Home WiFi Network Security Failings Exposed 161
An anonymous reader writes "The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."
"Life assistance" = identity theft protection (Score:4, Informative)
If you were in any doubt as to why they were sponsoring a study which discovered something scary about the intertrons.
No password WiFi != unsecured (Score:5, Informative)
My Wi-Fi has no password, and that's a purposeful choice. While evaluating the passwords on WiFi that does have a password is a reasonable analysis, it's not reasonable to call any WiFi without a password as unsecured.
Re: (Score:2)
MAC filtering, right? A surprising number of generic routers from telecom companies do some MAC-based authentication, I've found. I was surprised to discover that my aunt's Orange router made you switch it into a pairing mode by holding a button on the side before it'd let an unfamiliar device actually use the network. So even though this amazing hacker could get through the WEP password in 5 seconds, he wasn't going anywhere.
Re:No password WiFi != unsecured (Score:4, Informative)
Re: (Score:3, Funny)
On the other hand, simple MAC based filtering is a perfectly effective way of making it clear that the Wifi is not intended for public use. It's not a half bad option if you don't really care much but want to let normal polite people know your intentions.
It will also keep MOST people looking for free Wifi out.
The ideal MAC filtering sends all un-approved devices to the MITM box to log their facebook credentials and post really awkward messages on their page.
Re: (Score:2)
Re: (Score:2)
That was a joke son...
As for the MAC filtering, if it refuses to allow association, it makes it quite clear the network is closed and that there's no offer available to get it open (unlike a customers only hotspot where a password might be available if you buy something).
Re: (Score:2)
Interception of transmissions which are not intended for you is clearly illegal
And how do you know if it's intended for you until you intercept it?
Re: (Score:2, Interesting)
Spoofing is misdescribing things a bit. It's not like spoofing an IP address where you present an address diffferent to that you're actually using and which can cause issues with a lack of return traffic (data being sent to the spoofed IP).
Usually your MAC address can be user set using ifconfig - something like
ifconfig eth0 hw ether 00:01:02:03:04:05
That then becomes your MAC address. It's not being spoofed, it's the address your card has and will present when connected to a network.
Re: (Score:2)
No. Technically it is spoofing. Every network adapter has a unique address assigned to it, typically stored in some firmware within the NIC itself. The whole purpose is to make that particular interface globally identifiable.
Now, if you change your NIC's MAC to someone ELSE'S MAC, you are spoofing their MAC. IE, you are pretending that your NIC is in fact someone else's, even though it's not. For the sole purpose of attempting to gain access while masquerading as the other device.
That's pretty much the de
Re: (Score:2)
I'm not sure if you didn't read or didn't understand my post.
What I did was point out the fundamental difference between spoofing a MAC address and an IP address.
Once you change the MAC address, it becomes the address of the card. Sure you could use that to spoof the identity of another device on the network, but that's a consequence of your intent, not of changing the MAC address.
When spoofing an IP address, that act itself fits your definition of spoofing.
You may wish to use one term for two very differen
Re: (Score:2)
bum! headshot
Re: (Score:2)
I do MAC filtering, yes, but I also do all of my communications over the wireless with an SSH tunnel. I'm only relying on the MAC filtering for a very limited and spoofable form of access control.
No, it's open because I want it open. One of these days I'll get some traffic prioritization set up and merely categorize by MAC address. Anybody can use my wireless connection, but I get first dibs on all the bandwidth to the outside world.
Re:No password WiFi != unsecured (Score:5, Informative)
Not if the communication is not encrypted and there is any traffic at the time.
Re: (Score:2, Insightful)
Even if it is encrypted, you'll see the MAC in the clear.
Re: (Score:2)
Not sure about that. (Score:2)
Putting aside the fact that MAC spoofing is childs play (check the man page for ifconfig) all manufacturers of networking equipment have their own blocks of MAC addresses.
So you can try MAC addresses similar to well knwon routers and I suppose you would be in in no time.
