Slashdot Mirror
Queensland Police to Look For Unsecured WiFi Spots
OzPeter writes "As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: 'The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.' While some people may like having an open WiFi AP its interesting to see that the Police also feel that 'Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'"
http://www.wardriving.com/code.php
Merely 15 years ago I was doing the exact same thing and have been, on umpteen occasions, questioned, detained, given a 'move on' notice or just generally harassed.
[Rent This Space]
I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.
If you're a guest in my home, you're welcome to use the bandwidth, along with the lights and water. Can you imagine visitig a friend only to be told, "Look, here's the PIN code to unlock the lights, and here's the key in case you want to wash your hands." Ridiculous. I accept that there's a risk of someone lurking in their car outside the property boundary to leech off my internet connection, but there's a risk of someone stealing water from my outside, unprotected taps, too. OTOH, if bandwidth were shared freely everywhere there'd be no need to sneak around "stealing" it, would there?
It's the 21st Century, man. Get over it!
New mod option wanted: -1 DrunkenRambling
Plus, it's easier for them to book you for thought crimes they catch you committing via their IP taps. They'll have none of that "but my wifi is open -- it could have been anyone" defense. That won't work for you, sir, you'll be held accountable for whatever flows through your pipes!
This looks like a money grab from this years' budget
The QPS is always complaining that they do not have enough funding to pay their staff. Now they are wasting precious manhours to mine data that they could easily purchase (or even receive for free) from Google.
[Rent This Space]
If you don't have a secure WiFi then you may as well turn off the firewall on your network.
Finaly an actual initiative to protect and serve the people! A little faith in government restored.
Here be signatures
It's too easy finding a strong (as in signal), open, public WIFI signal these days for there really be any incentive to run around "hacking" WEP or even dealing with weak and unreliable signal issues that one faces using an open connection inside a building.
Shit, if you want to commit fraud, take a clean machine to any McDonalds in the country and you can fraud away to your heart's content.
Use WPA2/AES with an uncommon SSID and a complex password, or GTFO.
NSW police may be interested in my wifi ssid "Police_Surveillance_Van_71A"
I thought "WiFi encryption protocols are easily breakable" was the fifth law of thermodynamics or something.
Wifi security, including WPA and WPA2, is already broken. It's the equivalent of locking your house up with a six pin tumbler lock. It keeps the honest and the curious out, but it's nothing to someone who really wants in.
Admit it. You post strawman arguments as AC so you get modded Insightful for refuting them, rather than Troll
I find it odd that QPS Media has failed to supply the public with any technical information on what tools they are using and the scope of the exercise
Are they simply searching for wireless networks? Or going as far as trying default passwords?
Are they geocaching MAC Addresses and SSIDs that will be used in other investigations?
Are they sniffing traffic? Are they collecting any personally identifiable information?
While this is a nice service, I do think this does not fall under the purview of the state police
If this is simply a SIGINT operation in disguise, it is better left to the DSD or ASIO
If this is simply a community service, the state governement should use grants to coerce the industry to extend their voluntary code of practice so that ISP's are responsible for making their customers aware of the risks as part of the signup process.
[Rent This Space]
police going around to everyone's door trying to open it?
thats exactly it !
realistically hacking a wpa setup by a person with no experience is pretty unsecured
(do you really want to know how many people have password1 or changeme...)
have a look at this:
http://open.youyuxi.com/
australia is censored beyond what I certainly expected...
regards
John Jones
If anyone has a secure wi-fi spot, will the "I did not download that file, someone did by accessing my wi-fi" excuse remain valid?
Slashdot, fix the reply notifications... You won't get away with it...
to pay for this crap
>80 column hard wrapped e-mail is not a sign of intelligent
>life
This is NOT to protect citizens!
This is to make it easier to link people to activities on the Internet.
I think it is now illegal to have open Wifi in some places! Hello, police state!
I mean, it's a fine and commendable effort & all, but it's just bound to go WOOOOSH!!! to most citizens anyway. In fact, that goes for many of the cops too, I'd bet. Just leaving a letter talking about a screen door isn't really going to cut it for people who just expect to plug in a device and have it work perfectly automagically.
The eternal struggle of good vs. evil begins within one's self.
I understand WEP is trivial to crack but I have too many devices that only have WEP connectivity.
Have no money to upgrade and in many case no new devices exist that would replace the old ones.
To me, my WEP setup means to anyone else "locked door" and nothing else, the fact that the door is flimsy does not detract from the fact it is a locked door.
my SSID is NOENTRY
Wait of time and money.
All of them named Linksys, Dlink, Wireless, etc... and all to a single router that is connected to nothing at all.
It significantly reduces the volume of idiot neighbors that do not configure their new wireless as many times they will connect to me instead.
Works great, when I shut it off, I see no more default router names.
It also screws with the wardrivers, I look at some of the maps every few months and see my location with a giant pile of AP names around my building.
