But what has scared me recently has been the fuss around FireSheep. To the uninitated, I suggest a quick read-up on it. Basically it allows the easy hacking of someone's web access, especially when using popular websites like Facebook, when using ordinary HTTP rather than the encrypted HTTPS option. Specifically, FireSheep enables people to snoop on their neighbours' access to various web services when using shared, open WiFi networks.
This post is not about the controversy, or the various software countermeasures to force more traffic to secure access paths, or squash the capability of the hacking tool to operate effectively.
I'm more thinking about what this does to mobile operators' 3G data offload strategies - specifically using public WiFi hotspots. There are various implications:
- Legal folks at telcos probably want to have a good think about liability issues if their software forces (or automates) WiFi access, without at least warning users about the risks.
- There is an opportunity for operators to differentiate and add value by putting VPN or other capabilities in their connection manager clients, or custom browser variants.
- Some end-users are going to switch off WiFi or be hesitant about using it, and just stay on 3G
- Public / hotspot femtos are going to start looking more attractive
- UMA-style WiFi, or I-WLAN, which hooks back to the operator's core network via an IPsec tunnel, is going to look more attractive again
- More WiFi APs in public hotspots will probably shift to WEP/WPA encryption, making logon and authentication more of a pain (expect more support calls from confused customers)
This is too important to overlook, I think.