Re:No password WiFi == unsecured (Score:4, Insightful)
You seem to be confusing "unsecured" with "insecure". They do not mean the same thing.
Unsecured WIFI means you have no password..
Just because it's intentionally unsecured doesn't mean it's not unsecured.
Re: (Score:2)
Yes, but if we're going to parse the words that closely, I'll jump in on the side of the OP. Perhaps it's true to say, strictly speaking, that the WAP itself is "unsecured". But if the WAP is unsecured by design (i.e. the design of the *network*), than I'd say it's inaccurate to say that "the network is unsecured".
I leave my AP open to the public on purpose. I have no less fear of an attack on one of the machines hosted on that network through the wireless interface on the router than I do through the WAN i
Re: (Score:2)
You are confusing the network with the machines on the network. A unsecured network simply means you are able to send and receive packets on the network that other devices (if any) on the network can (if they chose to) accept, and/or respond to.
If the WAP in unsecured by design, the network is unsecured (assuming normal things like the WAP actually routes packets to and from the wired network OR to and from other wireless devices OR both).
Re: (Score:2)
Re: (Score:3, Interesting)
Do you filter outgoing mail and do you take any measures to prevent forum spamming?
What? (Score:2)
Do you really think someone is going to sit outside his home with a laptop for an extended period of time just to post crap on some forums? Why would a spammer do that if he can just use the botnet from the comfort of his home?
You are paranoid.
I leave my wireless open. No, people who connect cannot access the rest of the machines on my network except through ssh. All my friends and visitors find it convenient, and probably some strangers too, just as I find other peoples' open networks convenient.
Re: (Score:2)
War driving is a common technique and I've had at least one customer's WIFI hijacked by a spammer.
And of course there are worse things they can do with your internet connection. [securityfocus.com]
Re: (Score:2, Insightful)
Some of us are quite happy to provide a little bit of free access to those who need it.
also, it helps to have a little bit of plausible deniability when ACS:Law come calling...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Red Robin (yum) (Score:2)
I've always wondered why they don't print temporary credentials on the receipt.
Sit-down restaurants don't present a receipt until after the meal is over. The person serving you would have to bring out the credentials with the drinks.
Re: (Score:2)
If someone leeches your internet to grab child porn or to communicate with terrorists then
When they confiscate and examine your computer they will find no evidence of child porn or terrorist emails. Plus, there's relatively damned little of that going on; your risk is zilch.
But beyond just that there are always 0-day hacks out there and letting someone freely roam your LAN is like begging to be compromised.
There's damned little of that as well. Your fear is unwarranted; you're more likely to lose your data
Re: (Score:2)
Or some of us have enough space between neighbors that it's not particularly critical. My nearest neighbor is separated from my wifi network by 10 acres of aspen and pine trees.
Umm, no. (Score:5, Insightful)
My Wi-Fi has no password, and that's a purposeful choice.
Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.
Supposed you have a bicycle. You chain it to a lamppost. It is now secured.
Supposed you take the same bicycle and decide purposely to not chain it to anything. Just because you decided not to chain it doesn't make it magically secured. It's still unsecured, you just made the decision not to secure it.
Re: (Score:3, Insightful)
However, in the latter case, you can no longer be said to have failed somehow.
Re: (Score:2)
But there are other ways to secure a bicycle like... ok, the metaphor is breaking down so I'm going back to reality. MAC filtering, guest SSIDs, or firewalls are all valid ways to secure your network while not encrypting the signal.
Umm, no... again (Score:2)
Re: (Score:3, Insightful)
Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.
Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.
New WAP Default, Please? (Score:2)
Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.
Which is just how all WAP's should come out of the box:
MyNetwork SSID w/ WPA2 for LAN connectivity - include a couple keychain tags with the default 'AOL-style' password on it
GuestAccess SSID w/ no 'wire' encryption or local access controls
Re: (Score:2)
Re: (Score:2)
Thanks
Re: (Score:2)
Well, my wifi is sitting on one zone of a multizone firewall I have set up using a Linux box. I also run web servers, mail servers, and some other stuff, so I've made an attempt to harden my network a bit against people trying to break in.
