01 December 2010

If your home wi-fi is unsecured, stop reading this blog and go fix it!

cnet had an article last month reiterating the dangers of surfing the net via an unsecured wi-fi.
Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here's why. With a $50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected...

Someone could also join the network and launch attacks on your computer and any other devices using the network at that time. If file sharing has been left on or the personal firewall is misconfigured it's relatively easy to access the computer via an open Wi-Fi network. Someone could upload an executable program to a file on your hard drive that steals data or just leaves a back door for future access...

Even though many Wi-Fi routers come with WPA (Wi-Fi Protected Access) enabled by default, a lot of people don't want to be bothered with setting up a password, despite the fact that you don't have to type it in every time you log on. The Wigle.net (Wireless Geographic Logging Engine) site shows that of 26.8 million Wi-Fi networks logged by volunteers who were "war driving"--driving around in cars and using laptops or PDAs to find wireless networks--49 percent were listed as secured with encryption and nearly 28 percent were shown to be not using encryption. (On the remaining 23 percent the security level was unknown.)
The article provides a link to an interactive map at Wigle.net.  I navigated it to get the screen shot embedded above showing wi-fi networks in my part of the country.   You can zoom in to street level.  Shown here is an area in the central Chicago area:
You can use the map to find your own street and perhaps your own house or apartment.  If you're sitting there now and your wi-fi isn't secured, you are taking a major risk for no good reason.

5 comments:

  1. And WEP is not hardly protection at all. With some simple but very powerful software you can now crack a WEP password in a matter of minutes.. as in 2 to 3!

    I know, I did it to my own network and it was ridiculously easy! And I'm a complete novice at doing it.

    ReplyDelete
  2. Agreed, but it's like locking your car or house door. None of these maneuvers will keep out someone who is actively targeting you, but for the drive-by snoop searching for random victims, they are more likely to pass on to a more easily accessible system.

    ReplyDelete
  3. Somewhat creepily, your Chicago map includes my house, whose dot I was able to pinpoint.

    ReplyDelete
  4. There is another category of danger: those whose wifi routers came with a default WPA password, and never bothered to change either the password or the default network name (which could be something like Linksys824501.) They figure that since they have a secure firewall with a password, they're protected.

    We have taken advantage of just that situation in our apartment, which has very poor wifi coverage in the back bedrooms. So instead of using our own weak router signal in those areas, we use a neighbor's. Which is "secure," yes, but with a default network name and password -- and that password was ridiculously easy to procure from an online list of router model names and numbers. When a person's network name already hands you the model name and number of the router, it's not hard to figure out the rest.

    We have never caused damage to this neighbor's computer system and never will, but the fact that it was so easy for us to piggyback onto that signal -- and thus have total access to their entire system --was pretty eye-opening. It takes two minutes to change your wifi network name and password. Do it.

    ReplyDelete
  5. The "snoop driving by for random victims" would know how weak WEP is. I think you are underestimating how easy it is to crack WEP. I did not full understand until I did it.

    So let's say I get stuck in a predicament where I need the internet and I am away from home. All I need to do is pull out my laptop, insert a cd that will boot it into a free Linux based suite of programs and I will have any WEP key I want in under 5 minutes or so.

    Now imagine someone that WANTS to break into a network. They have the same set of programs and they are much better at using it.

    Just knowing how to exploit an open network means you have enough know-how to get past the tiny WEP hurdle.

    So I am just trying to stress that you should not use WEP, most routers support WPA. And never keep the out-of-the-box passwords... unless you don't care about people getting on your network, good or bad.

    ReplyDelete