80% of WiFi Networks are still Insecure, Kismet Author Says

acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"

Some on purpose to promote free WiFi.

[n2rjt]

I leave an unencrypted access point open in the no-mans-land between my broadband modem and my router, on purpose. I think a lot of people do something like that, or even keep their whole LAN open to the access point, in order to promote free WiFi.

Re:Some on purpose to promote free WiFi.

[jrockway]

That's just not true. When they're looking for child porn, they could care less about your priated copy of WinXP. If they did care, they would not be able to admit that evidence to a court, anyway.

It's the same as the random searches on the T. if they find a bomb in your backpack, you're fucked. If they find pot, they won't arrest you. They legally can't (since they couldn't legally search you).

Re:Some on purpose to promote free WiFi.

[kbahey]

There was a case here in Canada last year, namely in Toronto, where the cop stopped some youth in a car going the wrong way in one-way street.

To the cop's surprise, this guy had his pants down (i.e. naked from the waist down) in the car, and a laptop with WiFi in it. He was war driving that neighborhood.

Had he not gone against the traffic, he would not have been caught at all ...

So, the threat is real. If someone choses to open their wireless LAN to outsiders, then he should know the risks.

Same thing applies if you run a message board or web site then it becomes a mouth piece for hate speech or terrorism or whatever. If you know the risks and chose to do this regardless, then be prepared for the consequences.

Myth's about WEP

[x.Draino.x]

Everyone still seems to think WEP is easy to crack. It's not. On AP's 2+ years old new features have been implemented to dramatically reduce the amount of weak IV's given out. For fun, I tested our network here at work, where we have over 300 employee's and multiple access points. And yes, there are plenty of people actually using the wireless network. In 3 days I was only able to pick up 75 weak IV's in Kismet. You usually need in the range of 10,000+ to make a decent attempt at cracking WEP with current tools. Now, if you have the know how to use tools like wepwedgie, or know how to do packet injection using multiple 802.11b cards/devices with HostAP then you may have better luck. But chances are that if someone knows how to use these tools and has the time to do this, they can probably break your network some other way.

Solution on the cheap

[KevinKnSC]

Buy one consumer-grade wireless access point/router, and one consumer-grade router. The combination can be had for under $100.

All local machines go behind the non-wireless router. That router's WAN port is connected to one of the LAN ports of the wireless router, and the wireless router's WAN port goes to the Internet. Now you have the public Internet (unsafe), a wireless purgatory (unsafe in a different way), and a secure LAN (as safe as the non-wireless router/firewall box allows it to be).

Alternately, the non-wireless router can be a wireless router with the wireless features turned off.