Slashdot Mirror
80% of WiFi Networks are still Insecure, Kismet Author Says
acz writes "The brain and guts driving the development of Kismet is Mike Kershaw alias Dragorn, who works during the day on IBM mainframes and hacks code at night. Kismet is simply the best war driving tool out there plus it's free as in GPL and can even run on your linux PDA. In a recent interview posted on HERT today, he says: 'I've become entirely jaded towards security as a whole (or rather, people's complete lack of it) and not much surprises me when it comes to open wireless networks. ... the overall percentage of unencrypted networks is still at about 80%.'"
Shouldn't that be "insecure"? How someone could make this mistake in the day and age of internet dictionaries is unpossible to contemplate.
Am I the only one who heard Roxette to sing "I'm gonna get blitzed for some sex"?
Go for a drive around town running netstumbler or kismet. I can pick up two hundred access points in 5-10 miles, and the vast majority of them are unprotected... Probably more than 80%. Even more interesting than that is the fact that you can tell which people have actually tried to configure their access points. Many people are using default SSID's and no protection. Kind of scary if you ask me, but hey, it almost guarantees free internet in some neighborhoods.
Are we supposed to be securing our WiFi networks to stop people using them as SPAMming outlets and entry points to delicate data, or are we supposed to be leaving our WiFi networks open so we can share our connectivity and bring about a utopian world of high speed, anywhere connectivity?
(Yes, yes, I know, the right security for the right place)
Stuart
It's all fun and games until a 200' robot dinosaur shows up and trashes Neo-Tokyo... Again
Wireless networks have a lower Totacl Cost of 0wnership (TC0) !!!
from the post:
from the article:
An insecure network and an unencrypted network are not the same thing. WEP is encrypted, yet insecure, while secure IMAP and SSH are secure by providing end to end encryption, instead of relying on the network to provide it.
-jim
Of course, that gets you an IP that lets you ping the firewall. More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.
If getting an IP on my WLAN counts as "insecure", then count my network as bad. However, that's a bit too broad a brush for my tastes. In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.
Dewey, what part of this looks like authorities should be involved?
It pisses me off that in order to use Kismac fully, I have to get another wireless card - even though I have Airport Extreme. Just release the specs already - what is the point of keeping them closed source?
I wonder how many unpatched computers are connected to the wired web? Probably an equally scary amount. It seems to me that there are greater long term risks with this scenario. Most spammers and child pornographers unless they are your neighbor or using an antenna are not going to set up shop on your front lawn where as your unprotected wired box can be owned and operated by anyone in the world.
The WiFi data-link layer may not be encrypted in 80% of cases but that doesn't mean that encryption isn't used or enforced at a higher level. You can run VPN, SSL, ssh etc. quite happily over what might appear to be an 'insecure' WiFi link.
As WEP isn't that robust there seems to be little point in deluding oneself - thus many networks will be unencrypted at that layer by design rather than by default.
Tell me how many wireless networks you can associate with and actually use.
Isn't that the way it should be though?
Last time I bought a new TV, I switched it on, pressed a few buttons as indicated by the quick-start guide and it auto-tuned all the channels - same with my VCR. If I want to do something advanced such as mess about changing picture settings etc then I'll read the relevant section of the manual.
If I buy a hifi system and plug in the revelant speaker cables, popping a CD into the drive and pressing play generally results in music. Similarly, should I want to (for example) record every 2nd track on a CD to casette then I'll read the relevant section of the manual.
That's how computer technology should be - I don't need to read a manual to work my other home entertainment devices and I don't see why computer technology should be any different.
Backup not found: (A)bort (R)etry (P)anic
Everyone still seems to think WEP is easy to crack. It's not. On AP's 2+ years old new features have been implemented to dramatically reduce the amount of weak IV's given out. For fun, I tested our network here at work, where we have over 300 employee's and multiple access points. And yes, there are plenty of people actually using the wireless network. In 3 days I was only able to pick up 75 weak IV's in Kismet. You usually need in the range of 10,000+ to make a decent attempt at cracking WEP with current tools. Now, if you have the know how to use tools like wepwedgie, or know how to do packet injection using multiple 802.11b cards/devices with HostAP then you may have better luck. But chances are that if someone knows how to use these tools and has the time to do this, they can probably break your network some other way.
All those talks on network security sometimes bugs me. All those leftist trying as hard as they can to make the right wing extremist's job easy.
