NEWS
Wary of wireless: The Wi-Fi security risk
Looking for a print version?
Simply choose ‘Print’ on your computer and a printer-friendly document will be generated.
Also by Alec Luhn:
- Wary of wireless: The Wi-Fi security risk (November 14, 2007)
- Bomb squad clears suspicious package (October 30, 2007)
Related Stories:
- Wireless availability grows in downtown area (February 18, 2005)
- DoIT survey pushes student wireless initiative (September 9, 2005)
- Coffee Store Added to Downtown Area (October 22, 2003)
- Madison chooses Internet provider (February 28, 2005)
- Milwaukee plans wireless network scheme (February 3, 2006)
by Alec Luhn
Wednesday, November 14, 2007
Wednesday, 3:30
p.m., Espresso Royale on lower State Street. The drone of a latte machine and
the gentle throb of the indie music mix permeate the cafe.
If wireless
Internet made a noise, the air would be filled with the whir of information
being exchanged, too. But the information can be heard plainly by the
roving ear of a laptop at a side table.
An employee of a local technology firm, who preferred to
remain anonymous due to professional concerns, set up a laptop to record information
transmitted over Espresso Royale's unencrypted wireless network for a
demonstration to The Badger Herald.
All of the programs used are freely available for download.
The employee estimated it took two to three hours of research to begin collecting
information.
According to the free "sniffer" software installed on the
eavesdropping laptop, called Kismet, nine devices are connected to the cafe's Wi-Fi this afternoon, three of
which are actively surfing the Internet. None of them are using security
software over the unsecured network, so the laptop can intercept almost
anything they send or receive.
One user with the temporary Internet Protocol address
192.168.0.137 is checking Google e-mail. 192.168.0.31 is pulling up the
forecast for Charmany Farm, Wisc., through a Yahoo! weather widget program.
192.168.0.29 is chatting on AOL Instant Messenger while
looking at news results about presidential candidate Ron Paul.
The content of the conversation is trivial, but the fact
that such information is open to those who seek it out was discomforting to a
patron at a neighboring table.
"It's really scary," said University of Wisconsin graduate
student Nicole Kvale. "I'm mad impressed and really creeped out."
As wireless Internet becomes increasingly available in
Madison, UW plans to extend wireless access to all campus buildings by the end
of the semester. Wi-Fi provider Mad City Broadband currently offers service in
large areas of the Isthmus and South Side. Some experts caution, however, that these
wireless networks are not always as secure as they appear.
Whether users are chatting over instant messenger or typing
in sensitive identity information, free software and a few hours of Google
scholarship could be all that stands between their data and a stranger in a
coffee shop.
Safe and sound?
The extent of Wi-Fi data protection depends on the security
of the computer, the website being accessed and the network and Internet
service providers offering the connection. If the wireless network isn't
encrypted, anyone using a sniffer program can eavesdrop effortlessly, picking up
information packets exchanged over a Wi-Fi network.
"If you don't encrypt your traffic, it's almost as if
someone's sitting in a cafeteria. Everybody can hear them talk," said Suman
Banerjee, a UW computer science professor who studies wireless networking.
With the wealth of information and programs available on the
Internet, anyone interested in viewing whatever others type in, click on or look
at over an unsecured wireless network can do so easily, Banerjee said.
"A little bit of knowledge of networks and how things work
is enough for someone to start being malicious and collecting information," he
said.
Even if a network offers some form of protection, it may not
cover all of a user's activity. The Mad City Broadband wireless network is
encrypted "throughout the communication layer" by Cisco technology, according
to a spokesperson who declined to elaborate.
Although the communication layer, or transport layer — referring
to the connection between access points located around a city and a central
router — may be protected, the connection between a user's computer and an
access point can still be open.
A brief listening session via a sniffer laptop from a car
outside Capitol Centre Apartments Tuesday night indicated that subscribers to Mad
City Broadband surf without protection unless they set up security themselves.
The apartment complex uses the company's "Mad City-MDU" apartment building
service.
The sniffer program revealed several AOL Instant Messenger
conversations, including one about a fake identification card:
User1: hey btw, do you have your old
fake?
User2: give me a bit, I am looking
User2: why you need?
User1: my friend wants it for his sis
User2: why don't i give her my ID?
User2: does she look like me?
User1: yeah, good enough!
