotspots for which there are no security device to detect suspicious moves. That’s why Korea’s public hotspots have been used by hackers and unscrupulous operators who prey on victims in voice phishing and other scams.
Under these circumstances, the government has aggressively increased the number of public hotspots. The ICT ministry spent this year 4.7 billion won to add 4,000 more Wi-Fi hotspots to increase the total number to 7,000 and plans to increase it to 12,000 by 2017. Most Wi-Fi stations are built in areas with busy foot traffic such as village-level offices and social welfare facilities.
[NEWS & TERMINOLOGY]
A hotspot is a site that offers Internet access over a wireless local area network (WLAN) through the use of a router connected to a link to an Internet service provider. Hotspots typically use Wi-Fi technology. Public access wireless local area networks (LANs) were first proposed by Henrik Sjödin at the NetWorld+Interop conference in The Moscone Center in San Francisco in August 1993. Sjödin did not use the term hotspot but referred to publicly accessible wireless LANs.
Security is a serious concern in connection with Hotspots. There are three possible attack vectors. First, there is the wireless connection between the client and the access point. This needs to be encrypted, so that the connection cannot be eavesdropped or attacked by a man-in-the-middle-attack. Second, there is the Hotspot itself. The WLAN encryption ends at the interface, then travels its network stack unencrypted and then travels over the wired connection up to the BRAS of the ISP. Third, there is the connection from the Access Point to the BRAS of the ISP. The safest method when accessing the Internet over a Hotspot, with unknown security measures, is end-to-end encryption. Examples of strong end-to-end encryption are HTTPS and SSH. (Wikipedia)
By Sean Chung (firstname.lastname@example.org)