The lack of security over WI-FI is a good thing. Ever thought about the democratization of communications, WI-FI can bring you that, unsecure WI-FI WILL bring you that. With file encrytion files are safe (mostly) anyways, that's what we need to promote. Leaving your network open will just make it accessible by other people which, if they get the hardware themselves will make this network availlable to more and more people and so on.
In a few years when you wanna call someone you basically open iChat, MSN messenger, whatever, turn on rendez-vous or equivalent find your contact name and double-click. Get it?
Security isn't always a good thing, making everything locked just make sthe world harder to travel, some doors need to be opened.
In the very unllikely event that I win a huge amount of cash, dream number one is to get several WI-FI routers and configure them to enable a neibourhood network, hoping to change it into a city network and so on. I dream of the day communication will be democratized, free, for everyone.
Instead, as of now, the technology exist, it's there for everyone to grab, but they all stare at it, telling themselves: "too complicated and the router is around 200$CAN, it's expensive, I'd rather pay 30$ a month plus long distance and service fees for the rest of my life"...
>> Can someone answer the following:
>> Why aren't WAPs shipped with encryption
>> turned on by default?
Because the power of WiFi is that it is easy to use. My neighbour could not possibly use it if it wasn't.
WEP is complicated. You need to be able to shell in (sometimes even to a port other than 80) from within the LAN. Then you need to know an admin ID/password. Then you need to know what on earth hex/ascii/etc mean, and 56/128/etc bits (and how the security ranslates to a number of characters). Then you need to set it all up using complex menus, and then you need to figure out how to set up all PC's (which call it something else).
By this time we would have lost the typical buyer, oh, 5 times over. That is why it is shipped open by default - the support would cost a fortune, otherwise. WEP is way too complex in its consumer implementation.
Michael
---
BDOS ERR ON A:>
Please check out this.
More specifically, you can ping the dedicated NIC on the paranoid OpenBSD server that lets through connections to my Squid server (which requires authentication), my mailserver (which requires authentication), my DNS server, and my NTP server.
What????
You provide WIDE OPEN completely UNAUTHENTICATED access to NTP and DNS?!?!? Do you have any idea how much damage a serious cracker if enough people take this devil-may-care attitude about network security, and just hand out accurate time information to anyone who asks? Not to mention name service <shudder>.
You, sir, are exactly the sort that is making it possible for malicious script kiddies to ruin the Internet for everyone.
You should be ashamed.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Do you speak in whispers and wear a mask at all times so no one hears your precious sounds or gets the pleasure out of seeing you smile?
If you have a full shopping cart, do you make sure the guy with a single item behind you stays stuck behind you?
Do you stand right in the middle of a busy crosswalk making everyone walk around you, just because you can?
Do you avoid donating to charities?
People like you are the problem with the world today. Only be nice when it's legislated. You suck.
Of course thats not true. Sure, you might be investigated... but in both cases probably cleared. The wireless case is even more clear-cut because it's easy to see that it was left open. The phone lines would be much harder to explain why you let someone on your property to tap in like that, and didn't shoot them while they were connecting alligator clips to your wires.
powers my home internet right now. My neighbor of course is oblivious, as long as he gets his pr0n. I am friendly enough to make sure his access point gets its firmware upgrades on time ;-)
Contrary to what some other posters have said, I'd posit that it's secure enough for the home user.
Even if it could be cracked in an hour (I doubt that figure - the number of packets needed for an analysis is huge, and unless your network is very busy it will take much longer than that) - most would-be attackers (a) don't know how and (b) can't be bothered. Think about it, 99% of people looking at your AP just want free net access. Chances are there are multiple available APs (in my apartment I can pick up at least 5). If one's closed, they'll just move on to the next. It's the "don't outrun the bear, just outrun the other guy" situation.
Sure, if some ubergeek happens to live within range of you, and really wants in to your network (for some unspecified reason - to steal your pr0n?) then they could get it. What are the chances of that happening? Well it depends how think the tinfoil in your hat is. But it doesn't keep me awake at night.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
In my setup WEP offers no advantages whatsoever so I never bothered with it, but I guess that makes me just another dumb newbie in their survey.
The real problem isn't that people aren't using WEP (since any blackhat with a web browser to download the tools can crack WEP in a few hours at most.)