I treat the wifi zone the same way as I treat the external Internet zone, except they get to talk to my DHCP server and use my caching relay DNS server and the rest of the world doesn't.
Re: (Score:2)
Actually, most wifi routers have their own DNS servers these days and set up NAT automatically.
No password may be a feature not a bug (Score:5, Interesting)
There is no way to know if the open wifi networks are open intentionally or not. Just ask Bruce Schneier [schneier.com]. Saying they're "open to criminals" is biased, maybe "open to visitors" would be more appropriate. How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?
As I understand it, solely because there hasn't yet been a widely publicized child porn conviction involving coffee shop Wi-Fi.
Re: (Score:2)
Re: (Score:2)
All that matters is that the RIAA is going to come after YOU if someone ELSE uses YOUR network.
OT Question (Score:3, Interesting)
Honest question here. Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house? Yes, I'm in the US. I know I can use the TOR network, but frankly, I'd rather not. Is there any legal way I can share my network connection to those that need it without setting myself up for a world of hurt?
Again, I realize this is OT, but it's an honest question.
Re:OT Question (Score:5, Interesting)
Yes. Vote in the November election. Lobby your congresscritters to keep the common carrier defense applicable to the Internet.
Re: (Score:3, Interesting)
Leaving your wireless AP open doesn't make you a common carrier. From Title II of the Communications Act of 1934:
(h) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this Act; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.
Running an AP basically makes you a person engaged in radio broadcasting, and as we see, that is explicitly not covered. Likewise, if you're not carrying traffic for hire and aren't under an FCC license, then you are also not covered.
But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.
Re: (Score:2)
But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.
Your right, you don't know what you are talking about. An AP is NOT radio broadcasting in the scope of the regulation you posted.
Re:OT Question (Score:4, Interesting)
Not in the sense of a W or a K station, but its still broadcasting radio traffic. It still doesn't make you a common carrier due to other restrictions. Most things people think are common carriers aren't and never were. Likewise, "safe harbor" means that if the carrier meets the requirements for compliance with CALEA, that they can't be held liable for not being able to do anymore.
Either way, the end case is the same. Neither of these constructs have anything AT ALL to do with whether or not you're going to get boned if someone jumps on your AP and starts committing crimes.
Re: (Score:3, Insightful)
Thanks for responding in a civil manner even though I was a bit snarky.
When you get down to it, any 'radio' is broadcasting if you define the area of measurement narrowly enough.
Re: (Score:2)
Sorry, I didn't mean to imply that merely keeping the status quo on common carrier would work for this case. But turning around the general trend that we've been seeing of making everybody liable for everything would be a step in the right direction. It's a damned shame that the old days of open WiFi everywhere are largely gone.
Republicrats (Score:2)
Vote in the November election.
For one Republicrat or the other Republicrat? As I understand it, child pornography and terrorism are not issues whose policies vary between the respective platforms of the two major U.S. parties.
Lobby your congresscritters
How do you propose to outlobby the "for the children" crowd and the Motion Picture Association of America?
Re: (Score:2)
Get a VPS in another country. Establish a VPN connection from your router to your VPS. Route all traffic from the open AP through the VPN.
Re: (Score:2)
Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house?
If you're really worried that they're going to download CP or troll the POTUS, then you probably just shouldn't do it at all. Yeah, the internet is epoch defining communication tool and a great source of entertainment but I seriously doubt your neighbours' lives are going to grind to a halt if they can't browse Craiglist for the next single woman to keep in their chest freezer.
Re: (Score:3, Informative)
ipcop firewall with a red green and blue interface. run them on the blue interface and run dans guardian on it as well as limit the bandwidth and ports allowed.
20 minutes work. and less than $60.00 if you find a Nokia IP130 firewall used.
Re: (Score:2)
Not possible. If a letter threatening the President comes from your IP, you will be investigated by the Secret Service. Even if you segregate your public wifi from your private wifi, that does not clear you from suspicion. There's nothing stopping you from connecting to your own public wifi and pretending to be a neighbor.
