Slashdot Mirror
80% of WiFi Networks are still Insecure, Kismet Author Says
acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"
When I got my first wi-fi enabled laptop, I decided to wardrive down a busy road in a residential area. I picked up 11 APs along the way, one of which had been secured. The other 10 used the default SSID with no WEP. Whatever befalls the people with the unsecured APs is deserved for not reading the freaking manual. They have the mentality of "I plugged it in and it just works! Whoopee!"
There is a difference between "insightful" and "inciteful" other than spelling.
Are we supposed to be securing our WiFi networks to stop people using them as SPAMming outlets and entry points to delicate data, or are we supposed to be leaving our WiFi networks open so we can share our connectivity and bring about a utopian world of high speed, anywhere connectivity?
(Yes, yes, I know, the right security for the right place)
Stuart
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
Of course, that gets you an IP that lets you ping the firewall. More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.
If getting an IP on my WLAN counts as "insecure", then count my network as bad. However, that's a bit too broad a brush for my tastes. In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.
Dewey, what part of this looks like authorities should be involved?
A "lot" of people don't do that. The overwhelming majority of people who have WiFi have no idea or comprehension of setting up free WiFi for others when they put it in their home. This is /. so you might not be so out of the oridinary here, but in the general populace such reasons for that config are not statistically significant.
The WiFi data-link layer may not be encrypted in 80% of cases but that doesn't mean that encryption isn't used or enforced at a higher level. You can run VPN, SSL, ssh etc. quite happily over what might appear to be an 'insecure' WiFi link.
As WEP isn't that robust there seems to be little point in deluding oneself - thus many networks will be unencrypted at that layer by design rather than by default.
Tell me how many wireless networks you can associate with and actually use.
I would hope those lots of people keep in mind that they'd be liable for any trouble, legal or technical, that gets traced back to their anonymous access point. That's one of the main reasons I secure mine.
>> Can someone answer the following:
>> Why aren't WAPs shipped with encryption
>> turned on by default?
Because the power of WiFi is that it is easy to use. My neighbour could not possibly use it if it wasn't.
WEP is complicated. You need to be able to shell in (sometimes even to a port other than 80) from within the LAN. Then you need to know an admin ID/password. Then you need to know what on earth hex/ascii/etc mean, and 56/128/etc bits (and how the security ranslates to a number of characters). Then you need to set it all up using complex menus, and then you need to figure out how to set up all PC's (which call it something else).
By this time we would have lost the typical buyer, oh, 5 times over. That is why it is shipped open by default - the support would cost a fortune, otherwise. WEP is way too complex in its consumer implementation.
Michael
---
BDOS ERR ON A:>
Do you share your wife, your home, your momey, your car, your cloths? Do you think nothing of getting up in the morning to find strange people sleeping in your living room? My network is my personal space, no uninvited guests allowed.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
So close your network. Not everyone wants to be like you.
Haida Manga
Do you speak in whispers and wear a mask at all times so no one hears your precious sounds or gets the pleasure out of seeing you smile?
If you have a full shopping cart, do you make sure the guy with a single item behind you stays stuck behind you?
Do you stand right in the middle of a busy crosswalk making everyone walk around you, just because you can?
Do you avoid donating to charities?
People like you are the problem with the world today. Only be nice when it's legislated. You suck.
I hope you at least block outbound port 25 (SMTP). Because this will be abused by spammers otherwise.
Legitimate people can still send mail through the submission port (see RFC 2476). This is a separate port that exists for MUAs to submit new mail; typically it requires SASL authentication. So they can connect to their own ISP's server and submit mail, but not send directly to the recipient's server, as a spammer would.
Just because someone's nice doesn't mean they want to be abused.
Of course thats not true. Sure, you might be investigated... but in both cases probably cleared. The wireless case is even more clear-cut because it's easy to see that it was left open. The phone lines would be much harder to explain why you let someone on your property to tap in like that, and didn't shoot them while they were connecting alligator clips to your wires.
The thing is, he's not inviting anyone to use his network. Invitation (e.g. to a party) implies you know and trust the person you invite. You have no such guarantee with the people who use your open access point.
Contrary to what some other posters have said, I'd posit that it's secure enough for the home user.
Even if it could be cracked in an hour (I doubt that figure - the number of packets needed for an analysis is huge, and unless your network is very busy it will take much longer than that) - most would-be attackers (a) don't know how and (b) can't be bothered. Think about it, 99% of people looking at your AP just want free net access. Chances are there are multiple available APs (in my apartment I can pick up at least 5). If one's closed, they'll just move on to the next. It's the "don't outrun the bear, just outrun the other guy" situation.
Sure, if some ubergeek happens to live within range of you, and really wants in to your network (for some unspecified reason - to steal your pr0n?) then they could get it. What are the chances of that happening? Well it depends how think the tinfoil in your hat is. But it doesn't keep me awake at night.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
That is of course assuming that there is a spammer within range of your access point. For most people, spammers will be a non-issue. Especially for those of us who live in the middle of nowhere. The main reason I do not use encryption is because I cannot use it under BeOS, and don't have any BeOS compatible wired connection on my laptop. For normal people, leaving the connection unencrypted will hardly ever be a problem.
