|
|
 |
|
|
In providing this Security Statement and the Frequently Asked Questions ("FAQs") that follow, we want you to be better informed about the security limitations and features of the T-Mobile HotSpot service.
Our T-Mobile
HotSpot network is based on wireless local area networks ("WLANs")
that use evolving technology based on the IEEE 802.11b/g standards.
WLANs, which enable "over-the-air" communications, may
be subject to unauthorized interception and are not inherently
secure. Additionally, a laptop computer, personal digital assistant
("PDA") or other device using wireless connections may
be more vulnerable to unauthorized attempts to access data and
software stored on the device. We therefore cannot guarantee the
privacy of your data and communications while using the T-Mobile
HotSpot service.
However, we have designed the
T-Mobile HotSpot network and provide certain encryption technologies to better
safeguard your wireless communications. We also support customer-provided security
solutions, such as virtual private networks ("VPNs"), personal firewalls, and anti-virus
software. For your protection, at all T-Mobile HotSpot locations your credit card or other
payment card information, as well as any personal information that you send to us via our
website when signing up for HotSpot service, is encrypted using secure socket layer ("SSL")
technology which prevents unauthorized persons from reading that information. SSL technology
is the standard for data encryption and server-side authentication for secure Web-based transactions
(such as e-commerce). Additionally, we encrypt your user name and password each time that
you submit them to access the T-Mobile HotSpot service.
We also offer an enhanced wireless security technology over our entire T-Mobile HotSpot network known as Wi-Fi Protected Access ("WPA") with 802.1x. Once you are authenticated onto the T-Mobile HotSpot network, WPA with 802.1x encrypts all of your data traffic when it is transmitted wirelessly from your Wi-Fi device to the T-Mobile-installed, Wi-Fi access points at each T-Mobile HotSpot location. This encryption technology helps protect against unauthorized interception of your data while it is transmitted "over the air", and it helps to mitigate against session hijacking (the ability for unauthorized individuals to access Wi-Fi service for free by using a customer's session).
You may take advantage of our WPA with 802.1x
security enhancement when you install our new T-Mobile Connection Manager (version 1.5 or more current
release) on your Wi-Fi device. Another advantage of the T-Mobile Connection Manager is that it
automatically validates the T-Mobile HotSpot network when authenticating, thus ensuring that the
customer is connected to a legitimate T-Mobile HotSpot network and not an unintended third-party
Wi-Fi network.
The new T-Mobile Connection Manager is available for download at http://client.hotspot.t-mobile.com, or, if you prefer, you may obtain it in CD format at no charge from many of our retail stores and participating HotSpot locations. You can confirm that the WPA with 802.1x software is functioning by looking for the "1X" on your Connection Manager user interface. Should you have any problems or questions concerning the Connection Manager, you may contact us at 877.822.SPOT (7768).
If you choose not to use the T-Mobile Connection Manager, you may use compatible WPA with 802.1x software designed by other companies. However, proper configuration of such third-party software is necessary in order for the solution to work and to mitigate against security vulnerabilities. T-Mobile does not support and cannot guarantee the functionality of third-party WPA with 802.1x software.
Please note, however, that WPA with 802.1x does not protect your data when it is transmitted over the Internet. Once you connect to the Internet, it is your responsibility to use appropriate encryption technologies such as a VPN or to use websites that offer SSL technology. We do not provide protection for any Internet communications. You should be especially careful when transmitting user names, passwords, credit card numbers, financial data and other sensitive and confidential information across the Internet without ensuring that appropriate security precautions are in place. Depending on your situation, these communications may be transmitted without encryption and may be vulnerable to unauthorized interception in the HotSpot location or on the Internet.
T-Mobile HotSpot strongly recommends you take measures to secure your Wi-Fi devices and Internet communications. We encourage and support many customer-provided security solutions, such as VPNs, personal firewalls, anti-virus software and the use of websites that provide SSL encryption for your data. It is your responsibility, however, to take these precautions and provide security measures best suited to your situation and intended use of the service. We do not currently provide these solutions and cannot guarantee or otherwise be responsible for their effectiveness.
Please note that appropriate safeguards should be used for any type of wireless technology or Internet access via any service provider. If you are interested in learning more, a few sources of additional information are: the National Infrastructure Protection Center's website at http://www.nipc.gov/publications/nipcpub/bestpract.html and CERT's website at http://www.cert.org/tech_tips/home_networks.html.
Below are some tips that can help you protect yourself when using the T-Mobile HotSpot service or any other public Wi-Fi service to access the Internet:
- Use the T-Mobile HotSpot Connection Manager software which, when installed on a laptop, automatically validates the T-Mobile HotSpot network when authenticating and encrypts "over the air" communications
- If you are using a browser, verify that it is using SSL to validate the T-Mobile HotSpot network via server-side authentication
- Ensure that any website to which you are transmitting sensitive personal or financial information uses SSL technology. To confirm that a website is using SSL:
- Look for the "https://..." in the URL address
- Look for a closed padlock (or key) icon in the bottom right-hand corner of your Internet browser as indicators you are accessing a secure site
- Do not ignore security warnings from the browser
- Inspect the Web site address in your browser's URL field to ensure you are communicating with the correct, secure Web site
- Use VPNs and personal firewalls
- Use anti-virus software and keep the software updated
- Be aware that others may be able to look "over your shoulder" to see your login, credit card, or other personal information while using the service. The use of a privacy screen on your computer screen may help prevent others from seeing what is on your computer.
