|
|
 |
 |
 |
In providing this Security Statement and the Frequently Asked Questions ("FAQs") that follow, we want you to be better informed about the security limitations and features of the T-Mobile HotSpot service.
Our T-Mobile HotSpot network is based on wireless local area networks ("WLANs") that use evolving technology based on the IEEE 802.11 standards. WLANs, which enable "over-the-air" communications, may be subject to unauthorized interception and are not inherently secure. Additionally, a laptop computer, handset or other device using wireless connections may be more vulnerable to unauthorized attempts to access data and software stored on the device. We therefore cannot guarantee the privacy of your data and communications while using the T-Mobile HotSpot service.
Furthermore,
we do not provide any protection for your communications
over the Internet. You should be especially careful
when transmitting user names, passwords, credit card numbers,
financial data and other sensitive and confidential information
across the Internet without ensuring that appropriate security
precautions are in place. Depending on your situation, these communications
may be transmitted without encryption and may be vulnerable to
unauthorized interception in the T-Mobile
HotSpot location or on the Internet. It is your responsibility
to use appropriate encryption technologies such as a virtual private
network ("VPN") or to use websites that offer
secure socket layer ("SSL") encryption technology.
SSL technology is the standard for data encryption and server-side
authentication for secure web-based transactions (such as e-commerce).
However, for your protection, your credit card or other payment card information as well as any personal information that you send to us via our website when signing up for T-Mobile HotSpot service is encrypted using SSL technology which prevents unauthorized persons from reading that information. We also encrypt your user name, password or other credentials each time that you submit them to access the T-Mobile HotSpot service.
T-Mobile strongly recommends you take measures to secure your Wi-Fi devices and Internet communications. We encourage and support many customer-provided security solutions, such as VPNs, personal firewalls, anti-virus software and the use of websites that provide SSL encryption for your data. It is your responsibility, however, to take these precautions and provide security measures best suited to your situation and intended use of the service. We do not currently provide these solutions and cannot guarantee or otherwise be responsible for their effectiveness.
Please note that appropriate safeguards should be used for any type of wireless technology or Internet access via any service provider. If you are interested in learning more, a few sources of additional information are: the National Infrastructure Protection Center's website at http://www.nipc.gov/publications/nipcpub/bestpract.html and CERT's website at http://www.cert.org/tech_tips/home_networks.html.
Below are some tips that can help you protect yourself when using the T-Mobile HotSpot service or any other public Wi-Fi service to access the Internet:
- If you are using a browser, verify that it is using SSL to validate the T-Mobile HotSpot network via server-side authentication
- Ensure that any website to which you are transmitting sensitive personal or financial information uses SSL technology To confirm that a website is using SSL:
- Look for the "https://..." in the URL address
- Look for a closed padlock (or key) icon in the bottom right-hand corner of your Internet browser as indicators you are accessing a secure site
- Do not ignore security warnings from the browser
- Inspect the Web site address in your browser's URL field to ensure you are communicating with the correct, secure Web site
- Use VPNs and personal firewalls
- Use anti-virus software and keep the software updated
- Be aware that others may be able to look "over your shoulder" to see your login, credit card, or other personal information while using the service. The use of a privacy screen on your computer screen may help prevent others from seeing what is on your computer.
- Properly log out of web sites by clicking log out instead of just closing your browser, or typing in a new Internet address
- Avoid using web-based email or instant messaging that uses clear (unencrypted) text to send information you deem confidential
Additional Information
Please keep in mind that this Security Statement and the FAQs that follow only address the T-Mobile HotSpot service and are limited in scope. They do not and are not intended to cover security issues on networks with which we have a roaming relationship, including networks operated by our international affiliates under the T-Mobile HotSpot brand. They also do not and are not intended to cover all types of network, device or Internet security issues or risks. For example, wired and wireless networks and devices may be susceptible to viruses, worms, Trojan horses, and denial of service attacks. We encourage you to use other resources, such as those found on the Internet, and at libraries or in bookstores, for comprehensive information concerning these and other security risks and issues.
We may update this Security Statement and the FAQs from time to time. Please check them regularly for updates. If you have questions about privacy, please see the Privacy Policy posted on our web site.
Frequently Asked Questions on T-Mobile HotSpot Security
I've heard WLANs being called "802.11" standards and "Wi-Fi" networks. What does that mean?
Is WLAN Internet access, as in a T-Mobile HotSpot, less secure than wired Internet service networks?
When signing up for the T-Mobile HotSpot service, is my credit card information safe?
When logging on to the T-Mobile HotSpot service, are my user name and password secure?
Is WEP used to secure my wireless connection to T-Mobile?
Does T-Mobile support VPNs to access email and enterprise applications and data?
How secure are web-based email services?
Is instant messaging secure?
If my connection is momentarily interrupted, does that mean my Internet session has been "stolen"?
Glossary of WLAN security acronyms
Answers to Frequently Asked Questions on T-Mobile HotSpot Security
I've heard WLANs being called "802.11"
and "Wi-Fi" networks. What does that mean?
