Slashdot Mirror
80% of WiFi Networks are still Insecure, Kismet Author Says
acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"
When I got my first wi-fi enabled laptop, I decided to wardrive down a busy road in a residential area. I picked up 11 APs along the way, one of which had been secured. The other 10 used the default SSID with no WEP. Whatever befalls the people with the unsecured APs is deserved for not reading the freaking manual. They have the mentality of "I plugged it in and it just works! Whoopee!"
There is a difference between "insightful" and "inciteful" other than spelling.
Are we supposed to be securing our WiFi networks to stop people using them as SPAMming outlets and entry points to delicate data, or are we supposed to be leaving our WiFi networks open so we can share our connectivity and bring about a utopian world of high speed, anywhere connectivity?
(Yes, yes, I know, the right security for the right place)
Stuart
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
With all of the controversy over who is responsible for downloads off of someones access point I will stay wired just to be safe. I can at least provide some kind of physical security over cat5 runs.
Got hosting
Of course, that gets you an IP that lets you ping the firewall. More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.
If getting an IP on my WLAN counts as "insecure", then count my network as bad. However, that's a bit too broad a brush for my tastes. In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.
Dewey, what part of this looks like authorities should be involved?
A "lot" of people don't do that. The overwhelming majority of people who have WiFi have no idea or comprehension of setting up free WiFi for others when they put it in their home. This is /. so you might not be so out of the oridinary here, but in the general populace such reasons for that config are not statistically significant.
I would never wish a child-porn cop visit or a DMCA copyright suit on you, but them's the dangers when running a public network...
I make all my clients close their networks, scaring them with made-up horror stories of cops showing up at people's doors, yada yada. But it's for their own protection.
--------------------- -me, Crusher of those who are Foolish (don't be foolish)
The WiFi data-link layer may not be encrypted in 80% of cases but that doesn't mean that encryption isn't used or enforced at a higher level. You can run VPN, SSL, ssh etc. quite happily over what might appear to be an 'insecure' WiFi link.
As WEP isn't that robust there seems to be little point in deluding oneself - thus many networks will be unencrypted at that layer by design rather than by default.
Tell me how many wireless networks you can associate with and actually use.
I would hope those lots of people keep in mind that they'd be liable for any trouble, legal or technical, that gets traced back to their anonymous access point. That's one of the main reasons I secure mine.
>> Can someone answer the following:
>> Why aren't WAPs shipped with encryption
>> turned on by default?
Because the power of WiFi is that it is easy to use. My neighbour could not possibly use it if it wasn't.
WEP is complicated. You need to be able to shell in (sometimes even to a port other than 80) from within the LAN. Then you need to know an admin ID/password. Then you need to know what on earth hex/ascii/etc mean, and 56/128/etc bits (and how the security ranslates to a number of characters). Then you need to set it all up using complex menus, and then you need to figure out how to set up all PC's (which call it something else).
By this time we would have lost the typical buyer, oh, 5 times over. That is why it is shipped open by default - the support would cost a fortune, otherwise. WEP is way too complex in its consumer implementation.
Michael
---
BDOS ERR ON A:>
Because then everybody would just be using the same default password making them unsecure anyway.
Do you share your wife, your home, your momey, your car, your cloths? Do you think nothing of getting up in the morning to find strange people sleeping in your living room? My network is my personal space, no uninvited guests allowed.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Someone can get sufficient info to be on your network and read the packets in less than an hour.
So close your network. Not everyone wants to be like you.
Haida Manga
I think it has to do with the wealthy hiring people to set up their networks. I have a friend who can make hundreds (or sometimes thousands) of dollars for setting up a [b]single[/b] home network. Middle class folk are more likely to try to save money by setting things up themselves, but the rich yuppies my friend works for want it to work immediately without them having to do anything.
What good is whitelisting? people will just sniff the packets to see which MACs are whitelisted, and then spoof that MAC address.
So much for the whitelist.
Do you speak in whispers and wear a mask at all times so no one hears your precious sounds or gets the pleasure out of seeing you smile?
