CNN Notices that WiFi is Insecure
josh3736 writes "From CNN comes an article that makes painstakingly obvious to the public what we already knew: 802.11 security is horrible. The article points out that nearly 40% of wireless network APs haven't even been changed from defaults and as many as 80% of home APs have encryption disabled. The article goes on to say that '[t]o make matters worse, users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software.' It also accuses WiFi manufacturers of disabling security measures by default to make wireless easy to the lowest common denominator. My favorite quote? 'Experts say that while Wi-Fi hardware makers have made initial setup easy, the enabling of security is anything but. Meanwhile, average users are no longer tech savvy.' Which is to say that they at one point were?"
Not only do WiFi equipment manufacturers disable most of the security by default. Some blame any connectivity issues you are having on the encryption (see How stable is WEP).
Personally, I would love to see some more options when it comes to turning WEP on. Since my laptop connects in both a wired and wireless manner to my network, it would be great is some software generated a new WEP key to use each time I went wired. I see no reason that the end user would need to be involved, any weakess on the part of the pseudo-random generation of a new WEP key would be less insecure than having the same one for months on end.
paul reinheimer
I enjoy the fact that most idiots have wifi encryption disabled and the defaults set. It makes my life easier when I'm biking or traveling with my laptop or ipaq.
Most residential and a lot of commercial areas give me free access to the internet - they may or may not know it, I don't really care.
I don't check my email or browse until I vpn into my home network. Just in case someone is sniffing packets - lets not make it that easy.
And the reason that Linksys and the rest of them don't enable it by default - tech support costs.
users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software
I wonder if this would be a new, easy way for people to start a new worm/virus infection. Wardrive down the street, map a few hundred potential victims, and come back later and put the bugger in the "Startup" menu on Windows PCs. Ack.
The average WiFi user was tech savvy too, back when only us computer geeks used it. But now that Best Buy is convincing people they need WiFi to hook up their printers, things are not so secure. Once a technology goes into mass use, the onus for security and functionality rapidly shifts to the manufacturer instead of the user. Unfortunately, most companies just shrug off these problems until we start seeing catastrophic side effects.
It would be nice if Homeland Security could take a break from trying to find terrrorists by which shoelaces they buy to enforce technological security mandates. Unsecured WiFi networks all over the country are very useful to criminals and terrorists.
Yesterday while watching TV over a buddies house I saw a commerical that Verizon is going to be giving away (after you mail in the rebate) a wireless hub with all their new DSL subscribers.
This just frightens me.
I'm just imaging the sheeple who will order DSL, get this wireless router, follow the nice glossy fold out instructions and set the thing up, with no understanding of wireless security whatsoever.
Yes Francis, the world has gone crazy.
He said, "As long as I live in this city, I'll never pay for Internet again." We'll see if that remains true when consumers with wireless routers wise up and turn on some of the security features.
--Residential Interior Design
I have intentionally left WEP off on my AP at home. I use ssh or https for anything sensitive, but I want my visitors to be able to connect via my home
network without sophisticated configuration on their side (and of course, without telling them my WEP password).
My home network is connected via Linux firewall, so I can cut the access or install traffic shaping when the problem occurs.
-Yenya
--
While Linux is larger than Emacs, at least Linux has the excuse that it has to be. --Linus
Once upon a time, the average user *was* tech-savvy.
Back before computers put a pretty appearance on everything with Windows XP wizards, or even 98, you had to know DOS to get anything done on a computer system, you had to know keyboard commands, and a basic idea of what the ports on your PC did.
The "average user" was more tech-savvy because there were fewer uses back then, since the learning curve was higher.
Now, with everything plug-and-play, it's much easier to not understand what's really going on inside the magical blue-and-black or grey box with a pair of antenna sticking up from the sides of it.
On my system, I use a Belkin 54G access point. SSID belkin54g. No crypto, no authentication, no MAC filtering. But, you're not going to get anywhere off the wireless segment if you connect to it. The firewall behind the WAP is configured to drop all traffic except the encrypted PPTP tunnels which the wireless clients actually use to connect to the wired infrastructure and the external router. Thus, anyone is welcome to try and get onto my network, but without having a valid account on the 2K3 Enterprise Server box playing router/connection master, and knowing the encryption keys, they're going to get precicely nowhere.
Wi-Fi out of the box is of course insecure. It can be made secure with a number of different methods (WEP not being one of them, heh, but there is WPA and other things). I believe one of the best features of Wi-Fi is its ease of setup and use -- if you have an open AP, anyone who comes over to your house can just use it with no or almost no configuration. It's incredibly easy and convenient.
What's the drawback? Anyone in your neighborhood has access to your local network. But it's unlikely that someone who wanted to h4x0r you would drive up your street and sit in front of your house. It is of course possible, and depends on your neighborhood. If you're the type who locks the house even when you're at home, then definitely get a security protocol. If, like me, you leave the garage door open and doors unlocked, then securing your Wi-Fi isn't something I would worry about.