- Properly log out of web sites by clicking log out instead of just closing your browser, or typing in a new Internet address
- Avoid using web-based email or instant messaging that uses clear (unencrypted) text to send information you deem confidential
- Remove or disable your wireless card if you are working offline on your computer and you are not planning to connect to the HotSpot service
Additional Information
Please keep in mind that this Security Statement and the FAQs that follow only address the T-Mobile HotSpot service and are limited in scope. They do not and are not intended to cover security issues on networks with which we have a roaming relationship, including networks operated by our international affiliates under the T-Mobile HotSpot brand. They also do not and are not intended to cover all types of network, device or Internet security issues or risks. For example, wired and wireless networks and devices (such as PDAs, desk top and laptop computers, and servers) may be susceptible to viruses, worms, Trojan horses, and denial of service attacks. We encourage you to use other resources, such as those found on the Internet, and at libraries or in bookstores, for comprehensive information concerning these and other security risks and issues.
We may update this Security Statement and the FAQs from time to time. Please check them regularly for updates. If you have questions about privacy, please see the Privacy Policy posted on our web site.
Frequently Asked Questions on T-Mobile HotSpot Security
I've heard WLANs being called "802.11b/g" and "Wi-Fi" networks. What does that mean?
Is WLAN Internet access, as in a T-Mobile HotSpot, less secure than wired Internet service networks?
When signing up for the T-Mobile HotSpot service, is my credit card information safe?
How do I ensure that I am connected to the T-Mobile HotSpot network and not an unintended third-party Wi-Fi network?
When logging on to the T-Mobile HotSpot service, are my user name and password secure?
Is WEP used to secure my wireless connection to T-Mobile?
What is WPA with 802.1x and why is it important?
What is the difference between WPA with 802.1x and a VPN?
Does T-Mobile support VPNs to access email and enterprise applications and data?
How secure are web-based email services?
Is instant messaging secure?
If my connection is momentarily interrupted, does that mean my Internet session has been "stolen"?
Will T-Mobile continue to enhance WLAN security?
Glossary
of WLAN security acronyms
Answers to Frequently Asked Questions on T-Mobile HotSpot Security
I've heard WLANs being called "802.11b/g"
and "Wi-Fi" networks. What does that mean?
It means that the WLAN network conforms to the industry standards
applicable to WLANs, known by the technical "802.11b/g" name as
well as the "Wi-Fi" name. The T-Mobile HotSpot service
is based on the 802.11b/g standards. Although this is a widely
adopted industry standard, it will likely evolve to allow higher
speeds and greater security in the future. You may learn more
about 802.11b/g and Wi-Fi at the Wireless Ethernet
Compatibility Alliance web site found at www.weca.net.
Is WLAN Internet access, as in a T-Mobile
HotSpot, less secure than wired Internet service networks?
As the name implies, WLANs transmit data wirelessly or "over the
air." Because of this, they are more vulnerable to illicit attempts
to intercept and read data by persons in the vicinity of the T-Mobile
HotSpot during the time the data travels wirelessly. (That said,
keep in mind that it is also possible for data traveling on a
wired network to be intercepted.) Additionally, a hacker could
attempt to use the wireless connection between the device and
the access point, whether you are on the Internet or not, to gain
access to your device, including software and data stored on the
device. The types of safeguards recommended for T-Mobile
HotSpot users (noted in the Security Statement, these FAQs and
published elsewhere) should be used for any type of wireless technology
via any service provider (and are advisable on wired networks
as well).
When signing up for the T-Mobile
HotSpot service, is my credit card information safe?
When you sign up for T-Mobile HotSpot service through
the t-mobile.com website, we offer SSL encryption to protect your
credit or other payment card information. We do not provide
security with respect to your use of third party websites or services
for any personal or financial information transmitted to such
websites. We therefore recommend you only use websites that
offer SSL or comparable security protection when transmitting
sensitive data. To assist you in identifying secure websites,
your web browser may indicate "https://..." in the URL address
and show a closed padlock (or key) icon as indicators of security.
While these indicators are helpful, please be aware that different
browsers and web sites may use different methods of denoting security
or SSL encrypted content, and the presence of any particular icon
is not necessarily a guarantee of total security. If you are concerned
about the security of your credit card and other information,
you should deal only with trusted sources and service providers
on the Internet.
How do I ensure that I am connected to the
T-Mobile HotSpot network and not an unintended third-party
Wi-Fi network?
The T-Mobile Connection Manager using WPA with 802.1x
capabilities is configured to automatically validate the T-Mobile
HotSpot network for you. Although third-party WPA with 802.1x
software clients may be used, they must be manually configured
to accomplish this. If you are using an Internet browser to log
in to the HotSpot network instead of a WPA with 802.1x software
client, you should verify that SSL is being used and that the
URL is from t-mobile.com.