The REAL problem is that ALL low-cost "wireless gateway" appliances treat wireless nodes as part of the LOCAL network, when, of course, the wireless segment should be treated as another WAN (Internet) link, where the bad guys live, and where you have to authenticate yourself before connecting to the LAN. As long as this remains true, wireless will continue to be a huge security hole in most networks.
Unfortunately, the "business" networking vendors are more than happy with this arrangement, since it keeps savvy business users from buying their network gear at CompUSA or Fry's. The sad fact is that security comes at a very serious cost premium today - it shouldn't, but the factis that companies that value security will pay *much* more for it, so the vendors simply "de-feature" the mass market products to help justify "enterprise" capabilities such as this common-sense approach to wireless networks.
This won't change until one of the SoHo/Home market vendors gets a clue and decides that their buyers might actually like a wireless router that can protect the rest of their network. Why that hasn't happened yet is a mystery.
BTW: If anyone knows of a low-cost wirless router device that *can* treat wireless as an "outside" network, post a reply and let us know...
"The future's good and the present is nothing to sneeze at." - Roblimo's last
I fail to see how sharing my wife, home, money, car, and clothes have anything to do with sharing an internet connection?
you dont lose anything tangible if you share an internet connection properly.
its simple: IPSEC (or VPN) your own connection while letting others through unencrypted. if you use WEP, you're screwed from the start if you want privacy, so why pretend.
I plan on implementing a setup verymuch like this in the near future. the only deviance to this will be bandwith throtteling for the unencrypted packets. *GRIN* just incase i get a greedy neighbor.
Troll, Troll, go away and flame again some other day
Obviously, I'm in the minority here at Slashdot, but I've got to say, "So What! Why Should People Secure Their Wireless Network?" Sure corporations should or at least create set-ups where the wireless network is removed from the wired network and of course all that effort to secure the computers, but I've never understood the great push for security on a wireless networks.
For me I'm of the school that you shouldn't depend on your network for security for your computer. This view recently discussed by Jeff Schiller, MIT's Network Manager at Syllabus http://www.syllabus.com/article.asp?id=9193. I think he makes some great arguments.
Recently, it seems that people have just jumped on the bandwagon that YOU MUST secure your network, and I guess for the bevy of Windows users out there, with little options for ever successfully securing their computer, this is probably true and one way to get around it. But I find wireless network security to be the antithesis of what wireless connectivity promotes--freedom. So it makes great sense that people would not secure their networks.
Wired Networks by their nature are someone closed off, insuring their security or closing them off further is no big deal. You would expect to have to handle 2, 3, 5, 10 random clients on a wired network. Sure with laptops it happens more, but typically a wired network is somewhat more static in design. You have switches, ports, hubs--it's all very physical. So sure secure it.
But wireless networks promote freedom--you can use your laptop anywhere (anywhere with wireless). But security warps that message. Freedom has always had its limitations, but now the limitation is that someone else owns the air you need to use. What's the point of going to a coffee shop, an administrative building or even sitting on your neighbors porch with your laptop if you still can't get internet access when wireless connectivity is available.
Sure their should be tools to prevent abuse. I don't want someone to start downloading movies off my wireless network, but WHY WOULD SHOULD I CARE if they just use it. I expect the same reciprocity if I'm in the town square or at a coffee shop or just down the street at a friends.
Securing your network has become synonymous with securing your computer and its not. Someone decided that it was impossible to secure their computer, with all the software with bugs and wholes, with various operating systems working against your efforts. So the rallying cry became secure your network.
So fine. Secure your landline, but leave your wireless alone. Sure change the default settings, after all one neighborhood really shouldn't have 50 linksys access points. I'm all for letting people know whose wireless access point they're using. I'd don't want someone taking over my access point, but with various hacking tools, the effort is the same regardless if I've secured my access point.
But if Sue next door wants to use my wireless, go ahead. Don't ask me. Don't make me add you to an exception list or hand over a password. Just use it dammit and be respectful. It's there, and it doesn't really cost me anything more than what I'm currently paying to have you or 20-30 other guest using it.
Encryption, Authentication, and Authorization, and common sense work well enough for keeping the information I need to be secure, relatively secure. I'd rather have someone distracting by the beauty of playing Doom from their front porch using my access point, then banging on my access point try to hack my setup security so they can get free access, when I could have just offered it.
So I say, "Offer It!" Secure what you need secure and open everything else. It makes life easier, and produces good karma as well.