I've got a mind like a steel trap - it's got an animal's foot stuck in it.
Listen, don't take this personally it's not meant for you, but I'm so fucking tired of hearing people justify their paranoia by citing the potential for abuse. ESPECIALLY child porn. It seems like that's the first place someone runs to in discussions like this. There are better arguments for maintaining security, so do us all a favor and retire that one.
Obviously, I'm in the minority here at Slashdot, but I've got to say, "So What! Why Should People Secure Their Wireless Network?" Sure corporations should or at least create set-ups where the wireless network is removed from the wired network and of course all that effort to secure the computers, but I've never understood the great push for security on a wireless networks.
For me I'm of the school that you shouldn't depend on your network for security for your computer. This view recently discussed by Jeff Schiller, MIT's Network Manager at Syllabus http://www.syllabus.com/article.asp?id=9193. I think he makes some great arguments.
Recently, it seems that people have just jumped on the bandwagon that YOU MUST secure your network, and I guess for the bevy of Windows users out there, with little options for ever successfully securing their computer, this is probably true and one way to get around it. But I find wireless network security to be the antithesis of what wireless connectivity promotes--freedom. So it makes great sense that people would not secure their networks.
Wired Networks by their nature are someone closed off, insuring their security or closing them off further is no big deal. You would expect to have to handle 2, 3, 5, 10 random clients on a wired network. Sure with laptops it happens more, but typically a wired network is somewhat more static in design. You have switches, ports, hubs--it's all very physical. So sure secure it.
But wireless networks promote freedom--you can use your laptop anywhere (anywhere with wireless). But security warps that message. Freedom has always had its limitations, but now the limitation is that someone else owns the air you need to use. What's the point of going to a coffee shop, an administrative building or even sitting on your neighbors porch with your laptop if you still can't get internet access when wireless connectivity is available.
Sure their should be tools to prevent abuse. I don't want someone to start downloading movies off my wireless network, but WHY WOULD SHOULD I CARE if they just use it. I expect the same reciprocity if I'm in the town square or at a coffee shop or just down the street at a friends.
Securing your network has become synonymous with securing your computer and its not. Someone decided that it was impossible to secure their computer, with all the software with bugs and wholes, with various operating systems working against your efforts. So the rallying cry became secure your network.
So fine. Secure your landline, but leave your wireless alone. Sure change the default settings, after all one neighborhood really shouldn't have 50 linksys access points. I'm all for letting people know whose wireless access point they're using. I'd don't want someone taking over my access point, but with various hacking tools, the effort is the same regardless if I've secured my access point.
But if Sue next door wants to use my wireless, go ahead. Don't ask me. Don't make me add you to an exception list or hand over a password. Just use it dammit and be respectful. It's there, and it doesn't really cost me anything more than what I'm currently paying to have you or 20-30 other guest using it.
Encryption, Authentication, and Authorization, and common sense work well enough for keeping the information I need to be secure, relatively secure. I'd rather have someone distracting by the beauty of playing Doom from their front porch using my access point, then banging on my access point try to hack my setup security so they can get free access, when I could have just offered it.
So I say, "Offer It!" Secure what you need secure and open everything else. It makes life easier, and produces good karma as well.
"How to Lie With Statistics" is the title of an excellent book about it can be done, I should have made that clear.
I'm saying that the author of Kismet is lying. In fact, he makes the effort of saying where he is getting his 80% from, at least.
My point is that the Slashdot post is overly sensational (as usual) quoting the 80% stated in the article, without giving the sample size, which is what the book "How to Lie With Statistics" is about.
My statistics are that 100% of access points have very strong WEP, given that the sample size of that 100% is the 3 access points in my building, which I set up myself. Here's another example:
"90% of all houses are white"*
(*note: all houses within my line of sight, from my apartment, right now)
Now, I'm not trying to be a wiseass. I'm trying to point it out because people see those Slashdot headlines, don't bother to read the article, and think that the world is coming to an end of wireless security. I live in San Francisco, and as of 2 months ago, I only stumbled within about 4 blocks, 2 WAPs that didn't have WEP turned on, out of about 30 or so that my Zaurus (kismet) sniffed out, which is not 80%.
Do you share your
I think the more appropriate approach is to ask if they were also raised to willingly and knowingly violate business agreements.
I like to promote sharing but not if the result may hinder my ability to share.
+++ATHZ 99:5:80
Sure, you might be investigated... but in both cases probably cleared.
This used to be my arguement but it has one fatal flaw. The investigation itself. Sure I could weasle out whatever horrible violation that brought the feds to my door (even if I did it) by pointing out my unsecured wifi connection. But they would still seize my comp gear in the investigation. If it turns out that not all my software is licensed correctly or some of my media may not have easily accessible originals I am still fucked.
...some perv with a laptop uses your open connection to distribute kiddie porn. Then the feds will come busting down YOUR door looking for the perp. Try explaining that one to your wife.