If you have a full shopping cart, do you make sure the guy with a single item behind you stays stuck behind you?
Do you stand right in the middle of a busy crosswalk making everyone walk around you, just because you can?
Do you avoid donating to charities?
People like you are the problem with the world today. Only be nice when it's legislated. You suck.
I hope you at least block outbound port 25 (SMTP). Because this will be abused by spammers otherwise.
Legitimate people can still send mail through the submission port (see RFC 2476). This is a separate port that exists for MUAs to submit new mail; typically it requires SASL authentication. So they can connect to their own ISP's server and submit mail, but not send directly to the recipient's server, as a spammer would.
Just because someone's nice doesn't mean they want to be abused.
Of course thats not true. Sure, you might be investigated... but in both cases probably cleared. The wireless case is even more clear-cut because it's easy to see that it was left open. The phone lines would be much harder to explain why you let someone on your property to tap in like that, and didn't shoot them while they were connecting alligator clips to your wires.
The thing is, he's not inviting anyone to use his network. Invitation (e.g. to a party) implies you know and trust the person you invite. You have no such guarantee with the people who use your open access point.
It seems to be that simply sniffing for open WAPs is more akin to driving down the street and looking for open doors with little red spinny lights in front and neon signs saying "We're Not Watching! We're Not Watching!".
Actually testing that connection is different; that would be like walking into one of those buildings to see if it's really unguarded. Allowing a WiFi card to perform its designed task of attempting to connect to access points doesn't seem terribly bad, though. I think it's more like smiling at strangers to see who says hello.
Dewey, what part of this looks like authorities should be involved?
Contrary to what some other posters have said, I'd posit that it's secure enough for the home user.
Even if it could be cracked in an hour (I doubt that figure - the number of packets needed for an analysis is huge, and unless your network is very busy it will take much longer than that) - most would-be attackers (a) don't know how and (b) can't be bothered. Think about it, 99% of people looking at your AP just want free net access. Chances are there are multiple available APs (in my apartment I can pick up at least 5). If one's closed, they'll just move on to the next. It's the "don't outrun the bear, just outrun the other guy" situation.
Sure, if some ubergeek happens to live within range of you, and really wants in to your network (for some unspecified reason - to steal your pr0n?) then they could get it. What are the chances of that happening? Well it depends how think the tinfoil in your hat is. But it doesn't keep me awake at night.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
I have found that if you mix vendor implementations of security--NetGear, Dell's wireless internal card, Linksys cards--they often do not work with encryption enabled. I have tried going up to 128bit, down to 64/40bit, setting NIC restrictions and the like, but in the end, it often is just fruitless with encryption. So, I usually just keep NIC restrictions on. Some hope from the random attacker, but no real protection.
If you want us to use security, make it simple. Make is to that I can type in a phrase for EVERY implementation, and that it generates acceptable keys. I don't want to type in a phrase for one vendor, and then have to hack out what the keys are for another. Then, just make it work. I don't want any one vendors card different than any other. When I use a Base-T cable, it works, regardless of vendor. That's what we want, folks.
...tizzyd
Great idea. Free wireless access for everyone. Hurrah! Now, who pays the bills?
Let's say everyone leaves their APs open. Now I don't need to pay for my cable bill, I can just leach off someone else's. Then they figure that out too, so we both have to leach from somewhere. Do you see where I'm going with this?
I think you spell it out very well yourself...
In the very unllikely event that I win a huge amount of cash, dream number one is to get several WI-FI routers and configure them to enable a neibourhood network, hoping to change it into a city network and so on. I dream of the day communication will be democratized, free, for everyone.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
That is of course assuming that there is a spammer within range of your access point. For most people, spammers will be a non-issue. Especially for those of us who live in the middle of nowhere. The main reason I do not use encryption is because I cannot use it under BeOS, and don't have any BeOS compatible wired connection on my laptop. For normal people, leaving the connection unencrypted will hardly ever be a problem.
I've got a mind like a steel trap - it's got an animal's foot stuck in it.