When logging on to the T-Mobile
HotSpot service, are my user name and password secure?
When you log on to the HotSpot service, you are required to supply
a valid user name and password combination for authentication
purposes. This information is protected by encryption technologies
during the authentication process.
Is WEP used to
secure my wireless connection to T-Mobile?
At T-Mobile HotSpot locations, WEP (Wireline Equivalent
Privacy) is not supported. WEP is based on "shared secret" encryption.
Shared secret encryption means that the "secret" (the key to the
encryption) must be shared with all other WLAN users. Consequently,
we believe that this type of security solution is neither practical
nor meaningful when used on a public network.
What is WPA with
802.1x and why is it important?
The WPA with 802.1x security solution is a technology that encrypts
your data traffic when it is transmitted wirelessly from your
device to the installed access points at the HotSpot location.
Our deployment of this solution makes it more difficult for unauthorized
persons (such as hackers) to view your data while it is being
sent "over the air". It also helps to mitigate against session
hijacking (the ability for unauthorized individuals to access
Wi-Fi service for free using a customer's session).
The WPA with 802.1x solution does not, however, protect your data
once it is transmitted over the Internet. It is your responsibility
to provide appropriate security protections (such as a VPN) in
these cases.
What is the difference
between WPA with 802.1x and a VPN?
Generally, the WPA with 802.1x security solution encrypts only
the wireless or "over the air" portion of your data traffic at
a HotSpot location. It does not protect your data once it is
transmitted to the Internet. A VPN typically provides a more
comprehensive encrypted solution from your Wi-Fi
device through the access point and over the Internet to your
VPN server. You should note that WPA with 802.1x may provide incremental
protection to VPN users, especially when VPN tunnels are configured
so as not to encrypt all user data, or when a VPN server is not
available or selected for use. Furthermore, the WPA with 802.1x
solution helps to mitigate against session hijacking (the ability
for unauthorized individuals to access Wi-Fi service
for free using a customer's session).
Does T-Mobile
support VPNs to access email and enterprise applications and data?
T-Mobile currently supports most VPN solutions. We
strongly recommend the use of a VPN to enhance security when sending
and receiving information you deem confidential. If you are uncertain
about the type of VPN you use, please consult your company's IT
department. To inquire whether our HotSpot network supports your
VPN solution, or for assistance troubleshooting connectivity issues
regarding use of your VPN client on our network, please contact
us at 877.822.SPOT (7768).
How secure are
web-based email services?
Most web-based email services transmit messages as clear (unencrypted)
text. Unencrypted web-based email may be vulnerable to illicit
attempts to intercept email communications. You can check with
your email service provider to learn about your specific email
service and its encryption or security features, if any. Typically,
only the login page is SSL encrypted, and the closed padlock (or
key) icon will be displayed on your web browser for any such pages.
Please note that T-Mobile does not provide security
with respect to your use of third party websites or services,
such as web-based email. If you choose to use web-based email
on our service, we strongly recommend that you avoid using it
to transmit information you deem confidential, and if possible,
that you encrypt any attachments before sending them.
Is instant messaging
secure?
Most instant messaging services transmit communications as clear
(unencrypted) text. You can check with your instant messaging
service provider to learn more about your specific instant messaging
service and its security features, if any. Such clear text communications
are unencrypted whether instant messaging is used on wired or
wireless devices and networks. Unencrypted instant messaging
is vulnerable to illicit attempts to intercept and read the content
of messages sent and received. If you choose to use instant
messaging on our HotSpot service, we strongly recommend that you
avoid using it to transmit information you deem confidential.
If my connection
is momentarily interrupted, does that mean my Internet session
has been "stolen"?
You can lose your wireless connection for a variety of reasons
not related to security, such as something blocking or interfering
with the radio signal, or moving your computer too far away from
the T-Mobile HotSpot access point. However, an unexplained
loss of connection or deterioration of the service could indicate
that a hacker has illicitly gained free access to the Internet
using your T-Mobile HotSpot account (by using your
physical network address). This is often referred to as session
stealing or hijacking (which can be mitigated against through
the use of our WPA with 802.1x solution). If you suspect this
has occurred, log off immediately so that any such "hacker's"
stolen session will be ended and call T-Mobile HotSpot
customer care at 877.822.SPOT (7768) as soon as possible.
Will T-Mobile
continue to enhance WLAN security?
We are committed to working with our equipment suppliers to continue
to develop and implement software and other solutions, such as
WPA with 802.1x, designed to provide enhanced security for customers
using our HotSpot service. Please check our Security Statement
and these FAQs regularly for updates regarding new wireless security
technologies.
Glossary of WLAN security acronyms
802.11b/g Industry standards designation for wireless
ethernet
SSL Secure Socket Layer
PDA Personal Digital Assistant
VPN Virtual Private Network
WEP Wireline Equivalent Privacy
Wi-Fi Industry brand designation for wireless ethernet
WLAN Wireless Local Area Network
WPA Wi-Fi Protected Access
|
Legal
terms