Slashdot Mirror

← Back to Stories (view on slashdot.org)

Growth of Wi-Fi Opens New Path for Thieves

Posted by CowboyNeal on from the high-tech-breakins dept.

E. Harley writes "Wi-Fi connections are popping up all over the place from retails locations, schools, municipalities, and homes. Unintentionally or not, most of these wi-fi hot spots never change the system's default settings, hide the connection from others, or encrypt the data sent over it. This NY Times article [Free registration required] talks about the size and extent of the problem, and what has happened with law enforcement investigating criminals using these public connections. Also, the article updates us on an earlier Slashdot story about wardriving. That case is still pending."

15 of 171 comments (clear)

  1. License to steal? by bigtallmofo · · Score: 4, Interesting

    When criminals operate online through a Wi-Fi network, law enforcement agents can track their activity to the numeric Internet Protocol address corresponding to that connection. But from there the trail may go cold, in the case of a public network, or lead to an innocent owner of a wireless home network.

    After reading the article, it gives me the impression that you have a license to do just about any illegal internet activity so long as your WiFi router uses the default SSID, broadcasts its SSID and keeps the default passwords. If anything is traced back to you, you just blame the WiFi-Boogeyman for any illegal activities originating from your IP address.

    --
    I'm a big tall mofo.
    1. Re:License to steal? by Anonymous Coward · · Score: 5, Insightful

      Maybe so, maybe not. If the traffic is originating from your IP and the authorities track you down, don't you think they'll check your computer before you can blame it on the WiFi-Boogeyman. I think the WiFi-Boogeyman is more a defence you can use in court if the police didn't find anything on your computer.

    2. Re:License to steal? by nuggz · · Score: 4, Insightful

      Not only that, they'll take all your computer stuff for a few years as evidence for their investigation.
      Just being accused of a crime is enough of a problem to worry about.

  2. simpsons by kerv · · Score: 4, Funny

    Hm... maybe I should have downloaded that 35GB Simpsons torrent on a neighbors wireless internet. Ooops.

  3. coffee house voyeur by spoonyfork · · Score: 5, Interesting

    Schlep your lappy to a Starbucks, tap into the wifi, and fire up Driftnet (linux) or EtherPEG (mac). Watch what flies by... hours of entertainment.

    --
    Speak truth to power.
  4. What's with the pathetic default settings? by PxM · · Score: 4, Insightful

    While I understand that Joe Six Pack wants plug and play functionality without configuring, it is really that hard to add in another layer? When the AP is running on factory settings, it can just cause all Web requests to route to the configuration page along with an easy to explain set up about passwords. AP passwords aren't hard as normal passwords since many APs are in a secure building so writing the password on the AP and locking it in the closet would work half decently.

    While the user has to take some blame for technical ignorance, the AP makers also have to take some blame here since they have the tech people to implement better security.

    --
    Want a free iPod?
    Or try a free Nintendo DS, GC, PS2, Xbox. (you only need 4 referrals)
    Wired article as proof

  5. Registration free link by jonathan3003 · · Score: 5, Informative

    http://www.nytimes.com/2005/03/19/technology/19wif i.html?ex=1268888400&en=51d90e7518bba5d6&ei=5090&p artner=rssuserland/

  6. I'm Not a Network Administrator... by grumling · · Score: 4, Interesting
    But I do play with home networks. Shortly after I set up my access point (with 128bit encryption) I found someone gained access. How? By looking at the darn DHCP client table. I saw a MAC I didn't recognize, and blocked it out. No problem. It would have been just as easy to only allow known MAC addresses, but the cute chick downstairs needed to get online and I didn't know her MAC. I guess I could reconfigure, but why bother? I haven't had any other attachements since then.

    Now, I realize that I'm the exception, but how hard can it be to type 192.168.1.1 in a web browser? Of course, people should check the air pressure in their tires once a week, and clean the air filter on the furnace once in a while...

