Wardrivers now exploiting your wireless service with ease

Wardrivers now exploiting your wireless service with ease

CHICAGO – Lots of wireless Internet routers at homes and businesses are still as secure as the Titanic was unsinkable, writes adjunct Northwestern professor James Carlini in an update about hackers who are targeting and exploiting your wireless service with more ease than ever before.
Wardialing is an old hacking term used to describe dialing down a sequence of many phone numbers in a block (like 555-1200 to 555-1400) and trying to find a weakness or an opening into a computer network by hitting a dial-up line. It was a fairly straightforward way to get access to a firm’s computer and didn’t take a lot of skills or special tools.
Wardriving, which is similar to wardialing, is when someone takes some equipment and drives around to find access points (or “hot spots”) that are linked into an Internet access point. There are lots of wireless routers at residential and commercial sites that may have encryption on them. Some people drive around and find ones that are open.
Last year, a student gathered some real statistics that I wrote about in a column:

In a two-hour period of driving around Chicago’s Lake Shore Drive, he uncovered 255 sites. Out of those sites, 175 weren’t encrypted and 65 had a default password still on board. So much for the security experts who think people are “protecting their networks”.
The reality is that a significant majority (two-thirds) were not encrypted and more than 25 percent had default passwords.

Those are some pretty bad statistics as far as open systems and it looks as though many people haven’t learned much from that column. Since last year, more people have gone the route of convenience and have bought wireless routers for their home and office. Unfortunately, many have not secured their router against outside wardrivers and other security threats.
There are others who are wardriving around the country and seeing that this is a growing problem. On the west coast, here’s an excerpt from a June 1 Associated Press article:

With a laptop perched in the passenger seat of his Toyota 4Runner and a special antenna on the roof, Mike Outmesguine (who owns a technical services company) ventured off to sniff out wireless networks between Los Angeles and San Francisco. He got a big whiff of insecurity.
While his 800-mile drive confirmed that the number of wireless networks is growing explosively, he also found that only a third used basic encryption – a key security measure. In fact, in nearly 40 percent of the networks, not a single change had been made to the gear’s wide-open default settings.
… During his wardrive, Outmesguine counted 3,600 hot spots compared with 100 on the same route in 2000. Worldwide, makers of Wi-Fi gear for homes and small offices posted sales of more than $1.3 billion in 2003, a 43 percent jump over 2002, according to Synergy Research Group.

One benefit of writing about wardriving is that it may hopefully wake up people who aren’t doing anything about security. This is a widespread issue and specialized equipment is not necessary.
Though ‘Cantennas’ Work, Who Needs Them?
There are many types of directional antennae you get obtain. These range from the pre-built type to the do-it-yourself cans that are made from potato chips cans, coffee cans and even cans of beans. They are good for up to a mile or so (maybe more if you get the right one and pick up a strong signal).
Some hackers swear by them and have even wrote up designs and approaches on how to build them. This was the rage a couple years ago. Today, you don’t even need a cantenna to pick off a wireless router’s signal. What’s already loaded on a laptop is good for a couple hundred feet. I just saw this while doing my own investigative study.
Getting free Internet access via a wireless connection is like going to your neighbor’s house and hooking up to get free electricity.
Few in the mainstream press really talk about these issues. They should focus on the ease of being a wardriver. Now, specialized components or funky antennae could be considered old school. Locking into a nearby company’s wireless Internet access is as easy as turning on your computer. This creates some big security issues that few establish protection from or even understand.
Bad Implementation
There are many people in the industry who proclaim to be wireless network experts and tout all types of certifications. People are touting best practices yet what they design and install has more holes than a slice of Swiss cheese. Bad implementations are eventually uncovered.
Best practices are a quickly moving target in this area and many pseudo experts are touting anything they can slap together as a “best practice” for others to follow.
A friend of mine (who has 25 years in telecom and IT) talked about putting a wireless router in his house. We discussed setting up the security. He thought he had it right, but when he was told he didn’t, he didn’t believe it. After further discussions and conferring with another colleague, he found out he was wide open.
A simple fix was to lock the router to accept signals from the MAC address on his PC’s wireless card. He didn’t believe he was so vulnerable and had to really be convinced. How many others are like him? How many people think they know what they’re doing and instead leave a router wide open?
Pinpointing the Wi-Fi Site? No Problem
Aside from collecting router and configuration information on unencrypted sites, you can also use an additional program that will give you GPS parameters. If you go to NetStumbler.com, you will find a wealth of information and the program that links collected data to MapPoint 2002, which will tag it with location information.
As I ended the column last year: “Those who thought wireless ‘was the way to go’ better review all the issues.” Some people are implementing wireless routers that are open invitations to those who want to steal access and do other subversive things anonymously.
James Carlini is an adjunct professor at Northwestern University. He is also president of Carlini & Associates. Carlini can be reached at carlini@northwestern.edu or 773-370-1888. This article has been syndicated on the Wisconsin Technology Network courtesy of ePrairie, a user-driven business and technology news community distributed via the Web, the wireless Web and free daily e-mail newsletters. They can be found at www.eprairie.com.
The opinions expressed herein or statements made in the above column are solely those of the author, & do not necessarily reflect the views of the The Wisconsin Technology Network, LLC. (WTN). WTN, LLC accepts no legal liability or responsibility for any claims made or opinions expressed herein.