It means that the WLAN network conforms to the industry standards
applicable to WLANs, known by the technical "802.11"
standards name as well as the "Wi-Fi" name. The T-Mobile
HotSpot service is based on the 802.11 standards. Although this
is a widely adopted industry standard, it will likely evolve to
allow higher speeds and greater security in the future. You may
learn more about 802.11 standards and Wi-Fi at the Wireless Ethernet
Compatibility Alliance web site found at www.weca.net.
Is WLAN Internet access, as in a T-Mobile
HotSpot, less secure than wired Internet service networks?
As the name implies, WLANs transmit data wirelessly or "over
the air." Because of this, they are more vulnerable to illicit
attempts to intercept and read data by persons in the vicinity
of the T-Mobile HotSpot during the time the data
travels wirelessly. (That said, keep in mind that it is also possible
for data traveling on a wired network to be intercepted.) Additionally,
a hacker could attempt to use the wireless connection between
the device and the access point, whether you are on the Internet
or not, to gain access to your device, including software and
data stored on the device. The types of safeguards recommended
for T-Mobile HotSpot users (noted in the Security
Statement, these FAQs and published elsewhere) should be used
for any type of wireless technology via any service provider (and
are advisable on wired networks as well).
When signing up for the T-Mobile
HotSpot service, is my credit card information safe?
When you sign up for T-Mobile HotSpot service through
the t-mobile.com website, we offer SSL encryption to protect your
credit or other payment card information. We do not provide security
with respect to your use of third party websites or services for
any personal or financial information transmitted to such websites.
We therefore recommend you only use websites that offer SSL or
comparable security protection when transmitting sensitive data.
To assist you in identifying secure websites, your web browser
may indicate "https://..." in the URL address and show
a closed padlock (or key) icon as indicators of security. While
these indicators are helpful, please be aware that different browsers
and web sites may use different methods of denoting security or
SSL encrypted content, and the presence of any particular icon
is not necessarily a guarantee of total security. If you are concerned
about the security of your credit card and other information,
you should deal only with trusted sources and service providers
on the Internet.
When logging on to the T-Mobile
HotSpot service, are my user name and password secure?
When you log on to the HotSpot service by supplying a valid user
name and password combination for authentication purposes, this
information is protected by encryption technologies during the
authentication process.
Is WEP used to secure my wireless connection
to T-Mobile?
At T-Mobile HotSpot locations, WEP (Wireline Equivalent
Privacy) is not supported. WEP is based on "shared secret"
encryption. Shared secret encryption means that the "secret"
(the key to the encryption) must be shared with all other WLAN
users. Consequently, we believe that this type of security solution
is neither practical nor meaningful when used on a public network.
Does T-Mobile
support VPNs to access email and enterprise applications and data?
T-Mobile currently supports most VPN solutions. We
strongly recommend the use of a VPN to enhance security when sending
and receiving information you deem confidential. If you are uncertain
about the type of VPN you use, please consult your company's IT
department. To inquire whether our HotSpot network supports your
VPN solution, or for assistance troubleshooting connectivity issues
regarding use of your VPN client on our network, please contact
us at 877.822.SPOT (7768).
How secure are
web-based email services?
Most web-based email services transmit messages as clear (unencrypted)
text. Unencrypted web-based email may be vulnerable to illicit
attempts to intercept email communications. You can check with
your email service provider to learn about your specific email
service and its encryption or security features, if any. Typically,
only the login page is SSL encrypted, and the closed padlock (or
key) icon will be displayed on your web browser for any such pages.
Please note that T-Mobile does not provide security
with respect to your use of third party websites or services,
such as web-based email. If you choose to use web-based email
on our service, we strongly recommend that you avoid using it
to transmit information you deem confidential, and if possible,
that you encrypt any attachments before sending them.
Is instant messaging
secure?
Most instant messaging services transmit communications as clear
(unencrypted) text. You can check with your instant messaging
service provider to learn more about your specific instant messaging
service and its security features, if any. Such clear text communications
are unencrypted whether instant messaging is used on wired or
wireless devices and networks. Unencrypted instant messaging
is vulnerable to illicit attempts to intercept and read the content
of messages sent and received. If you choose to use instant
messaging on the T-Mobile HotSpot service, we strongly
recommend that you avoid using it to transmit information you
deem confidential.
If my connection
is momentarily interrupted, does that mean my Internet session
has been "stolen"?
You can lose your wireless connection for a variety of reasons not related to security, such as something blocking or interfering with the radio signal, or moving your computer too far away from the T-Mobile HotSpot access point. However, an unexplained loss of connection or deterioration of the service could indicate that a hacker has illicitly gained free access to the Internet using your T-Mobile HotSpot account (by using your physical network address). This is often referred to as session stealing or hijacking. If you suspect this has occurred, log off immediately so that any such "hacker's" stolen session will be ended and call T-Mobile HotSpot customer care at 877.822.SPOT (7768) as soon as possible.
Glossary of WLAN security acronyms
802.11 Industry standards designation
for wireless ethernet
SSL Secure
Socket Layer
PDA Personal
Digital Assistant
VPN Virtual
Private Network
WEP Wireline
Equivalent Privacy
Wi-Fi Industry
brand designation for wireless ethernet
WLAN Wireless
Local Area Network
|