Slashdot Mirror

← Back to Stories (view on slashdot.org)

Growth of Wi-Fi Opens New Path for Thieves

Posted by CowboyNeal on from the high-tech-breakins dept.

E. Harley writes "Wi-Fi connections are popping up all over the place from retails locations, schools, municipalities, and homes. Unintentionally or not, most of these wi-fi hot spots never change the system's default settings, hide the connection from others, or encrypt the data sent over it. This NY Times article [Free registration required] talks about the size and extent of the problem, and what has happened with law enforcement investigating criminals using these public connections. Also, the article updates us on an earlier Slashdot story about wardriving. That case is still pending."

10 of 171 comments (clear)

  1. Re:License to steal? by Anonymous Coward · · Score: 5, Insightful

    Maybe so, maybe not. If the traffic is originating from your IP and the authorities track you down, don't you think they'll check your computer before you can blame it on the WiFi-Boogeyman. I think the WiFi-Boogeyman is more a defence you can use in court if the police didn't find anything on your computer.

  2. What's with the pathetic default settings? by PxM · · Score: 4, Insightful

    While I understand that Joe Six Pack wants plug and play functionality without configuring, it is really that hard to add in another layer? When the AP is running on factory settings, it can just cause all Web requests to route to the configuration page along with an easy to explain set up about passwords. AP passwords aren't hard as normal passwords since many APs are in a secure building so writing the password on the AP and locking it in the closet would work half decently.

    While the user has to take some blame for technical ignorance, the AP makers also have to take some blame here since they have the tech people to implement better security.

    --
    Want a free iPod?
    Or try a free Nintendo DS, GC, PS2, Xbox. (you only need 4 referrals)
    Wired article as proof

  3. Re:License to steal? by nuggz · · Score: 4, Insightful

    Not only that, they'll take all your computer stuff for a few years as evidence for their investigation.
    Just being accused of a crime is enough of a problem to worry about.

  4. and the problem is? by neonman · · Score: 3, Insightful

    The banks are not using secure authentication systems and WiFi users are getting blamed?

    Tell me.. When did it become my fault that someone can download tens of thousands of customer credit cards? Perhaps if these credit cards had been ditched long before the Internet we wouldn't be having that problem. Kerberos, challenge-response, PKI, and two-factor authentication devices have all been available for quite some time.

    Someone tell the Secret Service to stop monitoring IRC connections and go after lazy banks instead, or something :]

  5. Make WiFi secure by default by raitchison · · Score: 4, Insightful

    This problem could be reduced dramatically if WAPs shipped from the factory with complex random passwords WEP enabled and complex random WEP keys.

    As an example on a new HPaq server the iLO remore management interface has complex random password, printed on a label on the device.

    Imagine if Linksys, etc. did the same thing with WAPs, where no 2 WAPs with the same WEP key or password.

    Sure some users would just disable the protection but I'm betting if you made it halfway convienient that most won't. Make it more work to be insecure and the security will win most of the time. You might even be able to reduce this further by having the admin interface give you lots of warnings and make you jump through hopps to disable the security funcions.

    Of course secrity could be improved upon even further if the default security was better than WEP but I think that's too high a barrier for the average user to tolerate. WEP may suck but it's considerably better than wide open.

  6. piggybacker != thief by the_REAL_sam · · Score: 5, Insightful


    i'll play devil's advocate, for a minute:

    the airwaves are supposed to be public.

    therefore, if there's a "thief," the thief would be the group that cordones the public airwaves off and claims them as their own private property.

    --
    "Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
  7. article is telco/cable demonization/propaganda by Cryofan · · Score: 5, Insightful

    Notice that this article goes out of its way to associate the following practices with wifi:
    --theft
    --child porn
    --terrorism

    And the article here never even questions whether associating these practices with wifi could be a subterfuge by the telcos and cable companies to demonizes wifi so as to be able to outlaw municipal wifi through legislation, which is what they are afraid of, as that will cause them to cut their broadband prices.

    This whole article is a propaganda piece, bought and paid for by the vested interests, such as telcos and cable companies.

    What a sham is the NY Times. Just another cog in the CorpGovMedia propaganda machine...

    --
    eat shiat and bark at the moon
  8. The incentive is to NOT secure it out of the box by Ungrounded+Lightning · · Score: 3, Insightful

    This problem could be reduced dramatically if WAPs shipped from the factory with complex random passwords WEP enabled and complex random WEP keys.

    The incentive for the manufacturers is for wireless access points to NOT be secure out-of-the-box.

    If it's not secure, it's plug-and-play. Plug it in, it's up. If it's more secure, it makes instalation (to the point of getting traffic through it) more difficult.

    Insecurity doesn't affect the user until they get burned - mainly by lower performance as their bandwidth gets leached (assuming their important applications, like banking, already use end-to-end encryption). Leaching might not even be noticed. If it is, they can diagnose it and tighten things up.

    Security impacts ease-of-use, and thus sales.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  9. Users are clueless about Wi-Fi by computerology · · Score: 3, Insightful

    As a consultant, I regularly deal with this issue. Customer says: "Why dont we go wireless? Wouldnt it be easier" I says: "Do you know that there are actually people who drive around looking for wireless connections to hack into and steal data?" Call me a bit paranoid, but I actually met a couple of hard-line coders/hackers who did this, trolling for useful data. While there are security features to lock down the WiFi by MAC address and you can further challenge access with passwords, for a business with valuable data (these are accountants, lawyers, financial professionals), going wireless when your computers are in a fixed position on your desk just seems to me like a whole lot of work so you dont have to run a cable. While I hate pulling cable, I'd hate to have them try to sue me for leaving their data unsecured!

    --
    Consultant Computerology Consulting http://www.computerologyconsulting.com
  10. New path? by mindstrm · · Score: 3, Insightful

    To take the other side...

    What's with open, public roads that anyone is allowed to use? My friends were tied up and robbed the other day, and the thieves used public roads to do it!

    We really need to crack down on usage of public roads.

    Seriously, as if getting on the internet anonymously was EVER hard.. sure, wifi makes it a bit easier, but it's far, far from a new thing.