BT Business Total given opportunity to act as wireless hot-spot
Tuesday 22 April 2008 13:28:34 by Andrew Ferguson
The idea of providing a wireless hot-spot in your reception area or small cafe would appear to be easier now if you use the BT Business Total broadband packages. Back in 2007 residential BT Retail customers who have the Home Hub were given the option of creating a wireless channel that was separate to their normal residential wireless network. Now business customers have the option.
The BT Retail press release points out that the 170,000 business customers using a BT Business 2700 Total Broadband Hub should receive a firmware upgrade in the next couple of months at which point they will be invited to switch on the Wi-Fi hotspot feature.
Some businesses may be concerned that this would affect their own broadband connection and speed or possibly leave their network vulnerable to security attacks. The service however acts like a separate broadband connection through the Business Hub and gives priority to the BT Business Broadband customer's data. A new version of the BT Business Hub will be launched in July and this will have the hot-spot capability pre-enabled, allowing customers to opt-out if they don't want to act as an Openzone.
The people who will be able to access this hot-spot are anyone buying access time via BT Openzone, or people with a subscription plan or roaming agreement. Additionally those people signed to the BT FON system at another location will also be able to use this connection. The payback for opening up this hot-spot is that the business will receive a number of inclusive wireless minutes ranging from 50 minutes to 500 minutes a month depending on the product they buy from BT Retail.
The BT FON Wi-Fi community has more than 70,000 members which means access to Wi-Fi when out and about is becoming a lot easier. To find out where the FON hot spots are you can use maps.fon.com, alternately the BT Openzone hotspots can be located using the search system at www.btopenzone.com.
One BT Openzone hotspot that you won't be able to drive or walk to is the one located on the Byford Dolphin which is an oil rig in the North Sea which has launched as a full service for people working on the rig who want internet access in their off-duty time.
Digg this
Add to del.icio.usComments
This is a good idea and should be a "opt out"
It's a security risk and frankly the thought they're even considering this for business connections is worrying.
I'm interested in why it's a security risk?
The way I see it, the 2700 has Dual SSID, and uses a separate Vlan and an IPSec VPN tunnel back to a concentrator for Openzone. All Openzone traffic is handled in a separate queue on the box which is de-prioritised below the customers own traffic, so it shouldn't affect performance.
To my mind, Openzone and Fon will only work if it's opened up far and wide and you can roam between the two. If that happens, then I reckon I will personally find it very useful indeed.
Ian
Dawn_Falcon, I would was thinking I would open FON but could you explain what the security risks are or point to URL Thanks
Firstly, given the number of flaws in BT firmware in the past, I have absolutely no faith in their ability to properly seperate the networks. Also, traffic prioritisation takes a lot of CPU power.
Second, for the end user - man-in-the-middle attacks. You can't even be sure it's a legitimate FON login, for example.
Third, legal issues of someone using your connection to do something nasty. You, not they, are legally liable under present UK law.
1. The only 2wire BT Business Hub flaw I'm aware of is one that potentially allowed a compromise of DNS settings etc if no Admin UI password had been set. I don't think it was ever exploited on the BT implementation, and it was patched pretty quick by 2wire. I believe 2wire have a better record than most consumer CPE manufacturers.
2. No, but see point 3 - That's an issue for the fon implementation rather than the end user.
3. The Openzone implementation uses a VPN tunnel. The end user connection in use is irrelevant in that scenario, as the connection effectively originates from the Fon/Openzone concentrators.
ian - 3 is utterly irrelevant under UK law as it stands. The last traceable point is the router, and it is paid for by the company concerned.
For the others, I simply don't trust BT or FON's security that much. I have a router which can handle dual wireless networks, and there's an firmware patch avaliable (firmware's GPL'ed) for creating a log to a attached USB disk of all activity on the second connection.
"The last traceable point is the router, and it is paid for by the company concerned."
It's not though - The connected IP is one served from the VPN concentrator itself, and that is what a trace will come back to rather than the customers router. The router is doing VPN Pass through from the second SSID back to BT's network.
I've talked to a lawyer specifically on this point about eighteen months ago because it had a possible impact on something I was working on (which didn't come to anything for this and other factors).
Regardless, the router owner is liable. Yes, it needs looking at, but that's how it presently is.
Why do we need these hotspots?? I find no use for them, as anywhere I want to go has 3G. If it doesn't, it's increasingly rare, and hotspots will soon just be a niche thing.
Those with long memories may remember the Rabbit phone. It was set up by Hutchinson Whampoa and to use it you had to drive to a Rabbit point and in essence is similar to Fon. Needless to say it folded but was reincarnated as Orange.
Hutchinson are not making this mistake again as they own 3 and they are offering 1G of 3G per month for £10. A far better bet I feel for the mobile of us. Very easy to use too.
> Posted by Dawn_Falcon 4 days ago
> I've talked to a lawyer specifically on this
> point about eighteen months ago because it
> had a possible impact on something I was
> working on (which didn't come to anything
> for this and other factors).
> Regardless, the router owner is liable.
Dawn_Falcon, you're wrong.
As already stated, the FON system operates through a VPN tunnel. Any users connecting through your Router, can't see it - they are connecting with an IP address supplied from BT centrally.
Your router is merely acting as a "pass through" for an enrypted-tunnel carrying a BT Internet connection with a BT IP address - and it's this BT IP address that will be used for any necessary tracing, NOT your completely seperate personal address. You don't figure anywhere in the chain !
Nomgle;
I agree that is the technical position. The legal position is out of step with the technical position.
Seems not many people have enabled FON on BT retail routers? The nearest to me (south of england) is 16.9km away according to the FON site.