Laptops are the devices people most commonly picture when they think of wireless LAN end devices. Laptops are able to perform all the same functions as a desktop computer. Many people prefer laptops to desktop computers because they are small, portable, and convenient. Once the wireless industry took off, the laptop industry started to see the benefits of going wireless. More and more consumers also began to see the benefits; they could browse the Internet from their couches or anywhere in their homes without the inconvenience of wires. Today, the majority of laptops come with a built-in wireless adapter. Laptop computers connected to wireless networks face not only the security threats all network connected computers face, but also the added threats from wireless access.
One example of a threat that wireless laptops face is a hotspot. Using a laptop on a hotspot might seem safe, but the truth is, it is far from safe. The way most computers communicate on a network is by network protocols; some of these protocols were made back in the early days of the Internet itself. The age of these protocols can lead to a host of security issues. This is magnified when using a hotspot, especially one that does not use encryption. These older protocols are more exploitable in a wireless environment than in the physical media of a wire.
Picture the following example of how wireless laptops are at risk. A person goes to his local hotspot. It could be in an airport, coffee shop, bookstore, or practically anywhere. The laptop user fires up his laptop and connects to the network. The user fills out the security information necessary to gain access and the hotspot proxies all his requests to the Internet. Because the hotspot is doing the security at the access point, the airwaves are not secure in any fashion. If a hotspot vendor was to secure the airwaves with some form of encryption, it would be more of a risk to the vendor than an advantage for its customers. If the hotspot vendor says his network is secure and an incident happens, the vendor could be at fault and liable for all damages. Because of this liability, most hotspot vendors protect only Internet access and leave the airwaves open.
Now that the laptop user has connected to the Internet, he will most likely want to retrieve his e-mail. The most common e-mail retrieval protocol is POP3 so one assumes that is what he uses. The POP3 protocol has quite a few security deficiencies; for example, it sends the username and password in cleartext. This means that anyone in the area using a network sniffer can capture the username and password of someone else downloading mail. Once the name and password have been captured, the attacker is able to log into the laptop user’s mail system and read, write, or delete his e-mail. Other protocols have problems similar to POP3.
