cancel
Showing results for 
Search instead for 
Did you mean: 

BT Wifi, Hotspots, Multiple Devices and Security

johntclinton
Member

As a Total Broadband small business user recently migrated to Infinity from long-standing standard broadband, I set about accessing BT Wifi (Openzone as was) only to realise that my old voucher-based credentials had now expired.

 

Today I have spoken to Broadband Business Support and a couple of people at BT Wifi.

 

It seems that in order to access BT Wifi, I have to log in using my primary email address and password. No alternatives, no vouchers, no flexibility.

 

My primary email address also happens to be my main email address (coz that's the way BT set things up for me initially...) and I am more than a little concerned about the security implications behind all this - especially if I want to use BT Wifi from multiple devices and multiple users.

 

It seems to me that the old voucher-based approach was inherently more secure (well, at least it would not force me to compromise my main email account and/or BT Account) - and a much more customer-oriented solution.

 

We all know the storied of hackers using public wifi access points to get their hands on personal information, yet with this particular approach, BT seems to be forcing us to choose between operating securely or taking a chance on BT Wifi.

 

Yes I know there is a VPN option, but that only works on selected platforms.

 

Am I the only person to have these concerns, or have other bright individuals already worked out a better way of doing this ?

 

Thanks,

John

12 REPLIES 12

johntclinton
Member

Should have added - that BT Wifi support say that a solution to this issue for consumers is fairly imminent, but could give no guarantees for business customers

Sogo7
Grand Master

Rougue access points are becoming more of a problem I agree but so is the 'legitimate' data harvesting by Public Wifi providers that folk agreed to in the terms of service when signing up.

 

From a security perspective you should not have any employees using public WiFi hotspots for works business  no matter how far up the company food chain or technically savvy they think they are.  For many Internet, IT & security based companys who employ remote workers it's actually an instant dismissal offence such is the severity of the threat.

 

Rember it's not just the URL of any sites you visited, a WiFi access point be it good or evil  has the ability to read all a users  keystrokes, login fields, non https cookies and heaven forbid you are using an outdated web browser because that can be made to reveal your entire web surfing history. Cache poisening is another nasty little habit that allows the hotspot providers to continue collecting this data when you go online at home or elsewhere with the same device. (Note: none of these above exploits will be stopped by Antivirus software) On top of all this there's probably vulnerabilities in the computers Operating System that a rougue wifi point could exploit to gain access to everything stored on the users machine.

 

However if they must connect then a using a VPN to the office network via "the cloud" [ thecloud.net ] Free WiFi network would be a  solution that removes the need to distribute your email address & password and it should work on all platforms (Apple's mountain lion was having some furballs but that's supposed to of been patched) 

 

In addition ideally Javascript, Java and any Flash plugins should also be disabled whilst connected and it's always good practice to clear both cookies and cache at the end of the session.

 

 

Lovelogic.net UK Jobs Scanner

johntclinton
Member

Thanks for the interesting reply and advice, Sogo7, which certainly appears a better alternative to what is being provided by BT.

 

Would one of BT's wifi security experts not care to comment on the security implications of using email login and password details to access wifi hotspots ?

 

John

johntclinton
Member

No interest on the part of BT in responding to a customer's concerns over the security implications of a BT service ?

markp
Grand Guru

Hi John,

 

You are correct about the old vouchers, as you have resigned onto a new BT Business BB product, the @btconnect.com is now your login username and password to access BT WiFI.  Previously, you would have had to use a voucher which expires every 12 months and had to call the helpdesk to get it renewed as the vouchers were not linked to your broadband account.

 

At the moment BT Business have no there is no multiuser access for BT WiFi, only the account holder gets free and inclusive wi-fi access, everyone else needs to purchase access via www.btwifi.com, where we have a range of vouchers and subscription products available.

 

We provide a public wi-fi network. Whilst we do encrypt the authentication, the customer chooses to use the network knowing that it’s open. This is standard for all operators of public wi-fi in the UK and comes with the territory of providing an ‘Open’ wi-fi network for public access. To protect customers, we provide a free VPN security software download that customers can install on compatible devices.

 

 

Regards

 

Markp

johntclinton
Member

Thank you for replying, markp.

 

When I look at your product description, and the details of the package I am purchasing, they say "unlimited wifi" and "unlimited Openzone minutes" respectively. No qualification, and certainly no "single user" restriction.

 

Surely this is not another case of BT's marketing being lax with accuracy ? I would describe this as misleading at best. Please can you point me towards a statement to justify the interpretation of "unlimited wifi" that you have given in your answer above, because what you have described I would consider to be "extremely limited wifi".

 

My security concerns stem from having to use the main email address and password for the account in order to access BT wifi in the first place. That is the bit that I find troubling, especially given how easy it is to "fake" a wifi hotspot in order to harvest information. That's the aspect I would like BT to comment on...or better still, to offer an alternative that is inherently less risky.

 

Thank you,

John

andyt22
Power User

Not sure if this is relevant but if I try to connect to a bogus wireless acess point posing as a BT Wi-Fi hotspot using the BT Wi-Fi app on my Android phone, the app warns me the that the hotspot is not a recognised BT hotspot and I simply abandon the attempt.

 

Try connecting to BT Wi-Fi on the London-bound platform at Teddington BR station and you'll see what I mean.

 

Andy

silvesta001
Member

You should have to very careful when you are using public Wi-Fi hotspot. It is very common in a daily life, you have to learn everything about Wi-Fi hotspot. Sometimes, it may also steals your personal information because there are so many hackers waiting for you to get your information and then harm you. You read the post ' How to protect from public Wi-Fi Hotspot'. 

alice123
Member

Wi-Fi hotspot in some of the public places like airports, hotels, libraries, coffee shops and other public places are useful, but most of the time they are not secure enough. If you connect to such Wi-Fi network and send messages via website or mobile apps then it might be accessed by someone else. So you have to be very creful while using Wi-Fi network at public places because it nmay harm you very badly if you don't take this issue very seriously.