Independent Student Newspaper Since 1969

The Badger Herald
Breaking News
Independent Student Newspaper Since 1969

The Badger Herald
Independent Student Newspaper Since 1969

The Badger Herald
Breaking: UWPD investigation of Wednesday battery ongoing
Advertisements
Latest Stories
Madison Police Department Central District Captain Michael Hanson at a Thursday morning press conference to discuss safety ahead of the Mifflin Street Block Party. April 25, 2024.
Students make safety plans for Mifflin Street Block Party, raise concerns over enforcement
by Margaret ShreinerApril 25, 2024
Badger Herald archival photo of housing on East Johnson Street. September 1, 2023.
City of Madison approves new zoning code to increase accessory dwelling units
by Anna KristoffApril 25, 2024
Badger Herald archival photo of student studying at Memorial Library. February 26, 2022.
Blk Pwr Coalition launches scholarship program to support Black students
by Brianna DavisApril 25, 2024
Badger Herald archival photo of Bascom Hall. September 24, 2024.
Tuition hike will offload university financial pressures, may strain student budgets, expert says
by Sheng LeeApril 25, 2024
Photo courtesy of Wisconsin Institute for Creative Writing
UW Institute for Creative Writing Fellows present work with Wisconsin Book Festival
by Evan RandleApril 25, 2024
Bo Ryan. The Badger Herald archives.
Legendary former head coach Bo Ryan gets inducted into Naismith Memorial Basketball Hall of Fame
by Cameron WilhornApril 25, 2024
Advertisements

Wary of wireless: The Wi-Fi security risk

by Alec Luhn
November 14, 2007

Wednesday, 3:30 p.m., Espresso Royale on lower State Street. The drone of a latte machine and the gentle throb of the indie music mix permeate the cafe.

If wireless Internet made a noise, the air would be filled with the whir of information being exchanged, too. But the information can be heard plainly by the roving ear of a laptop at a side table.

An employee of a local technology firm, who preferred to remain anonymous due to professional concerns, set up a laptop to record information transmitted over Espresso Royale's unencrypted wireless network for a demonstration to The Badger Herald.

All of the programs used are freely available for download. The employee estimated it took two to three hours of research to begin collecting information.

According to the free "sniffer" software installed on the eavesdropping laptop, called Kismet, nine devices are connected to the cafe's Wi-Fi this afternoon, three of which are actively surfing the Internet. None of them are using security software over the unsecured network, so the laptop can intercept almost anything they send or receive.

One user with the temporary Internet Protocol address 192.168.0.137 is checking Google e-mail. 192.168.0.31 is pulling up the forecast for Charmany Farm, Wisc., through a Yahoo! weather widget program.

Advertisements

192.168.0.29 is chatting on AOL Instant Messenger while looking at news results about presidential candidate Ron Paul.

The content of the conversation is trivial, but the fact that such information is open to those who seek it out was discomforting to a patron at a neighboring table.

"It's really scary," said University of Wisconsin graduate student Nicole Kvale. "I'm mad impressed and really creeped out."

As wireless Internet becomes increasingly available in Madison, UW plans to extend wireless access to all campus buildings by the end of the semester. Wi-Fi provider Mad City Broadband currently offers service in large areas of the Isthmus and South Side. Some experts caution, however, that these wireless networks are not always as secure as they appear.

Whether users are chatting over instant messenger or typing in sensitive identity information, free software and a few hours of Google scholarship could be all that stands between their data and a stranger in a coffee shop.

Safe and sound?

The extent of Wi-Fi data protection depends on the security of the computer, the website being accessed and the network and Internet service providers offering the connection. If the wireless network isn't encrypted, anyone using a sniffer program can eavesdrop effortlessly, picking up information packets exchanged over a Wi-Fi network.

"If you don't encrypt your traffic, it's almost as if someone's sitting in a cafeteria. Everybody can hear them talk," said Suman Banerjee, a UW computer science professor who studies wireless networking.

With the wealth of information and programs available on the Internet, anyone interested in viewing whatever others type in, click on or look at over an unsecured wireless network can do so easily, Banerjee said.

"A little bit of knowledge of networks and how things work is enough for someone to start being malicious and collecting information," he said.

Even if a network offers some form of protection, it may not cover all of a user's activity. The Mad City Broadband wireless network is encrypted "throughout the communication layer" by Cisco technology, according to a spokesperson who declined to elaborate.

Although the communication layer, or transport layer — referring to the connection between access points located around a city and a central router — may be protected, the connection between a user's computer and an access point can still be open.

A brief listening session via a sniffer laptop from a car outside Capitol Centre Apartments Tuesday night indicated that subscribers to Mad City Broadband surf without protection unless they set up security themselves. The apartment complex uses the company's "Mad City-MDU" apartment building service.

The sniffer program revealed several AOL Instant Messenger conversations, including one about a fake identification card:

User1: hey btw, do you have your old fake?

User2: give me a bit, I am looking

User2: why you need?

User1: my friend wants it for his sis

User2: why don't i give her my ID?

User2: does she look like me?

User1: yeah, good enough!

Taking your life into your own hands

Mad City's security precautions correspond to industry standards, according to the company.

