Wireless networks --easy hacker pickings

korsjs

Welcome To SatelliteGuys
Original poster
Supporting Founder
Jan 25, 2004
7,583
0
Land O Lakes, FL
LAS VEGAS (Reuters) - Wireless Internet users may not know that it's easy for outsiders to read their email or scoop up passwords or other sensitive information.

ADVERTISEMENT

Secretly using a stranger's Wi-Fi connection is so easy that sniffing out open connections has become a sport among computer hackers.

At a recent conference in Las Vegas, wireless network enthusiasts, known as "wardrivers," had two hours to find 1,000 wireless networks in one of many contests that test their prowess.

Hackers ogled high-powered antennas that can pick up signals from over a mile away, and promoted wardriving Web sites like Wigle.net that map millions of wireless access points, or "hotspots," around the globe.

Hacking the Defcon conference's own wireless network proved popular as well -- organizers said they fended off some 1,200 attempts to compromise network security.

Wardrivers say the goal is not to steal bandwidth or spy on unsuspecting Internet users, and they frown upon those who do so. Rather, they hope to convince consumers and equipment manufacturers to improve the dismal state of wireless security.

"We're trying to raise awareness. Security, by default, should not be turned off," said an Edmonton, Alberta wardriver who goes by the name Panthera.

Wireless routers, many costing less than $100, enable consumers to surf the Web from their back yard or living room couch. With a range of several hundred feet, a Wi-Fi signal can reach to the street or surrounding houses, allowing neighbors to get online too.

Equipment sellers like Wardrivingworld.com say they do a lot of business with truckers and Winnebago owners as well as war drivers.

"People think truckers just drink beer and eat chili and belch, but 800 truck stops across the United States have wireless access," said Wardrivingworld.com co-founder Matthew Shuchman.

Hotspot owners can set passwords, encrypt their traffic to deter eavesdroppers, or limit network access only to specified computers.

But most don't have that kind of protection in place -- a June 2004 wardrive of some 230,000 hotspots conducted found that 62 percent were not encrypted.

Encryption won't stop a determined hacker. Wardrivers say that the WEP encryption standard used by many access points is easily crackable, though the recent WPA standard is tougher.

Open networks can expose sensitive information in homes, businesses and government offices.

A Michigan man in 2004 was convicted of using an unsecured network at a Lowe's home improvement store to steal credit card numbers, while a Toronto man was charged in 2003 with downloading child pornography using a nearby wireless connection.

Some wardrivers say that manufacturers like Linksys, a division of Cisco Systems Inc. (Nasdaq:CSCO - news), are to blame because they don't ship their products with security settings turned on and are more concerned with ease of use than security.

"They're not taking care of their customers -- they're intentionally putting them in harm's way," said RenderMan, a prominent wardriver who has logged some 20,000 access points in Edmonton.

New Linksys routers allow consumers to set up a secure connection with other Linksys devices by simply pushing a button, said Mike Wagner, the company's director of worldwide marketing. But Linksys, which accounts for 57 percent of the U.S. consumer market, can't ship its products with security settings turned on because most users won't bother to change the default password, Wagner said.

"That preconfigured password will be the exact same on 500,000 wireless products that we ship every month. So that's actually creating a false sense of security," he said.

Legal aspects of wardriving remain murky. While a variety of laws make it illegal to access a computer network without permission, very few have been tested in court.

Reading e-mail and other traffic on a wireless network could invite prosecution and it's unclear if wardrivers are breaking the law when they use open networks for Internet access, said San Francisco lawyer Robert Hale.

In Tampa, Florida, a man was arrested in April and charged with unauthorized access to a computer network after police found him using a nearby hotspot without permission.

"It comes down to a policy debate about whether the Internet is open or not," Hale said at a Defcon forum.

RenderMan and other prominent wardrivers say that people shouldn't tap into open networks even if the owners don't mind.

"We actively do not condone unauthorized use of people's networks," said Andy Carra, who helps run the Wigle.net wardriving Web site.

http://news.yahoo.com/s/nm/20050805/wr_nm/column_pluggedin_dc;_ylt=AolLrV4HA_63hvbdEzPlRagjtBAF;_ylu=X3oDMTBiMW04NW9mBHNlYwMlJVRPUCUl
 

DirecTV to Program WiMAX

FCC approves radio-spectrum auction

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)