Taking your life into your own hands
Mad City's security precautions correspond to industry
standards, according to the company.
USI Wireless, which was contracted by the city of
Minneapolis to provide citywide wireless by December, follows a similar system
by only encrypting the connection between the access points and the central
router. But if customers buy the wireless modem offered through the company,
their connection to any access point is also encrypted.
"If you choose not to use our hardware, you take your life
in your own hands," USI Wireless CEO Joe Caldwell said.
"Is it our responsibility to run after you to remind you not
to leave your house unlocked with a sign that says 'not home?'" he asked.
The UW wireless network, which currently operates from
access points in 98 percent of campus buildings, is relatively safe despite
offering unencrypted Wi-Fi, according to UW Division of Information Technology
communications manager Brian Rust.
An encrypted entrance portal allows only users with a UW
NetID and password to access the network and prevents theft of UW login
information, a configuration that meets the security needs of most students,
Rust said.
"It's convenience and expediency versus cost and security,"
he explained, noting UW wanted to make its wireless network simple and easy to use
above all else.
Most students and faculty use UW wireless Internet for
schoolwork and innocuous communications, content unlikely to attract interest from information snoopers,
according to Rust. He said he uses the unsecured Wi-Fi for most of his Internet
needs. The UW offers free virtual private network (VPN) software available to
allow users to encrypt their data being sent over the campus Wi-Fi network,
although Banerjee said the software is not widely used on campus.
Many wireless network providers face a dilemma over ease of use,
according to Banerjee. Encryption takes time and money, and the process can
become mired in compatibility issues when a large number of devices are
accessing the network, he said.
Espresso Royale chose a user-friendly, unsecured setup when
it began offering free wireless Internet two years ago, according to General
Manager Liz Tymus.
"Just being in a college town, it would not be in our best
interests to make it hard to get online," Tymus said.
Facing the consequences
With easier access, users generally run a greater risk of
information theft, according to some experts.
"Accessing data from wireless systems is emerging as a trend
for thieves, because of the ease of access to information," said David Tatar,
manager of the state Consumer Protection Bureau's Office of Privacy Protection.
The office partners with law enforcement to investigate identification theft
and mediate identification theft complaints.
Of the estimated 50 million wireless systems that have been
sold in the U.S., only 30 percent are considered adequately protected, Tatar
said.
College students and their peers are particularly at risk,
he said, adding that 32 percent of identity theft complaints in Wisconsin are
filed by people between the ages of 18 and 29, the largest percentage of any
age group.
No data exists on how often identity theft arises from
information stolen over the Internet or Wi-Fi, since it's often impossible to
find the cause of a theft. In addition, the majority of cases go unreported,
Tatar said.
Combating data theft
On open public networks and the partially secured university
and Mad City networks, users must take precautions on their own if they want to
ensure their information stays private, Banerjee said.
For the best results, users should install VPN software, a
common practice at most enterprises and businesses. The VPN software allows
access to a trusted network through an encrypted tunnel over unsecured wireless
or other networks regardless of location, offering "blanket security for
everything," he explained.
Users should also be cautious about giving information on websites
over unsecured wireless, Banerjee said. Many reputable sites, such as financial
institution homepages, encrypt a user's information, but devious operators can
mimic such secure code.
Although none of the Wi-Fi providers knew of any reported
security breach stemming from wireless use, Banerjee noted that most students
do not take the issue of Internet security seriously enough.
"You only take notice once you've been hit," Banerjee said.
But one student was already alert to the risks of unsecured
Wi-Fi: Observing the sniffing process in Espresso Royale, Nicole Kvale vowed to
change all her passwords to be more secure.
"I'd like to learn how to not have that happen to me," Kvale
said.
As the staff filled the air with the sound of brewing
lattes, the laptop silently kept listening for information.
Anonymous (November 14, 2007 @ 7:44am):
There is such a thing as trillian which allows all your IMs to be used from one location and you chat securely =0)
Anonymous (November 14, 2007 @ 9:23am):
It is easy enough to encrypt your traffic with PGP or other software add-ons.
This eliminates the need to encrypt the wireless traffic, and has the added bonus of working with every network you encounter.
Tor a small yearly fee, one could also use a product like metropipe tunneler which not only encrypts, but allows you to pay with e-gold.
