Receive new posts as email.
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator. Part of the FM Tech advertising network.
Entire site and all contents except otherwise noted © Copyright 2001-2010 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
TechCrunch read Apple's letter to a congressman about the kind of data it collects more carefully than most: The letter says Apple dropped Google (which was, I believe, supplying cellular tower triangulation information) and Skyhook Wireless from iOS 4, which powers the iPhone 4 and 2008 and 2009 models of iPhone and iPod touch.
Long-time readers of this site know that Skyhook Wireless has spent many years driving the streets of major cities and aggregating information provided in the form of queries from mobile devices to build a comprehensive and constantly updated Wi-Fi positioning system. While Wi-Fi isn't precise, it's not far off from GPS in urban areas.
As more mobile devices gain full-featured GPS chips and functions, Wi-Fi positioning remains important as a component in Assisted GPS (which allows a GPS to get a fix faster) and in providing an initial rapid location assessment, sometimes in a few seconds.
But location data is incredibly valuable, and owning the data is perhaps worth the price. Apple has apparently, quietly generated its own Wi-Fi and cell tower databases. It has enough mobile devices in the field with GPS receivers that it can use that information to build a comprehensive picture of most cities, I'd imagine. Every time a device queries location and sends a Wi-Fi and cell environmental scan with or without GPS coordinates, that's more data to crunch.
I thought Skyhook Wireless would have a leg up here because of Google's agreement to not scan for Wi-Fi in several countries (or perhaps worldwide) after it's data-collection debacle with Street View. And Apple's not the only fish in the pond. Skyhook has deals with many, many other platforms and providers.
At Ars Technica, you can read my long explanation of the group key weakness in WPA/WPA2 Enterprise-protected networks: The information I was given was originally under embargo, but the firm and unrelated researchers released essentially all the data except a video of an exploit in action and some of the mitigation information. Hence, the long Ars Technica piece.
Boiled down, I don't think anyone need worry about Hole196, which describes how an insider with an account on a WPA/WPA2 Enterprise network can send group broadcast packets spoofed to appear as if they originate from the access point for clients attached to that access point.
It's a hole, all right, but it requires so many particular circumstances to be met, that a spy or thief working for a company (or an outsider having gained credentialed access) would most likely have easier methods to get in--or would be detected by other means.
The best lesson I can take away from this hole? Make sure you're running virtual SSIDs if you have that option to separate guests, contractors, and others from employees; or to isolate different kinds of operations within your company.
Because each virtual SSID on an access point is treated nearly as a virtual AP, the group key isn't shared across the access point among different virtual SSID. The BSSID, or AP identifer, is unique for each virtual network on each AP.
Internet in the air isn't all about commercial aviation: NetJets, a fractional plane ownership business owned by Warren Buffett's Berkshire Hathaway, will put Aircell's general aviation Internet product (Aircell High Speed Internet) in 250 of its mid-to-large aircraft.
NetJets has a fleet of 800 jets, which are used in increments by "owners," who opt for this rather than the expense of maintaining their own planes. It's hardly a crowd that pinches pennies; dollars, maybe. It's thus a perfect audience for heavy Internet use.
AT&T has added a second location in its outdoor hotzone pilot program: Charlotte, NC's downtown is the second area to get an AT&T hotzone designed to offload network traffic from the company's 3G network and boost performance for customers. The first such hotzone was lit up in Times Square in Manhattan; a third zone is coming to Chicago soon.
The idea of a hotzone makes perfect sense for a firm that's getting criticism for being unable to meet the data needs of subscribers in some cities and neighborhoods. Wi-Fi cells can be quite small, and have much higher capacity than cell channels, while being enormously cheaper to run, partly because there's no opportunity cost related to expensive cellular spectrum licenses.
These AT&T hotzones differ from municipal Wi-Fi efforts started in 2005 and mostly abandoned by 2007. Municipal networks were typically designed to require private investment by firms to provide indoor and outdoor network coverage to 90–95 percent of a city.
AT&T hotzones will cover outdoor areas of high traffic, and work only for customers. There's no specific municipal benefit involved, and AT&T will control its deployments entirely.
It's a smart move. AT&T could likely spend less a tenth as much in high-traffic areas to add Wi-Fi as to beef up cellular. And there's only so much spectrum available, meaning that in many areas there may be no real way to enhance the 3G data side.
This is Wi-Fi as a 3G network heat sink.
The telecom behemoth is also gigantic in giving away Wi-Fi to customers: AT&T's quarterly report on Wi-Fi usage finds the firm serving 121m sessions in the first six months of 2010; that compares to 86m sessions in all of 2009. Second quarter 2010 saw 68m sessions used, compared with 15m in the year-ago second quarter. Second quarter was also a 30-percent increase over first quarter.
