After an earthquake rattled through Italy yesterday, flattening towns and leaving at least 250 dead, the Italian Red Cross asked average citizens to help out ... by handing over their Wi-Fi. In a tweet, the organization requested people in earthquake-affected areas disable password protection on their home Wi-Fi networks so everyone could get on the web in a hurry.
Providing unfettered Internet access in an emergency situation is an obvious, logical step. The Internet has become a daily necessity, and it's a vital communication tool in disaster response, whether you're coordinating rescue missions or just trying to reach your loved ones. However, all that open Wi-Fi could also be a black hat hacker's dream—so it's important to open it up correctly.
What's interesting about the Italian Red Cross' request is this is not at all standard operating procedure. In fact, it wasn't even the Italian Red Cross' idea. "A lot of people on Twitter were asking to do it," says Tommaso Della Longa, an Italian Red Cross spokesperson. "In areas where there were no more phone lines but there was still Internet, they wanted to give people the ability to communicate, even only to say that they were alive." In response, the Italian Red Cross promoted the initiative on social media.
People have made this request before. Disaster Tech Lab—an emergency communications services NGO that has sent teams everywhere from sites of the Haitian earthquake in 2010 to flooded Louisiana just last week—called for people to open their Wi-Fi networks in the wake of the Boston bombing.
X content
This content can also be viewed on the site it originates from.
That tweet got quite a bit of media coverage and positive public response. But an organization like the Red Cross asking people to ditch their passwords is pretty much unprecedented. "It's the first time I've seen a big first response organization take such an initiative publicly," says Evert Bopp, Disaster Tech Lab's founder and CEO. "I'm delighted to see the Red Cross doing this. People are quite literally lost without the Internet."
But, though no one could fault you for wanting to lend a helping hand, this is the Internet we're talking about. That hand might get bitten. "Advising people to open up their private Wi-Fi by simply disabling their password is not necessarily prudent," says Jerome Segura, lead malware intelligence analyst at Malwarebytes. "Open Wi-Fi networks can be set as a trap." So what starts as an altruistic gesture could end with you getting redirected to phishing sites and/or having your credentials harvested.
So, how do you open your Wi-Fi network without putting yourself at risk? And can you? According to Segura, you can. All you have to do is set up a guest access point on your wireless network, so people can get on the Internet but not your network shares, web traffic, or connected devices.
Now, sure, in an emergency, the last thing you want to think about is reconfiguring your network, but if your router supports multiple networks (fair warning, it may not), Bopp says the process should only take you about five minutes. It's essentially a matter of going into your router's wireless network settings. Worst case, when you create the secondary or 'guest' network (called an SSID), you’ll have to give it a broadcast name, decide if you want it to be visible, assign whatever form of security you want to give it, and set up either some form of either DHCP provisioning or subnetting. But with most home routers that aren't running open firmware, you probably have a straight up 'guest network' option, in which case, you only need to define a name for the SSID. And if you're doing this for disaster relief purposes, you don't even have to bother setting up a password.
Typically, when damaged or destroyed infrastructure knocks out communications, disaster response organizations will set up an Internet hub for their own use—to coordinate between teams and the larger organization, order supplies, call for backup, the whole nine yards. But though first responders will get connected, it’s not instantaneous, and they’re not necessarily going to share that connection. "To set up a satellite terminal, from arrival to deployment, takes about 20 minutes. But you have to get there, and it costs $100 a gigabyte," says Brian Steckler, CTO at TacSat Networks Corporation, which is currently involved in bringing Internet access to first responders at California wildfire sites. "Giving access to the general public takes a lot of bandwidth out of the system, so it's not something organizations like FEMA will typically pay for."
The big advantage of opening up your Wi-Fi networks in disaster situations is that it's fast, and free, for everyone. But the question remains whether that should really be your job—especially when you may have been traumatized by whatever emergency has just jolted your community. "What I'd like to see is some leniency from the telecoms companies,” Bopp says. “It wouldn’t take much in an emergency situation to say, ‘You know what, we’ll drop the data cap, or we’ll give you X amount of data for free.’” That would make using cellular data, which otherwise can be prohibitively expensive, a viable option in the short-to-medium term.
It wouldn't be that big of a deal for a major company, and it's safer for everyone. "More than end users who aren't necessarily savvy enough to make safe choices, I think the ISPs and telecoms should be the ones able to help out here," Segura says. As the world becomes increasingly Internet-dependent, this discussion is not going to go away. With proper precautions in place, the Italian Red Cross's initiative is admirable and even sensible, but in an emergency, depending on neighbors for vital communications isn't a sustainable strategy.