Listen, don't take this personally it's not meant for you, but I'm so fucking tired of hearing people justify their paranoia by citing the potential for abuse. ESPECIALLY child porn. It seems like that's the first place someone runs to in discussions like this. There are better arguments for maintaining security, so do us all a favor and retire that one.
Obviously, I'm in the minority here at Slashdot, but I've got to say, "So What! Why Should People Secure Their Wireless Network?" Sure corporations should or at least create set-ups where the wireless network is removed from the wired network and of course all that effort to secure the computers, but I've never understood the great push for security on a wireless networks.
For me I'm of the school that you shouldn't depend on your network for security for your computer. This view recently discussed by Jeff Schiller, MIT's Network Manager at Syllabus http://www.syllabus.com/article.asp?id=9193. I think he makes some great arguments.
Recently, it seems that people have just jumped on the bandwagon that YOU MUST secure your network, and I guess for the bevy of Windows users out there, with little options for ever successfully securing their computer, this is probably true and one way to get around it. But I find wireless network security to be the antithesis of what wireless connectivity promotes--freedom. So it makes great sense that people would not secure their networks.
Wired Networks by their nature are someone closed off, insuring their security or closing them off further is no big deal. You would expect to have to handle 2, 3, 5, 10 random clients on a wired network. Sure with laptops it happens more, but typically a wired network is somewhat more static in design. You have switches, ports, hubs--it's all very physical. So sure secure it.
But wireless networks promote freedom--you can use your laptop anywhere (anywhere with wireless). But security warps that message. Freedom has always had its limitations, but now the limitation is that someone else owns the air you need to use. What's the point of going to a coffee shop, an administrative building or even sitting on your neighbors porch with your laptop if you still can't get internet access when wireless connectivity is available.
Sure their should be tools to prevent abuse. I don't want someone to start downloading movies off my wireless network, but WHY WOULD SHOULD I CARE if they just use it. I expect the same reciprocity if I'm in the town square or at a coffee shop or just down the street at a friends.
Securing your network has become synonymous with securing your computer and its not. Someone decided that it was impossible to secure their computer, with all the software with bugs and wholes, with various operating systems working against your efforts. So the rallying cry became secure your network.
So fine. Secure your landline, but leave your wireless alone. Sure change the default settings, after all one neighborhood really shouldn't have 50 linksys access points. I'm all for letting people know whose wireless access point they're using. I'd don't want someone taking over my access point, but with various hacking tools, the effort is the same regardless if I've secured my access point.
But if Sue next door wants to use my wireless, go ahead. Don't ask me. Don't make me add you to an exception list or hand over a password. Just use it dammit and be respectful. It's there, and it doesn't really cost me anything more than what I'm currently paying to have you or 20-30 other guest using it.
Encryption, Authentication, and Authorization, and common sense work well enough for keeping the information I need to be secure, relatively secure. I'd rather have someone distracting by the beauty of playing Doom from their front porch using my access point, then banging on my access point try to hack my setup security so they can get free access, when I could have just offered it.
So I say, "Offer It!" Secure what you need secure and open everything else. It makes life easier, and produces good karma as well.
This is my last post on the matter. If you all want to try to prove me wrong by calling me names and stuff, then go for it. Its only your credibility on the line.
However, if you do not believe me, one only needs to research cases of internet crime and how the authorities deal with it. The proof is in the pudding. The FBI and the courts will be more than happy to use the fact that your IP address was used to send threatning emails, downloading child porn, or whatever else as probably cause to search your home, take your computers, and take you into interrogation. I've seen it happen.
It doesn't work the same way for telephone systems, becuase for one thing, the technology is older and the laws regarding telephone lines are more legally clear.
However, feel free to wallow in your own petty arrogance.
"How to Lie With Statistics" is the title of an excellent book about it can be done, I should have made that clear.
I'm saying that the author of Kismet is lying. In fact, he makes the effort of saying where he is getting his 80% from, at least.