That's great, but you'll note that the names McDonald's and Starbucks aren't mentioned anywhere in the press release. McDonald's and Starbucks represent about 19,000 of AT&T's "more than 20,000" locations.
In January, McDonald's opened its Wi-Fi network to everyone at no cost; previously, AT&T customers (wired, DSL, fiber, remote business, and laptop 3G) got access at no cost, and so did roaming network partners. One expects that McDonald's drove part (but not all) of the increase.
Likewise, on 1 July 2010, Starbucks shifted from its modestly complicated free two hours' offer, where you needed a Starbucks stored-value card, to unlimited free service for everyone. I expect we'll see a big jolt as a response, because it removes friction for short, casual use, as opposed to longer use in which anyone who figured it out would already have been using Starbucks' Wi-Fi at no cost.
You can't disregard other factors, however. AT&T continues to add wireless, laptop 3G, and fiber customers (although I believe DSL and landline markets are static or shrinking). Those users gain free service on subscribing. And existing users rely more on using free service as available.
The couple of million iPads that AT&T sold as part of the 3m+ worldwide totally likely are part of that jump in usage. A single iPad user could consume dozens of sessions a day, either on the AT&T free locations (with a Wi-Fi only unit or a 3G iPad without an active 3G subscription), or across AT&T's network with a 3G iPad and an active 3G data plan. (The active data plan gives you access to hotels, airports, and other otherwise for-fee locations, and some roaming locations on reciprocal networks.)
Finally, AT&T switch a few weeks ago from unlimited service plans to cheaper, limited plans for new customers or those that opt to switch away from unlimited will likely mean bargain hunters like yours truly will work harder to find free Wi-Fi instead of consuming expensive 3G juice.
AirTight Networks' researcher Md Sohail Ahmad will present a WPA2 weakness primarily a problem on 802.1X networks at DEFCON18 next week: The press release from AirTight doesn't give away too many details, but I can read the tea leaves to figure out where the problem lies. There's just enough of a hint.
The problem appears restricted to WPA Enterprise (802.1X with TKIP/AES-CCMP) in practical terms, because a malicious user must have legitimate credentials to gain access to the network to exploit the flaw. With WPA/WPA2 Personal (preshared key), everyone on the network ostensibly can sniff for other users' data.
But with the 802.1X mechanism used in WPA/WPA2 Enterprise, each user after authentication receives unique keying material that renders his or her data opaque. Or does it?
AirTight said in its press release that the problem Ahmad identified is found in the name it gave the exploit "Hole 196": that refers to the last line of page 196 of the revised IEEE 802.11-2007 specification.
I digitally flipped through my copy of the spec, and found a note at the bottom of the page in question, in a section on Robust Security Network Association (RSNA) used for the 4-way handshake for authentication dealing with the group temporal key (used to protect broadcast and multicast data). It reads:
"NOTE—Pairwise key support with TKIP or CCMP allows a receiving STA to detect MAC address spoofing and data forgery. The RSNA architecture binds the transmit and receive addresses to the pairwise key. If an attacker creates an MPDU with the spoofed TA, then the decapsulation procedure at the receiver will generate an error. GTKs do not have this property."
Reading that with the notion in mind that there's an exploit around it points strongly to a way in which a malicious client could exploit this and create spoofed broadcast or multicast packets appearing to come from the TA (transmitting address) of the access point that other clients would receive. Those spoofed packets would have the advantage of coming across the same trusted network, and could contain malicious payloads and attacks.
This could be a serious exploit for corporations, government, and academic institutions that use 802.1X, and rely on the intra-network security of having one user unable to sniff the traffic of any other user. No key cracking appears involved at all; it's entirely about the position of the offending client within the network.
It seems like the fix for this would require an AP somehow sign a GTK packet so that a station (client and adapter) wouldn't accept GTKs on a network from another station. That seems like more infrastructure and a major change, although it could be incorporated into an EAP method that relies on AP/server-side certificates.
I'm sure Cisco, Juniper, and others will be all over this, because it affects their core client base. The risk isn't from outside attack, so it's not an immediate concern that script kiddies will drive up to corporate networks to attack them. Rather, it's part of ongoing mitigation of risks from employees inside a company misusing or stealing data or causing grief.
In the short run, using a VPN tunnel within an 802.1X session might allow malicious disruption but not data interception. Unless, perhaps, DNS poisoning and SSL/TLS certificate authority spoofing were involved.
As I predicted, Google won't be sucking down Wi-Fi signals in its future Street View efforts in some countries: After the debacle of Google first saying it wasn't collecting data from Wi-Fi networks, only scanning for readily available public information, and then discovering and admitting it had stored information, the company is taking a different tack.
It's restarting Street View photography in Ireland, Norway, South Africa, and Sweden, but vehicles won't have Wi-Fi hardware on board, and the software has been vetted by a third-party to ensure there's no component that might have collected Wi-Fi data still installed (even though removing the hardware might be seen as enough).
