Slashdot Mirror

← Back to Stories (view on slashdot.org)

CNN Notices that WiFi is Insecure

Posted by CmdrTaco on from the caught-with-your-pants-down dept.

josh3736 writes "From CNN comes an article that makes painstakingly obvious to the public what we already knew: 802.11 security is horrible. The article points out that nearly 40% of wireless network APs haven't even been changed from defaults and as many as 80% of home APs have encryption disabled. The article goes on to say that '[t]o make matters worse, users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software.' It also accuses WiFi manufacturers of disabling security measures by default to make wireless easy to the lowest common denominator. My favorite quote? 'Experts say that while Wi-Fi hardware makers have made initial setup easy, the enabling of security is anything but. Meanwhile, average users are no longer tech savvy.' Which is to say that they at one point were?"

13 of 417 comments (clear)

  1. Just how do you setup WEP anyway? by LostCluster · · Score: 5, Insightful

    One major flaw I see in telling people to enable WEP on their WiFi is the first question I'm sure to get back is "How do I do that?" and, well, the instructions for doing that are different for each and every item on their network.

    What's more annoying is that people think the "passphrase" they type into their router a the WiFi key rather than what it usually really is, the random seed from which their router generates the actual keys. They type their passphrase into their other devices when they're supposed to type a key value, and then they wonder why it doesn't work anymore when it was working just fine before they tried this security stuff.

    I've had friends who I thought were tech savvy get tripped up over this stuff. I blame the router-makers for not providing software that makes this a whole lot more of a user-friendly experience. We as the IT industry are badly failing at this... and having a lot of open WiFi points will just make our other headaches such as spam and viruses worse in the end. This really needs to be addressed for the good of the Internet.

    1. Re:Just how do you setup WEP anyway? by Oxy+the+moron · · Score: 5, Insightful

      I own a linksys 802.11b router and it came with an 802.11b PCMCIA card. I had no problems getting WEP to work on either the router or my laptop. Linksys did a great job making the process easy with the router's web-based config and the configuration tool software that is provided in the package for the card. I came up with a passphrase and I could easily apply it across the board.

      However, when I bought a new laptop with 802.11g wireless built-in (not from Linksys) I started having all sorts of problems trying to get the new laptop connected. I have to use the default Windows XP configuration tool (which sucks, IMO) and even when I do get connected with WEP enabled, the speed is horrible. And I'm of much higher technical aptitude than those mentioned in the article.

      My point? I think the ease of configuring wireless depends totally on the manufacturer, and whether or not you have all your products from the same manufacturer. And none of them do a very good job of telling the consumer how to protect themselves.

      --

      Proudly supporting the Libertarian Party.

    2. Re:Just how do you setup WEP anyway? by Minna+Kirai · · Score: 4, Insightful

      One major flaw I see in telling people to enable WEP on their WiFi is the first question I'm sure to get back is "How do I do that?

      So what? It's not like WEP provides security. It's a fundamentally broken protocol.

      CNN is engaging in dangerous misreporting. They spun it so that insecurity is the AP vendors' fault by making WEP difficult to activate. This will lead viewers to believe that once they manage to enable WEP, they're safe. And that's just absolutely wrong. You'd be safer with no WEP and higher-level encryption (although running secure application protocols is even further outside the imagination of typical consumers).

    3. Re:Just how do you setup WEP anyway? by sadler121 · · Score: 4, Insightful

      WEP is completly insecure, and can be broken really easily, its really not worth it. I think making sure you are not broadcasting your ID, and setting up MAC address filtering, is the way to go. That would keep war drivers from 1)Finding your network, and 2) Connecting to it.

      As for war drivers sniffing passwords and stuff out of the air, all you would have to do is make an effort to use secure methods of transport, like SSL,TLS, etc, which is way stronger and harder to crack. we forget that plain text passwords, etc. are just as harmful on a wired network then on wireless network. Would you submit your CC information to a company, on a WIRED network, that sent your information with out encrypting it via SSL? Of course not! Same as with Wireless networks.

    4. Re:Just how do you setup WEP anyway? by austad · · Score: 4, Insightful

      It's better than nothing though. If I go wardriving, I'm not even going to bother with networks that have WEP enabled, because in my experience, about 70% of the networks are completely open. Why not just use one of those?

      Enabling WEP is a deterrent. No one is going to waste the time breaking your WEP key unlesss there is some reward for it that they can't get elsewhere. It's just like locking the door on your house, it's a deterrent. If someone wants to get in, they will kick the door in or break a window.

      --
      Need Free Juniper/NetScreen Support? JuniperForum
  2. Why They Aren't Secure by monkeyman_67156 · · Score: 4, Insightful

    The very reason that Wi-Fi networks exist is that they provide simple, easy-to-use network connectivity wherever you are. Security takes a backseat to ease of use. The equipment manufacturers don't want to have to deal with the support calls if they would enable security features, such as WEP, out of the box. Adding security to Wi-Fi networks makes them harder to use and less appealing to the average consumer. Thus, it's easier for manufacturers if consumers remain blissfully unaware of the huge backdoors into their networks. But then again, anonymous internet access from my neighbor isn't that bad.