My point is that the Slashdot post is overly sensational (as usual) quoting the 80% stated in the article, without giving the sample size, which is what the book "How to Lie With Statistics" is about.
My statistics are that 100% of access points have very strong WEP, given that the sample size of that 100% is the 3 access points in my building, which I set up myself. Here's another example:
"90% of all houses are white"*
(*note: all houses within my line of sight, from my apartment, right now)
Now, I'm not trying to be a wiseass. I'm trying to point it out because people see those Slashdot headlines, don't bother to read the article, and think that the world is coming to an end of wireless security. I live in San Francisco, and as of 2 months ago, I only stumbled within about 4 blocks, 2 WAPs that didn't have WEP turned on, out of about 30 or so that my Zaurus (kismet) sniffed out, which is not 80%.
aka the spoof argument is overrated.
Ok... then change that to "of course he would mind in the same way as if you crawled through an open window and stole your TV".
Doesn't mean everyone should be forced to keep their windows closed.
Do you share your
I think the more appropriate approach is to ask if they were also raised to willingly and knowingly violate business agreements.
I like to promote sharing but not if the result may hinder my ability to share.
+++ATHZ 99:5:80
Sure, you might be investigated... but in both cases probably cleared.
This used to be my arguement but it has one fatal flaw. The investigation itself. Sure I could weasle out whatever horrible violation that brought the feds to my door (even if I did it) by pointing out my unsecured wifi connection. But they would still seize my comp gear in the investigation. If it turns out that not all my software is licensed correctly or some of my media may not have easily accessible originals I am still fucked.
...some perv with a laptop uses your open connection to distribute kiddie porn. Then the feds will come busting down YOUR door looking for the perp. Try explaining that one to your wife.
"1. When was the last time someone 0wn3d your TV or VCR?"
Actually, I hope you do realize you've just proven the other guy's point. That computers are such a fragile tool, and for a lot of people they can cause more grief than good, is precisely the _problem_.
What Joe Average wants -- or for that matter what _I_ want -- is something that just does a certain job, with a minimum of fuss. Yes, like a TV or a VCR. If I want to read my email or play a game or whatever, I should just get straight to doing that, instead of having to babysit and secure a piss-poorly made tool.
"2. More complex systems require more complex instructions."
No, it's just a case of letting the idiots run the show. Plain and simple.
Other tools started complicated to use too. Owning a car used to require either being a skilled mechanic yourself, or being rich enough to pretty much hire one full time. Getting an early radio to work, or tune it to a station, was a time-consuming pain in the butt. Etc.
But you know what? Someone in those industries actually cared for the customer. (Or just about the bottom line. Competition is good at that.) Instead of whining about idiot users who can't even learn to use a radio right, they gave you channel presets, auto-scanning for stations, remote controls, and other such.
That's really the only problem with computers today. That instead of asking "how could we make this easier for Joe Average?", we're whining about how Joe is an idot and a luser who can't learn doing things our arcane way.
E.g., if we're talking about wifi, it would be a no-brainer to:
- have a nice wizard interface and walk him through securing the thing.
- make sure that security is enabled by default, and that Joe has to explicitly disable it, if he _really_ wants to run a public "download porn and warez anonymously" service.
- If the device has a default admin username and password, explicitly ask him to change it.
- But what if Joe forgets the password? No problem. Don't fscking have an unchangeable one hardcoded in firmware. Provide an easy way to change it, but which requires physical access to the device. E.g., have to open a lid and press a sunk reset button. After which again, make him change it.
Etc.
See, it didn't even require that much thinking.
But no, instead we'll just whine about how Joe is an idiot luser. Although it's not Joe who's the idiot there.
"3. Adding a wifi router to an existing computer setup is more akin to adding a VCR to an existing TV setup."
I'll direct you to your own point 1: when was the last time someone "0wn3d" your TV after that?
Or if we're talking unneeded complexity, when was the last time you had to become a security expert to add a VCR? Did you have to just know how to generate and share keys on them? And did you need to find that out on your own?
A polar bear is a cartesian bear after a coordinate transform.