The New York Democrat, one of the senate’s most influential members, sent the letter to a host of US-based internet companies, including the aforementioned goliaths. Schumer called on major website providers to switch from the standard HTTP connection to SSL (noted as HTTPS within a URL), as a default web address.
In a separate statement, the senior senator from New York mentioned numerous recent reports about hackers intercepting personal information via websites over unsecured WiFi connections, typically at commercial establishments.
“The number of people who use WiFi to access the Internet in coffee shops, bookstores and beyond is growing by leaps and bounds, but these users are unaware that they are easy prey for hackers and identity thieves”, Schumer noted. “Free WiFi networks provide hackers, identity thieves and spammers alike with a smorgasbord of opportunities to steal private user information like passwords, usernames, and credit card information.”
Calling HTTP a “welcome mat for would-be hackers”, the senator said a prompt change to default SSL addresses would be a simple move to increase the security of internet transactions.
“In an age when consumers are increasingly using public WiFi hotspots, this vulnerability poses a serious threat to security and privacy on the internet”, Schumer added.
In a closing plea to the web companies, Schumer asked them to move to the more secure SSL protocol as quickly as possible, citing issues of public interest and constituent safety.
“This security problem has been known for quite some time and hackers are getting better at creating programs that allow even the most inexperienced users the ability to hack into someone else’s computer”, Schumer added in his accompanying statement. “With the privilege of serving millions of U.S. citizens, providers of major websites have a responsibility to protect individuals who use their sites and submit private information.”
As WiFi capable mobile devices continue to proliferate, the problems presented by easy-to-use wireless hacking kits will only increase, said Ajay Gupta of WiFi security provider AirTight Networks. He agreed with Senator Schumer’s conclusions, noting most public WiFi users “remain ignorant or careless as to the underlying risks...and end up as potential hacker targets”.
Writing in his blog for Infosecurity, Gupta said it’s well past the time for major websites to consider the move to the HTTPS, citing a recent move by Facebook to provide secure access for session logins.
“Hopefully, taking note of Facebook’s security lead and the strong call of Sen. Schumer, website operators will swing into action sooner, to ensure users’ safety on otherwise insecure public WiFi networks.”