Slashdot Mirror

← Back to Stories (view on slashdot.org)

80% of WiFi Networks are still Insecure, Kismet Author Says

Posted by CowboyNeal on from the door-open-with-keys-inside dept.

acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"

13 of 430 comments (clear)

  1. Some on purpose to promote free WiFi. by n2rjt · · Score: 4, Informative

    I leave an unencrypted access point open in the no-mans-land between my broadband modem and my router, on purpose. I think a lot of people do something like that, or even keep their whole LAN open to the access point, in order to promote free WiFi.

    1. Re:Some on purpose to promote free WiFi. by baitisj2 · · Score: 2, Informative

      Sometimes, an outsider will walk onto my wireless network, and do so on a regular basis. My SSID is "PUBLIC", after all. So what I do is once I see a regular user, I either send them a winpopup message or an e-mail message asking them to donate money on a monthly basis to help offset the cost of the wireless network.

      Most people who connect to my wireless network leave some documents shared, so you can find contact information easily. Another score for lax security. Indeed, in the hands of malicious, this could be dangerous.

      Really, the best thing is to secure individual machines rather than entire networks.

      If you were more aggressive, you could use your open AP as a free AP as advertisement media: occasionally, the gateway could redirect the user of the free network to an ad. Or, use the image-replacement tool that was unveiled at DEFCON earlier this year.

    2. Re:Some on purpose to promote free WiFi. by Local+ID10T · · Score: 2, Informative

      Want to bet? I can tap into the wires at pre-existing tap points either on the pole or uner the street. I can plug directly into your circut and the phone company recods will show that the calls came from your home. There will not be any alligator clips or cut wires. I could certainly do this while you are at home. Pure FUD.

      --
      "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
    3. Re:Some on purpose to promote free WiFi. by dgatwood · · Score: 2, Informative
      All one has to do is plug a twenty foot cord into the phone before plugging it into the "network access" jack on the outside of the person's house. This will put enough voltage drop on the line that the phone company shouldn't be able to trivially detect that the call was made from outside the premises.

      Open wi-fi just means that the person could be across the street instead of huddled in a corner behind your house. Frankly, given a choice, I'd rather that people like this be across the street, -away- from my house....

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    4. Re:Some on purpose to promote free WiFi. by Local+ID10T · · Score: 2, Informative

      Locks?

      In some areas, I supose. Around here the boxes are not locked, but are closed with a hex key.

      And plugging in a test set to a built in port is very simple.

      --
      "You want to know how to help your kids? Leave them the fuck alone." -George Carlin
    5. Re:Some on purpose to promote free WiFi. by Woody77 · · Score: 2, Informative

      But the point of demarcation is usally a normal old telephone jack, with your entire household wiring pluged into it.

      I often use mine to trouble-shoot if the problem is internal house wiring, or telco-wiring.

      Hop a fence, disconnect the house from the box, plug in a $10 cheap phone, make your call, and then plug the house back in again.

    6. Re:Some on purpose to promote free WiFi. by jrockway · · Score: 3, Informative

      That's just not true. When they're looking for child porn, they could care less about your priated copy of WinXP. If they did care, they would not be able to admit that evidence to a court, anyway.

      It's the same as the random searches on the T. if they find a bomb in your backpack, you're fucked. If they find pot, they won't arrest you. They legally can't (since they couldn't legally search you).

      --
      My other car is first.
    7. Re:Some on purpose to promote free WiFi. by kbahey · · Score: 4, Informative

      There was a case here in Canada last year, namely in Toronto, where the cop stopped some youth in a car going the wrong way in one-way street.

      To the cop's surprise, this guy had his pants down (i.e. naked from the waist down) in the car, and a laptop with WiFi in it. He was war driving that neighborhood.

      Had he not gone against the traffic, he would not have been caught at all ...

      So, the threat is real. If someone choses to open their wireless LAN to outsiders, then he should know the risks.

      Same thing applies if you run a message board or web site then it becomes a mouth piece for hate speech or terrorism or whatever. If you know the risks and chose to do this regardless, then be prepared for the consequences.

      --
      2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
    8. Re:Some on purpose to promote free WiFi. by Entropius · · Score: 2, Informative

      Well, the telephone box outside my house has a jack with a little note: "Plug phone in here to test connection. If you can dial out, the problem is in your internal wiring."

      Granted, this is 30-year-old wiring, but it exists.

  2. Myth's about WEP by x.Draino.x · · Score: 5, Informative

    Everyone still seems to think WEP is easy to crack. It's not. On AP's 2+ years old new features have been implemented to dramatically reduce the amount of weak IV's given out. For fun, I tested our network here at work, where we have over 300 employee's and multiple access points. And yes, there are plenty of people actually using the wireless network. In 3 days I was only able to pick up 75 weak IV's in Kismet. You usually need in the range of 10,000+ to make a decent attempt at cracking WEP with current tools. Now, if you have the know how to use tools like wepwedgie, or know how to do packet injection using multiple 802.11b cards/devices with HostAP then you may have better luck. But chances are that if someone knows how to use these tools and has the time to do this, they can probably break your network some other way.

  3. Re:PRoblem is I only have wep by grawk · · Score: 1, Informative

    WEP is so insecure that if you're concerned about security, you shouldn't be depending on WEP. Easy to use tools exist to automatically crack WEP just by analyzing traffic.

  4. Re:Ho w To Lie With Statistics by awehttam · · Score: 2, Informative
    80% is consistent with what our surveys over the years have seen in Vancouver, BC. Same in other cities as well.

    Don't talk about lieing about statistics if you haven't done it yourself.

  5. Solution on the cheap by KevinKnSC · · Score: 4, Informative

    Buy one consumer-grade wireless access point/router, and one consumer-grade router. The combination can be had for under $100.

    All local machines go behind the non-wireless router. That router's WAN port is connected to one of the LAN ports of the wireless router, and the wireless router's WAN port goes to the Internet. Now you have the public Internet (unsafe), a wireless purgatory (unsafe in a different way), and a secure LAN (as safe as the non-wireless router/firewall box allows it to be).

    Alternately, the non-wireless router can be a wireless router with the wireless features turned off.