    --
    "Well, good luck finding a judge that doesn't run a bestiality site."
    1. Re:I'm Not a Network Administrator... by Ledora · · Score: 4, Interesting

      You should ue the security I use on my AP to prevent people from getting on it. I changed the broadcast power to 2mw... just barely enough to get a good signal where I need it. also 128bit WEP and mac filtering AND I disabled the web admit page (must telnet to run it.) This is all on a WRT54G (linksys) if anyone cares to have a setup like it

  7. Re:Simple! by pegr · · Score: 4, Informative

    Everybody is forgetting each and every ethernet adapter has a unique serial number/address, called the MAC address. It would be very easy to prove/disprove you were the one or not by that address.

    Google "etherchange" and see what you get... Here is the first hit... MAC addresses don't prove diddley...

  8. Make WiFi secure by default by raitchison · · Score: 4, Insightful

    This problem could be reduced dramatically if WAPs shipped from the factory with complex random passwords WEP enabled and complex random WEP keys.

    As an example on a new HPaq server the iLO remore management interface has complex random password, printed on a label on the device.

    Imagine if Linksys, etc. did the same thing with WAPs, where no 2 WAPs with the same WEP key or password.

    Sure some users would just disable the protection but I'm betting if you made it halfway convienient that most won't. Make it more work to be insecure and the security will win most of the time. You might even be able to reduce this further by having the admin interface give you lots of warnings and make you jump through hopps to disable the security funcions.

    Of course secrity could be improved upon even further if the default security was better than WEP but I think that's too high a barrier for the average user to tolerate. WEP may suck but it's considerably better than wide open.

  9. The defaults are the problem by chrisgeleven · · Score: 4, Interesting

    Part of the problem is that the manufacturers don't disable anything by default...instead, you can literally plug a wireless router in and it'll instantly work assuming your internet connection uses DHCP to get its IP address.

    Perhaps the easiest way to solve this problem is to disable the wireless part of the router until you run the setup program (or even better, make it launch the browser so it will work on any OS) and make you go through the steps of enabling encryption and everything.

    I have WPA enabled on my wireless router (a Linksys WRT54G with the latest firmware) and MAC filtering. I broadcast my SSID ("Break this"), but that is more for ease of use then anything.

    I then enabled SSL for the admin pages, so I must type https://192.168.1.1/ (the actual IP is different) to reach the router's admin page. I figure between SSL and WPA, it will be pretty hard for someone to break into my router's admin page.

    The key is, with WPA and MAC filtering that will keep out all but the most determined out. If they ever got past that and onto my wireless network, I have logs so I could manually block them.

  10. piggybacker != thief by the_REAL_sam · · Score: 5, Insightful


    i'll play devil's advocate, for a minute:

    the airwaves are supposed to be public.

    therefore, if there's a "thief," the thief would be the group that cordones the public airwaves off and claims them as their own private property.

    --
    "Forgive us our trespasses, as we forgive those who trespass against us." -Jesus Christ The Lord's Prayer
  11. article is telco/cable demonization/propaganda by Cryofan · · Score: 5, Insightful

    Notice that this article goes out of its way to associate the following practices with wifi:
    --theft
    --child porn
    --terrorism

    And the article here never even questions whether associating these practices with wifi could be a subterfuge by the telcos and cable companies to demonizes wifi so as to be able to outlaw municipal wifi through legislation, which is what they are afraid of, as that will cause them to cut their broadband prices.

    This whole article is a propaganda piece, bought and paid for by the vested interests, such as telcos and cable companies.

    What a sham is the NY Times. Just another cog in the CorpGovMedia propaganda machine...

    --
    eat shiat and bark at the moon
  12. WiFi == Identity-Theft/Child Porn/Terrorism by Cryofan · · Score: 5, Interesting

    Notice how this NY Times articles is careful to associate each of this poisonous trio of ID Theft-ChildPorn-Terrorism with...WiFi.

    And what a coincidence that just as this article is being published, that all over America, state governments are trying to decide whether to outlaw municipal wifi. Of course, this drive to outlaw municipal wifi is in NO WAY connected to this article that tends to associate wifi with THEFT, CHILD PORN, and TERRORISM. And in no way would the telco and cable TV lobbies that stand to lose BILLIONS (if municipal wifi takes off) try to get the NY Times to help make wifi look bad.

    No way the media would do that! They have integrity. They would never sell out to the telco-cableTV lobby like that.
    Would they?

    --
    eat shiat and bark at the moon