Home > Networking > Network Security

Computerworld - It was a startling claim: Like a virtual trail of cookie crumbs, your laptop could be beaming out invisible signals that are attracting intrepid thieves armed with a common $5 gadget.

This alarming scenario comes by way of a press release from security vendor Credant Technologies Inc.

Citing a news report from Jamaica, Credant's vice president of marketing, Sean Glynn, notes that "low-cost key fob Wi-Fi detectors for under a fiver and quite sophisticated directional detectors for around the 30 pounds mark ... can be used by thieves to detect the presence of an out-of-sight laptop."

That's because newer laptops have a set time — sometimes up to 30 minutes — before they go into sleep mode when the laptop's lid is closed, Glynn asserts.

He said that window of opportunity aids thieves prowling offices or shopping mall parking lots looking for corporate laptops to steal immediately after work.

However, experts polled by Computerworld said that for most users, Wi-Fi doesn't increase their laptops' chances of being stolen.

For users who are careless with their laptop and its settings, there could be an increased risk of theft. But as long as they abide by these steps, those risks can be mitigated, they said.

The holes in Credant's scenario:

• Contrary to Credant's assertion, most laptops running Windows, Mac OS X or Linux today are set to go to sleep (in Windows, this is called S3 Suspend Mode) when the lid is shut, said Bill Gordon, director of wireless technologies for Absolute Software, maker of the Lojack for Laptops notebook recovery software.That should immediately turn off the laptop's Wi-Fi chip or card, said Kelly Davis-Felner, marketing director for the Wi-Fi Alliance. "I'm a little suspicious of this idea of an epidemic of laptop thievery," Davis-Felner said.

• Virtually all pocket Wi-Fi detectors by companies such as IOGEAR, Targus and Kensington can only detect the presence of a Wi-Fi access point. That's denoted by the SSID, the cute name you gave your home wireless network when prompted by your router. Wi-Fi detectors cannot see Wi-Fi signals broadcast by laptops that are only connecting as a client, as most of them are, said Glenn Fleishman, a journalist who runs the blog Wi-Fi Net News.

• Most Wi-Fi detectors only pick up the strength of the Wi-Fi access point's signal, not where it's coming from, said Fleishman. Also, any wireless signal leaking out from a laptop in a bag or case would be very weak compared to a true access point, he said.

• While detecting a Wi-Fi signal could theoretically aid a parking lot prowler, it might actually deter a thief in a home or office because "it would suggest the presence of a person working," says Absolute's Gordon.

• On the MacBook side, the Wake On Demand feature in its latest OS X 10.6 (Snow Leopard) enables a MacBook to turn on if an Apple Wi-Fi base station wakes it in order to send it some data, said Fleishman. However, Fleishman doesn't believe that the MacBook would be broadcasting any detectable Wi-Fi signal.

You've been warned

Wi-Fi can add a risk to laptops, but only if one or more of the following things is happening:

• If would-be thieves are armed with more expensive wireless signal detectors that can detect either Wi-Fi clients or access points. These can be purchased in industrial or spy stores, and online, said Chris Burchett, Credant's CTO.

• When users deliberately set their laptop to not go to sleep when they shut its lid. Burchett says, for instance, that he does that because he doesn't want his machine to go to sleep when he's going back and forth to meetings. The Wi-Fi Alliance's Davis-Felner acknowledges this is the preference of some users, pointing out her Dell laptop has a separate on-off switch for the Wi-Fi, apparently for just such users.

• If users turn their laptop into a temporary Wi-Fi access point. In Windows, this is done by clicking the Internet Connection Sharing box in your wireless settings. This turns your laptop into a wireless repeater that can amplify and retransmit the Wi-Fi access point's signal for other laptops to use.

• When users fail to close their laptop lids all the way. With the high-capacity batteries in today's laptops, this could leave a laptop on for up to 12 hours.

Play it safe

Users don't need to turn off their Wi-Fi every time they shut their laptop's lid, nor do a full shutdown, experts said.

Instead, they should:

• Keep their laptop set to go to sleep on lid closure.

• Make sure they uncheck the Internet Connection Sharing box in Windows.

• Be careful about fiddling with the Power Manager features in their laptops. For instance, the ThinkVantage software in the latest Lenovo ThinkPads lets users turn on a feature called InstantResume, which allows them keep the Wi-Fi radio on for up to 99 minutes after going to sleep. ThinkPad users can see if they have InstantResume on by glancing at the top of their ThinkPad — if the "moon" suspend indicator light is not lit up, the Wi-Fi is still on.

Eric Lai covers Windows and Linux, desktop applications, databases and business intelligence for Computerworld. Follow Eric on Twitter at @ericylai or subscribe to Eric's RSS feed . His e-mail address is elai@computerworld.com.

Read more about Network Security in Computerworld's Network Security Topic Center.