You give them accounts and passwords.. (Score:2)
Is the leasst you should do ...
Lets face it... (Score:5, Interesting)
Re: (Score:2)
Because on MOST home setups, access to the network is raw access to the machines. Access to the router setup (compromise and redirect EVERYTHING, bypass IE security zones, etc.), access to the local printers, access to the filesharing ports on the computers, etc. It's a bit more serious than just "could theoretically read all incoming/outgoing unencrypted data".
There is rarely a firewall for a wirelessly connected user (because it's seen as a trusted network once you're on it), thus a simple "net use \\ip
5 seconds? (Score:5, Funny)
He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."
I'm impressed. I can't connect to my own wireless network in less than 5 seconds.
Re: (Score:2)
Not Shocking (Score:5, Insightful)
And yet, the world keeps on turning.
Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.
Re:Not Shocking (Score:4, Insightful)
Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.
But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.
Re: (Score:2)
Re: (Score:2)
When they seize the computer in the house and find the downloaded music on it the argument becomes rather difficult.
Nobody has gotten any fines or judgements without having their computer seized and examined.
Re: (Score:2)
I'm not sure judges and juries can't be convinced it's a likely scenario. I don't offhand know of any conviction simply from net traffic, without supporting evidence, such as what's on the computer. On the other hand, I don't like the idea that somebody uses my connection for something bad, and the police haul off the family computers for an undefined period of time.
Re: (Score:2)
This HAS [torrentfreak.com] been used successfully in a file sharing defence.
Re: (Score:2)
But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.
This is actually less likely than people seem to think. Courts (and more importantly, police) have tended to allow for the unsecured/cracked wifi defense because hackers/bad people tend to use them. For example, Downloading child porn. Botnets. etc. The innocent bystander defense usually works.
If someone has vacant rental home and meth heads break in and set up a secret lab to "cook" meth, the homeowner is not responsible for their actions. He's as much a victim as anyone else.
Re: (Score:2)
But we need more people AFRAID.. the world is better with rampant fear....
LOOK OUT! ther's terrorists hiding in the bushes behind you!
Re: (Score:2)
The scary part though is that a determined thief could be monitoring your traffic and you would never know. If someone smashes a window and breaks into your house you will know about it. If someone is monitoring my traffic while I'm trying to file my tax returns, for example, they might have all sorts of valuable information about me and I would never know. Especially if I am the sort of under-experienced user that leaves my wi-fi open.
scale difference (Score:2)
there's a subbtle diference :
- a burglar can only be physically in one home at a time
So your possesions are at risk only if he broke specifically in *your* house. If the burglar is in neigbours' - your possessions are safe (for now)
- whereas, a war-driver can usually see a smal city block while sitting comfortably in his/her car (even farther using special antenas)
So your local network (if WiFi isnt'correctly segregated) is at risk,as soon as an evil-hackerdrives in the neighbourhood. Both your local netwo
Re: (Score:2)
Or even delivered at all... http://news.bbc.co.uk/1/hi/england/manchester/8141241.stm [bbc.co.uk]
Rubbish. (Score:4, Informative)
"* We found that nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals."
So that's not just home networks then, that includes businesses deliberatly running open wifi as a service to visitors, and all sorts of commercial access points that are "open" in that they get you to a login provider for the service, which you then have to log in to? How many these "private wireless networks" are adhoc wireless on one PC connected to nothing in particular?
The first link is just an advert selling snake-oil, the second contains no information to speak of. No link to any "report" at all.
Here's what I think of all those unsecured WAPs (Score:2)
Good.
Re: (Score:2)
It's okay, I make decent money now, and I know what it's like to not have *any* money.
So cute... (Score:2, Insightful)
Re: (Score:2)
unprotected WAP? sure, I hacked my old cell phone to get WAP without paying verizon. but I think the good folks up above were talking about WiFi.
Re: (Score:2)
WTF? RLY?
LOL!