USI Wireless, which was contracted by the city of Minneapolis to provide citywide wireless by December, follows a similar system by only encrypting the connection between the access points and the central router. But if customers buy the wireless modem offered through the company, their connection to any access point is also encrypted.

"If you choose not to use our hardware, you take your life in your own hands," USI Wireless CEO Joe Caldwell said.

"Is it our responsibility to run after you to remind you not to leave your house unlocked with a sign that says 'not home?'" he asked.

The UW wireless network, which currently operates from access points in 98 percent of campus buildings, is relatively safe despite offering unencrypted Wi-Fi, according to UW Division of Information Technology communications manager Brian Rust.

An encrypted entrance portal allows only users with a UW NetID and password to access the network and prevents theft of UW login information, a configuration that meets the security needs of most students, Rust said.

"It's convenience and expediency versus cost and security," he explained, noting UW wanted to make its wireless network simple and easy to use above all else.

Most students and faculty use UW wireless Internet for schoolwork and innocuous communications, content unlikely to attract interest from information snoopers, according to Rust. He said he uses the unsecured Wi-Fi for most of his Internet needs. The UW offers free virtual private network (VPN) software available to allow users to encrypt their data being sent over the campus Wi-Fi network, although Banerjee said the software is not widely used on campus.

Many wireless network providers face a dilemma over ease of use, according to Banerjee. Encryption takes time and money, and the process can become mired in compatibility issues when a large number of devices are accessing the network, he said.

Espresso Royale chose a user-friendly, unsecured setup when it began offering free wireless Internet two years ago, according to General Manager Liz Tymus.

"Just being in a college town, it would not be in our best interests to make it hard to get online," Tymus said.

Facing the consequences

With easier access, users generally run a greater risk of information theft, according to some experts.

"Accessing data from wireless systems is emerging as a trend for thieves, because of the ease of access to information," said David Tatar, manager of the state Consumer Protection Bureau's Office of Privacy Protection. The office partners with law enforcement to investigate identification theft and mediate identification theft complaints.

Of the estimated 50 million wireless systems that have been sold in the U.S., only 30 percent are considered adequately protected, Tatar said.

College students and their peers are particularly at risk, he said, adding that 32 percent of identity theft complaints in Wisconsin are filed by people between the ages of 18 and 29, the largest percentage of any age group.

No data exists on how often identity theft arises from information stolen over the Internet or Wi-Fi, since it's often impossible to find the cause of a theft. In addition, the majority of cases go unreported, Tatar said.

Combating data theft

On open public networks and the partially secured university and Mad City networks, users must take precautions on their own if they want to ensure their information stays private, Banerjee said.

For the best results, users should install VPN software, a common practice at most enterprises and businesses. The VPN software allows access to a trusted network through an encrypted tunnel over unsecured wireless or other networks regardless of location, offering "blanket security for everything," he explained.

Users should also be cautious about giving information on websites over unsecured wireless, Banerjee said. Many reputable sites, such as financial institution homepages, encrypt a user's information, but devious operators can mimic such secure code.

Although none of the Wi-Fi providers knew of any reported security breach stemming from wireless use, Banerjee noted that most students do not take the issue of Internet security seriously enough.

"You only take notice once you've been hit," Banerjee said.

But one student was already alert to the risks of unsecured Wi-Fi: Observing the sniffing process in Espresso Royale, Nicole Kvale vowed to change all her passwords to be more secure.

"I'd like to learn how to not have that happen to me," Kvale said.

As the staff filled the air with the sound of brewing lattes, the laptop silently kept listening for information.

Advertisements
Leave a Comment
Donate to The Badger Herald

Your donation will support the student journalists of University of Wisconsin-Madison. Your contribution will allow us to purchase equipment and cover our annual website hosting costs.

More to Discover
More in News
PROFS open forum discuss funding challenges for flagship universities. April 24, 2024.
PROFS panel calls for de-politicization of higher education at public forum
Haia Al Zein is spearheading an effort to create a physical space for MENA students on the University of Wisconsin campus. Photo courtesy of Haia Al Zein.
UW student Haia Al Zein spearheads effort to establish MENA student center on campus
Under a new agreement, Porchlight, Inc. will move to a new location and student housing will be built in its place. April 2024.
New partnership promises new homeless, student housing in Madison
Image of Kari Byron courtesy of WUD Distinguished Lecture Series.
MythBusters 'Crash Test Girl' Kari Byron shares lessons from life as sculptor-turned-STEM advocate
The Wisconsin Capitol Building on a spring day, taken April 11, 2024.
New legislation to expand tax-advantaged savings account access for Wisconsinites with disabilities
WEI history and future of energy presentation. April 23, 2024.
Earth Fest panel highlights history, legacy of UW energy research
Independent Student Newspaper Since 1969

The Badger Herald
152 W. Johnson St., Suite 201
Madison, WI 53703
© 2024 • FLEX Pro WordPress Theme by SNOLog in
Donate to The Badger Herald

Comments (0)

All The Badger Herald Picks Reader Picks Sort: Newest

Your email address will not be published. Required fields are marked *