Anonymous (November 14, 2007 @ 9:50am):
Man f*ck them. First their network sucks and now we learn it isn't safe? Mad City Broadband can go to hell. I am so pissed I have to pay rent for their shit. I thought Charter was bad but f*ck.
Anonymous (November 14, 2007 @ 1:09pm):
I guess I should stop IMing my credit card and social security numbers on public wireless...
Anonymous (November 14, 2007 @ 2:46pm):
With all the intercepting of computer communications that went into writing this article, it is interesting to point out the following:
18 U.S.C. 2511. Interception and disclosure of wire, oral, or electronic communications prohibited
any person who--
(1)(a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication;
(a) Except as provided in paragraph (b) of this subsection or in subsection (5), whoever violates subsection (1) of this section shall be fined<possibly $500> under this title or imprisoned not more than five years, or both.
I am not saying that this statute absolutely applies but it is interesting to point out I think.
Anonymous (November 14, 2007 @ 4:08pm):
this article does a fantastic job explaining how one can encrypt their own wireless connection. wait, no it doesn't...
Anonymous (November 14, 2007 @ 7:29pm):
Interesting. They don't mention that most personal information is sent over SSL/TSL encryption by default.
Anonymous (November 14, 2007 @ 10:32pm):
RE: 18 U.S.C. 2511
I would disagree, based on (2)(g)(i) and (2)(g)(ii)(III) (see below for link to whole statute):
(2)
(g) It shall not be unlawful under this chapter or chapter 121 of this title for any person--
(i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;
(ii) to intercept any radio communication which is transmitted--
(III) by a station operating on an authorized frequency within the bands allocated to the amateur, citizens band, or general mobile radio services;
These points would indicate that it is not unlawful as open wifi is "configured so that such electronic communication is readily accessible to the general public" and is operating in the 2.4GHz band, which is an FCC "amateur" band.
Read the whole statute here:
http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002511--000-.html
FCC Band plan here (page 36, top right, 2395Mhz-2400MHz, 2400MHz-2417MHz, 2417MHz-2450MHz):
http://www.fcc.gov/oet/spectrum/table/fcctable.pdf
Anonymous (November 15, 2007 @ 9:00am):
When I referenced 18 U.S.C. 2511, I had already looked over the statute and determined that many of the exceptions didn't apply in this case. The courts to my knowledge have not weighed in on this topic yet but the interpretation that is included in a manual provided by the Dept. of Justice indicated that the "Accessible to Public Exception" deals more with the actual contents of the communication such as posting to a public bulletin board or public chat room(not a private chat) and not so much with the accessibility to intercept that communication through unsecured wireless. So per that interpretation, it is not the openness of the communication that dictates a violation, but the contents of the communication that is weighed to determine the legality. However, you do bring up a good point in regards to the definition of "readily accessible to the general public" with respect to radio communication as stated in (16)(a) and the fact that WiFi is included in the ISM Band/Amatur allocation. In either case, is it a good idea for people to be legally able to intercept unsecured wireless traffic as was done in the writing of this article? I believe the courts and legislature are behind in determining the answer to this question. What is going to deter those who sniff open wireless and have the possibility to intercept and use the information they get? I guess those using open WiFi better take precautions now, more than ever, to protect themselves!
Anonymous (November 15, 2007 @ 5:56pm):
I would feel better if I thought that:
laptop owners were careful to connect only to legitimate access points. Does everyone know how that works? I didn't think so.
and all owners used robust and carefully configured security software including a really good firewall.
I wouldn't feel good; I would just feel better. WiFi is cheap and easy. We get what we pay for, in money and convenience. Why think otherwise?
Anonymous (November 20, 2007 @ 11:36pm):
"Anonymous (November 14, 2007 @ 7:29pm):
Interesting. They don't mention that most personal information is sent over SSL/TSL encryption by default."
That only happens if you're using a secure web site and connecting to a TLS/SSL server. The Internet is not magic it does not know the difference between personal information and general public info unless you tell it. Just because you are sending personal information over the web does not mean it is secured, you have to secure your own information. If you send information through IM particularly AOL IM it is not secure unless you are communicating through a secure server.
Add a comment
We welcome your thoughts, but please keep your feedback thoughtful, on-topic and respectful. Offensive language, personal attacks, or irrelevant comments may be deleted.
Login...
Not registered? Sign up now.
It's quick, free, and the email address you provide will not be sold or solicited.