If it only takes 5 seconds to 'break in' (Score:3, Insightful)
Re: (Score:2)
RTFA, it's even in bold:
According to CPP a typical password can be breached by hackers in a matter of seconds
So this isn't open access points - it's networks that are locked down (with WEP)
Re: (Score:2)
Where's the break-in kit? (Score:2)
Where's the software suite that lets me set up P2P software, a giant list of usenet down- or uploads, or any task for later execution, then constantly searches for open wi-fi, connects, and does the task(s)? Surely someone has written something simple to set up that works automatically.
It sure would be nice if EvilMe (tm) had a VM on my laptop that was constantly doing all my EvilDeeds (tm) in the background.
They're not thinking ahead (Score:2)
I wish that "ethical hacker" clown had kept his head down and his mouth shut. Given how far down the road the UK has already gone toward a society like Big Brother's wet dream, relatively easy access to Wi-Fi without some government snoop leaning over your shoulder might be one of the few remaining freedoms.
WiFi? Secure?? (Score:2)
I thought the present state of the art was that WiFi "security" was impossible - any system, including WPA2, could be hacked in less than an hour. WEP goes down in seconds. WPA in minutes. MAC address filtering is just a DOS - when the hacker uses your MAC address you are blocked because of a duplicate MAC address on the same network.
So why is anyone concerned about security on a WiFi network? How could there possibly be any security at all?
Perfect fix for wireless security failings (Score:2)
Turn the wireless off and plug in some Cat 5. Problem solved.
Re: (Score:2, Informative)
Unfortunately that only changes the login for your router admin page. That has nothing to do with WEP/WPA/WPA2.
Re: (Score:3, Informative)
This points out a major issue, many non technical users often do not know the difference between security of the router and security of the wifi signal itself. Many people just change the router's password and think they are "safe".
Security is bad (Score:2)
Re: (Score:2)
I have verizon DSL, and when I called for help/to complain (my connection was dropping), the tech on the phone couldn't fathom why I'd changed my administrative password. He slowly guided me through typing in a default name/pw (which I'd changed a year ago) and wouldn't deviate from the script when I told him mine was different and to hold on a second.
Though, as a linux user, I'm used to lying to technical support: "Yes, sir, I can click start->run->'cmd' "
Re: (Score:2)
Sure it's not common practice, but that's not to say that it doesn't or couldn't happen, it's still a risk and really a stupid one to take.
Re: (Score:2)
It's a risk, but without a lot more data regarding the density of hackers per square km in his area, I'd hardly call it stupid.
Re: (Score:2)
Oh wait, that's not scary at all because people don't do that.
What reason do you have to believe that people don't do that?
Re: (Score:2)
WPS in my experience tends to be hit or miss, I don't think that any of my hardware actually supports it, apart from one of the access points I had. Unfortunately, things like my Wii and PS3 don't seem to support it, which is a shame given that when done properly it's b
Re: (Score:3, Interesting)
Why is it so hard for industry (default configurations) to move from open or WEP to WPA? Sure, WPA isn't perfect, but it does represent a significant increase in difficulty for hackers.
I use WEP+MAC filtering because I have a really old WiFi card that doesn't handle WPA and no reason to replace it.And to be blunt, that's just fine; it deters the neighbors enough to stop them using my 'net connection. It won't stop a determined hacker, but exactly when is that going to be a problem?
Re: (Score:2)
my favorite is war faxing...
dial a fax number and have two pieces of black paper ready, tape them together and start it feeding, then tape it into a loop.
When the offending company comes to the office they will be out of fax paper and toner.
for bonus points, program their head office's main fax number into your fax machine as the reporting number...
Re: (Score:3, Funny)
Re: (Score:2)
Someone on my street is broadcasting an SSID of "hornygirl", so I have to bring my smartphone trick-or-treating this Halloween.
Careful with that. It could be the 45yr old, overweight male divorcee that is always looking strange at the little boys in the neighborhood. You'll be sick for days after you find that out.
Much better to stick to the mental illusions you construct yourself.