  3. Absolutely by Safety+Cap · · Score: 4, Insightful
    Back in the good old days of pre-Win 3.1, when people were using DOS + QEMM, the quality of calls on the old Q'Deq helpdesk were much higher. Instead of asking "what's an autoexec.bat?" the average user would be more interested in which interrupts we were tripping (for the record, int 21).

    Once the 'puter became a household appliance instead of a hacker's toy, that's when things started to go downhill.

    --
    Yeah, right.
  4. Re:Being a lazy fellow... by Coos · · Score: 4, Insightful

    Not only depressing: Despite your shiny new WEP key, if 'god' is smart enough to use google to find a WEP crack script, and to not announce his presence in future, he's probably *still* logged into your system. There is no WiFi security at present - do it all elsewhere (firewall, encrypted protocols, VPN).

  5. A follow up article... by stratjakt · · Score: 5, Insightful

    ... has the not surprising statistic that 90% of home users DONT GIVE A FLYING FUCK if the family PC (which they consider no more than an expensive Nintendo/source of free music) is hacked.

    --
    I don't need no instructions to know how to rock!!!!
  6. Re:WiFi not for mainstream? by Feanturi · · Score: 4, Insightful

    Now, I might be wrong about this, but I am willing to bet that all access points, WNIC's and other accessories come with something called a "manual"! If you were to actually *read* one of those, by accident or intent, you might discover how to acutally use your newly accuired product!

    That is so very true. The average person (not just computer user, I'm talking average PERSON) is horrified at the thought of having to read a manual in order to understand how to use a gadget. When I'm working in someone's house, I am often asked silly questions like how to hook up a stereo or how to set the time on a desk clock, or how to get picture-in-picture on their snazzy new HDTV. I like to suggest that they check the manual that came with their device, because it will certainly be in there, and then watch the look of horror on their face as they realize they have to learn something now. It's really quite amusing.

    And if they're a computer user, they're no different. They can have a nice big fold-out diagram of their new HP PC with color-coded connectors and nice pretty pictures and they still don't want to read that, they want a person who already knows how, to set it up for them. The average person wants to do the least amount of work to be able to use their tools, that's the bottom line.

  7. historical perspective by Dun+Malg · · Score: 4, Insightful
    '...Meanwhile, average users are no longer tech savvy.'

    Which is to say that they at one point were?

    The average computer user in 1970 could probably figure out how to turn on WEP, were he/she transported to the present day. This is the same thing that happened with automobiles. In the early days, automobile owners had to be adept at mechanical repairs. If you read "The Grapes of Wrath" , at one point one of the characters is honing the valve seats on his truck in a campground. That was the 30's. By 1960 you'd be hard pressed to find a car owner that could do a valve job on his car. Computers have become a commodity item, just as cars did.

    --
    If a job's not worth doing, it's not worth doing right.
  8. Re:Sure... by Moraelin · · Score: 4, Insightful

    Rudeboy1, there is just one problem with this snotty "it's not our product that's crap, it's those idiot users" attitude that's plaguing the industry.

    The problem is that those "idiots" are paying your salary. In fact, if the industry remained an exclusive club where only the High Priests of The Sun (or IBM) have access to the Sacred Computer Room, your employer likely wouldn't even be in business. We'd still not need much more than whatever proprietary peripherals are officially blessed by the computer's manufacturer.

    The growth of the whole computer industry was done precisely by promising ease of use to idiots. The fact that you can sell hundreds of thousands of cards, and not just hundreds, is precisely _because_ you're selling stuff to those idiots. Under the explicit promise that it'll be secure enough and easy to use.

    And I'd like to see the people in this industry actually keeping their promises for a change. Because what everyone, including your employer, is doing is _fraud_. They're making some very explicit promises to get those people's money, but have no intention of respecting those promises.

    You know what's the only difference between the computer industry nowadays and the snake oil peddlers of the old days? The snake oil charlatans knew that they're frauds. They didn't feel a need to call their victims "idiots" and other insulting names. That's all.

    In a sense, the snake oil con artists were actually more honest. And a lot less snotty.

    Just something to keep in mind the next time you feel a need to insult the user for your product's shortcomings.

    --
    A polar bear is a cartesian bear after a coordinate transform.
  9. Re:Sure... by timeOday · · Score: 4, Insightful
    It would be nice if Homeland Security could take a break from trying to find terrrorists by which shoelaces they buy to enforce technological security mandates. Unsecured WiFi networks all over the country are very useful to criminals and terrorists.
    No, no, no, please don't ask for that.

    Look, the Internet is not a secured network - not just WiFi but in general. Let's keep it that way.

    I'm glad it doesn't take a license to make a telephone call or use the Internet, even though somewhere, some terrorist is making phone calls. Trying to turn the Internet into some little closed system would be cutting off your nose to spite your face.

    As for WiFi security, it's funny how we're still getting this endless deluge of "OH NO! WIFI IS INSECURE!!!" alarmists. The reason people don't care is because it doesn't matter very much. There just aren't many good horror stories about somebody's life getting ruined because their wireless network was compromised.