So this is no surprise, but neither (in my opinion) is it a big deal.
I just love how I can take my laptop almost anywhere and get Internet connectivity. Last week I was at my mom's house doing some work on geneaology with my laptop and when I booted up, lo and behold - a wireless connection that was wide open!! It was nice to be able to check my e-mail and look at research sites online right then and there rather than either having to dial in or wait until I got home.
I've seen the same thing lots of other places including a friend's apartment in Minneapolis where I found 3 wireless access points, only one of which was encrypted and at my own single family house, I get two open wireless connections besides my own encrypted one.
I have to agree that setting up the secured connection are not obvious, especially when you have one manufacturer's access point and another manufacturer's wireless product in your laptop. It took me a little head scratching and trial and error before I got mine working.
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
"Do the Right Thing. It will gratify some people and astound the rest." - Mark Twain
The problem is not the product, but the consumers. Now, I might be wrong about this, but I am willing to bet that all access points, WNIC's and other accessories come with something called a "manual"! If you were to actually *read* one of those, by accident or intent, you might discover how to acutally use your newly accuired product! Only thing is that people don't bother anymore... They expect everything to be so userfriendly that it will install itself and automatically know how you want the settings to be!! Maybe they could put little warnings on the packs like with ciggaretts.. "warning, the DOJ says that not properly securing your accesspoint can be hazardous to your privacy bank account, and or bandwith".. Heh
Have you actually done it? I have been running Airsnort in my apartment with two encrypted nets visible and have had absolutely no results so far. Probably not enough traffic, but also thought THIS article interesting. Would be nice to hear if anybody has actually been successful or just repeating the 'myth'(?).
try { do() || do_not(); } catch (JediException err) { yoda(err); }
I have to use the default Windows XP configuration tool (which sucks, IMO)
I've often thought Microsoft should rename their "Wireless Zero Configuration" utility to "Wireless Zero Connectivity."
Because that's what you end up with: an intermitent link that you can't troubleshoot because you just can't get enough information out of it. To make matters worse, when you have this "service" enabled, it makes multiplayer gaming impossible. It actually disconnects from and reconnects to the AP every minute or two, with predictable results (stutter, even disconnection from the server.) To make things even more fun, it prevents third party configuration tools from working (like linksys' for example, though I believe Intel's will work properly.) There aren't even any usable workarounds.
Linux may not support nearly as many devices as Windows does, but at least YOU can decide who's tools you want to use to control them!
What part of "shall not be infringed" is so hard to understand?
My in-laws just got high speed access through Comcast. Instead of a standard cable modem, they were given a Linksys wireless router (branded as Comcast). I placed the order so I know we didn't ask for this, since I went out a bought a wireless router for them already. So now I get there and they have a wireless router with WEP turned on but no key entered and no one bothered to leave the password so I could set it up properly. It took me an hour on tech support before they could get me the login and password. I can't imagine many of the non-tech savy people going through all of this.
Viv
Gmail invites for ip
Couple of years ago when 802.11b was kinda new, i did some testing of this sort of thing.
The fast crack using weak frames worked then. It doesn't work much now, if the boxes are using newer hardware.
The slow crack where you get enough packets to figure out the key worked then and now, but in order to actually do it back then I had to set up some continous traffic to get enough packets to make it work. We're talking millions of packets here, and it just takes forever to see enough to do it, with 112/128 bit WEP.
Can they get in? Sure.
Will they get in? They're going to have to really want in pretty badly or live nearby and be bored enough to capture for a long period of time. And if they just want free network access, they'll find the easier target like the unsecured one down the street. Or pay the 3 bucks at the nearest hotspot for the hours worth of access.
WEP is not secure, but in 99% of cases, it's secure *enough*.
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
This is precisely why I standardized my whole network on Linksys products. Once I did, all of my compatability problems went away - and administration is a breeze.
I have a carboard box full of old NICs that I acquired cheaply, thinking at the time that I would be able to save a buck. What I saved in money, I lost in time trying to get all the disparate cards to work on various machine architectures and operating systems. I finally broke down and bought all Linksys - at the time a basic 10/100 ethernet NIC was only $10 (now they are $25...must have caught them on sale at the time...) I plugged them in my Linux and Windows machines - and they just worked, right out of the box.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
I run an open access point and my neighbor does as well. Anything (and I mean anything) more than computer games and unimportant chat sessions I tunnel through ssh/ssl or something similar.
/. aren't in favor of open access points. They seem to fit very well into the whole 'information should be free' value system that many geeks have.
Why do I leave my access point open then? Because on average I only use maybe 3% of my bandwidth and I don't see any reason that one of my neighbors shouldn't be allowed to use some of it when I don't need it. When I first moved in and didn't have my own broadband yet I was very happy one of my neighbors left his router unsecured.
I'm actually quite suprised that more people on