Do not look at laser with remaining good eye.
Your link says (of WPA-TKIP):
The flaw does not lead to key recovery, but only a keystream that encrypted a particular packet, and which can be reused as many as seven times to inject arbitrary data of the same packet length to a wireless client. For example, this allows someone to inject faked ARP packets which make the victim send packets to the open Internet. This attack was further optimized by two Japanese computer scientists Toshihiro Ohigashi and Masakatu Morii.[16] Their attack doesn't require Quality of Service to be enabled. In October 2009, Halvorsen with others made further progress, enabling attackers to inject larger malicious packets (596 bytes, to be more specific) within approximately 18 minutes and 25 seconds.[17].
Emphasis mine. If you use WPA-TKIP, an attacker can make you start sending him all your packets in less than 20 minutes. And if you use QoS, you're even more fucked, because (again, according to your link):
In February 2010, a new attack was found by Martin Beck that allows an attacker to decrypt all traffic towards the client. The authors say that the attack can be defeated by deactivating QoS, or by switching from TKIP to AES-based CCMP.[18]
So in conclusion: attacker gets all your outbound traffic in 20 minutes (and gets all your inbound traffic too if you use QoS). But somehow that's not "broken?"
Either you've just got your head in the sand, or you're a black hat trying to convince potential marks to keep using WPA-TPIK.
So are they going to force me to lock my door too?
So in conclusion: attacker gets all your outbound traffic in 20 minutes (and gets all your inbound traffic too if you use QoS). But somehow that's not "broken?"
Either you've just got your head in the sand, or you're a black hat trying to convince potential marks to keep using WPA-TPIK.
I did say use WPA2 if you have it available, but the threat isn't as significant as you make out. Anything serious (eg passwords) would be secured by SSL or TLS, so what are you going to sniff? You certainly can't get hold of anything that you couldn't just as easily get hold of via intercepting the cable/dsl/fibre. A guy with a high visibility vest and a clipboard fiddling around in your comms pit is much less noticeable than someone parked in your street with a laptop for 20 minutes.
And the threat TFA is talking about closing requires that your wireless security would be broken enough to allow an outsider to use it. No currently known WPA exploits allow this.
So it's broken, but not completely broken, and certainly not broken in the context of TFA.
Unfortunately, hot spots are the only means by which people can get on the Internet anonymously. To many readers, I'm sure you look at it as stealing bandwidth, and your right, it is. However, the population has come under attack from more and more tyranical governments, and it's the only way to combat them. You have to break a few eggs in order to make an omlett.
and buy a router with the a guest network capability. One device that offers dual AP - protected full speed for the home - un/protected guest ap that's restricted to 1/10 network bandwidth and isolated from the lan. Cost was $45 at Walmart
Mod me up/Mod me down: I wont frown as I've no crown
You motherfuckers need to be Wardriving for the BANKSTERS YOU PIECES OF SHIT.
You Slashdotters just don't get it. If these wifi connections are left unprotected it will be the end of the world as we know it. Communists will start abusing these connections to access the internet WITHOUT PAYING FOR IT! Consider the long term ramifications! The dismantling of the international banking system! Dogs and cats, living together! Mass hysteria!
Merely 15 years ago I was doing the exact same thing and have been, on umpteen occasions, questioned, detained, given a 'move on' notice or just generally harassed.
Wi-Fi did not exist in 1997. It existed about ten years ago. Wardriving didn't become particularly popular until around 2002-2003. I went out all the time and was never questioned.
Maybe that guilty look on your face got you second looks? Cops WILL hassle you if you appear to be doing something wrong and are looking around all the time.
--Martin Espinoza
The *proper* solution is to *accept* that some folks have open wifi, are ok with sharing their bandwidth, and therefore a consumer IP address is *not* to be admitted as evidence of a "crime" that has been committed using the public Internet.
Tired of FB/Google censorship? Visit UNCENSORED!
Clearly that is not how it works. If it was, every McDonald's, Starbucks, and half the other retail stores out there would not be offering free unencrypted WiFi. Fear that some criminal is going to drive around town looking for your open WiFi so that they can commit a crime is complete paranoia. There are open WiFi hotspots everywhere that wouldn't draw attention if a stranger was sitting in their car using it. They are even put on maps, and advertised by the businesses offering the open WiFi.
Seriously! Think of the children... actually DON'T think of the children, you perv.
You can foot the bill for any silly thing cant you.
More police driving around looking for naughty free Wi-Fi means less police driving around looking for drunk drivers. Tip buy shares in auto repairers and funeral homes.
I got to the chocolate box before you, that's why the hard ones have teeth marks.
Protection from whom? What is the risk to my personal data or my personal laptop if my WiFi _connection_ is open (assuming I've changed the default admin pwd on the router itself). Seems to me the cops have identified a solution before they actually defined a problem. same old same old