I thought that the likely outcome for Google for its missteps was likely a very tiny amount of money in the forms of fines or voluntary settlement figures, but no criminal charges nor more than a technical slap on the rest--so long as Google agreed to stop scanning Wi-Fi signals, even if it promised to stop collecting data.
By being seemingly forced to exit the Wi-Fi positioning business, Skyhook Wireless reaps the biggest rewards, in that it will be the only worldwide provider of such information.
However, Google also uses the Android platform to collect Wi-Fi positioning information--something also employed by Skyhook Wireless, as News.com reported a few weeks ago. Every time a mobile devices sends a snapshot of the Wi-Fi environment to a Google or Skyhook server for lookup, that information further refines location data for subsequent users.
But mobile-submitted data isn't enough. For one thing, most of this data isn't tagged with reliable GPS coordinates when sent to the server--the intent of sending to the server is to obtain latitude and longitude in the first place. Skyhook and, formerly Google, drives with precision GPS receives and high-gain antennas to seed and re-seed their databases.
Meanwhile, in Australia, the country's privacy commissioner has found Google broke the law in sucking down data, even though such data was being publicly disseminated. The Sydney Morning Herald quotes commissioner Karen Curtis saying, "Any collection of personal information would have breached the Australian Privacy Act."
But I fear this sends the wrong message. Curtis says, "Australians should reasonably expect that private communications remain private." Not quite. If you're sending information unencrypted when the facility to protect that information is readily (and freely) available in the hardware you purchased, then you are sending private information in a public fashion, and shouldn't enjoy any expectation of privacy. Setting the bar that publicly broadcast information ensures privacy protections seems a bit rich.
Nevertheless, Google has apologized to Australians. Expect more apologies to be forthcoming.
Alaska Airlines has ramped up rapidly since its agreement with Aircell to use Gogo Inflight Internet: The airline has half its fleet--all 55 737-800s and 10 737-900s--equipped with in-flight Wi-Fi. The remaining 737-900s (2 of them) will be unwired in July, and the 737-400 and 737-700 fleets will gain service by the end of the year.
Aircell agreed to put substantial service in the state of Alaska as part of its arrangement with the airline, with a commitment to have it ready by early 2011. Aircell will eventually have a Canadian network, too, run by a Canadian partner that will aid in Alaska coverage.
The Philadelphia International Airport (PHL) stops charging for Wi-Fi: The facility offered free Wi-Fi on the weekends and to students at any time since 2007, but now won't charge a lick for service. Is this PHL's way of competing with Baltimore, National, JFK/EWR/LGA?
In-Stat says $95m in revenue will be taken in, almost entirely by Aircell, in 2010: That's a fair amount of money for the first year in which a substantial number of planes across multiple airlines are in operation, but still doesn't represent a lot of usage overall. Delta still represents the lion's share of equipped planes, even as other airlines have signed up, typically in a more limited fashion for the large operators. (Virgin America and AirTran have equipped their entire fleets, but those fleets are quite small.)
Let's run the numbers. Aircell charges from $5 for a red-eye session to $35 for a monthly unlimited usage pass across the network. Let's assume the average transaction fee is $11.
Aircell is nearing 1,000 planes equipped with Gogo Inflight Internet, and one assumes as that number has gotten higher, revenue has increased at a higher pace. So let's average the year's use across 800 planes (assuming several hundred more planes by year's end).
Take $95m and divide it by 365 days. That's $260K per day. Divide that by $11, and that gets you 24,000 sessions per day. Divide that by 800 planes and you get 30 sessions per day on average per plane. Some planes are flying short hops (Virgin America's West Coast routes), and others are heading cross-country on 5-6 hour missions. Planes are being turned somewhere between two and five times per day, so divvy up those 30 sessions per day per plane into flights.
That would means somewhere between 5 and 15 sessions per equipped plan per flight. I'm making a very rough calculation, but it makes sense.
As usage goes up, average revenue per user will increase, but eventually taper off: frequent travelers will opt for the $35/mo rate (probably negotiated lower through corporate bulk purchase deals).
By the number In-Stat is estimating and my logic above, it seems that achieving $500m/yr in revenue could be achieved by 2014 both by doubling the current size of the fleet, and increasing casual and business usage.
Aircell and its partner airlines have rarely disclosed much in the way of exact usage, session numbers, users per flight, or other financial or session data.
Starbucks launches its free North American in-store Internet today: It was quasi-free before (two hours with a single purchase ever since December's changes), and now you pay nothing to use as much Wi-Fi as you want.
Will *$, as we affectionately call the company here in Seattle, be filled with snoring loafers and couch squatters? Likely not. The company found an average of an hour's daily use by those who took advantage of the two-free-hours offer previously.