"you’ll know your new network is ready to go when you can log in to the “Google Starbucks” SSID."
LOL either the real one will be up or someone running a MITM attack.
It is an interesting area that has not been tackled by a startup. I have no idea how they'd tackle it. But it would be nice to know when I connect to some random network if I'm on the real thing or just some spoofed SSID. Yeah yeah connect to your VPN... but another layer of security, or a reduced level of threat, never hurt anything. Maybe a free VPN would be the point of the startup, "Don't trust your internet access? Connect to us!"
Also this would have been a cool place/idea to roll out guaranteed working IPv6 connectivity. This may very well be the case, although unpromoted.
This is more of a standards problem then a start up problem. Minimally, you need to get something standardized using public key Identification.
Another option is to deploy something like secure in band wireless pairing[1] which prevents anyone trying to spoof an access point while you are in range of the existing access point. Essentially, the access point uses transmit/not transmit as an encoding mechanism for secure announcements. Anyone attempting to jam that can't because forging an announcement requires you to not transmit at key points
[1] http://people.csail.mit.edu/nabeel/TEP.pdf
That's no different from how it is today, except the SSID will be slightly different. You have no way to tell whether you're logging into the official Starbucks WiFi or some black hat's stand-in.
There are quite a few VPN products out there advertised specifically to protect you while connecting to untrusted public WiFi networks.
In order for that to work, I think you necessarily need the cooperation of the network owner, and an informed end user. Given that, it seems like the technical solution is basic public key cryptography. Give the access point a public key (possible the same key it uses for https), then all the user has to do is validate that the access point is using the appropriate certificate.
You could provide software that automatically validates networks when you connect, and/or provides a more user friendly way to do so.
The biggest problem I see is that their is no way to automatically distinguish between a MITM, and the vendor simply not participating.
"informed end user." Or it could be a free automatic feature of Android 4.4. The almighty GOOG has the unusual situational advantage of being the same guy doing the WIFI and doing the phone/tablet OS. The only place AAPL has them beat is they sell the wifi access point devices too.
They could release an ITMS app for iDevices, I suppose.
My relatively new android phone is running 2.3.7, so somehow shoehorning it into an android app would be more useful than adding to a OS I probably won't have access to for years.
Its going to need to be cross platform for the laptop users anyway.
Note that as a startup idea you don't need to be .mil grade and encrypt and verify every packet. Something as simple as a notification pop up along the lines of "Holy Cow you are in Great Danger!" would be more useful than the present nothing.
I don't know how all VPN systems work, but if you are using ssh -D I believe that your first connection creates keys for your computer pair in ~/.ssh/authorized_keys and then future connections are fairly secure regardless of who is eavesdropping.
LOL either the real one will be up or someone running a MITM attack.
It is an interesting area that has not been tackled by a startup. I have no idea how they'd tackle it. But it would be nice to know when I connect to some random network if I'm on the real thing or just some spoofed SSID. Yeah yeah connect to your VPN... but another layer of security, or a reduced level of threat, never hurt anything. Maybe a free VPN would be the point of the startup, "Don't trust your internet access? Connect to us!"
Also this would have been a cool place/idea to roll out guaranteed working IPv6 connectivity. This may very well be the case, although unpromoted.