Jukka over at the Nokia Web Server blog made me aware of an interesting new service from Devicescape which will be bundled with Nokia Nseries and Eseries phones that makes using Wifi hotspots easier in the future.
You probably know the hassle. You sit down at the airport but before you can use the local Wifi network a user name and password has to be entered on a web page to get access to the Internet. While inconvenient with a notebook it’s still manageable since you have a keyboard available. With a mobile device however, typing in user names and passwords on a web page becomes a real pain.
Devicescape has an elegant solution for this. A little program, that has to be installed on the phone, checks all Wifi networks and automatically logs into those it knows. Usernames and passwords are stored on a centralized server so the user never has to type them in on the mobile device. When accessing the network from a Wifi hotspot they are downloaded automatically and entered into the web page by the program.
I was a bit puzzled at first. How can they store passwords remotely? Usually, access to the Internet is only possible once one the username and password have been entered on the web page. Devicescape uses an interesting trick to circumvent this. They piggyback their server interaction on DNS (Domain Name Server) queries which are required to resolve a URL (e.g. http://mobilesociety.typepad.com) into a numeric IP address. This works even before full access to the Internet is granted. The DNS server system has a treelike structure so a DNS query to a Devicescape URL will end up on the central Devicescape server. The server then checks the request and returns the username and password in the answer.
Pretty sleek!
So usernames and passwords for these WiFi hotspots are sent over a DNS query. In general, DNS queries are unencrypted.
If this is the case then it should be trivial to write a sniffer that listens to these unprotected UDP DNS queries and steal usernames and password 😮
Or does it work differently?
Hello hip2b2,
While DNS traffic is indeed unencrypted in general, the message that the Devicescape server sends back to a device is encrypted in such a way that only the device it was intended for can decrypt it.
We take the security of our users’ passwords very seriously. We store them encrypted in our database (which in turn is housed in a high security facility), as well as encrypting and/or signing all messages between our device software and our servers.
HTH,
John…
—
System Architect
Devicescape Software, Inc.