These Nets Have Security Holes
They call it “war driving.” Hackers plug an antenna into a laptop computer, jump into a car, and then the fun begins. They easily break into wireless computer networks, which often spew unencrypted information into the airwaves for anyone to pick up.
“There are two kinds of people doing wireless security assessments in Silicon Valley: people like me, and the 19-year-old kids who do it for sport,” said Jonas Luster, president of D-fensive Networks Inc., a Campbell, Calif., security consulting firm.
During a recent security audit in a Silicon Valley parking lot, Luster’s electronic “sniffer” detected 169 wireless networks using the most popular standard, known as “Wi-Fi.” Just six had any form of security.
The experience with Wi-Fi is just the tip of the iceberg. The coming of so-called 3G wireless networks, which will allow cell phones and hand-held computers to access the Internet at high speeds, is creating a new realm of vulnerabilities.
Though wireless networks differ in their strengths and vulnerabilities, none escapes the fact that they transmit information through the air and are designed to traverse the infamously insecure expanses of the Internet.
Despite such concerns, the push for wireless convenience, mobility and commerce is racing ahead.
Last year, about 7.5 million devices were sold that connect personal computers, laptops and hand-held computers to Wi-Fi networks, which dominate the home and business markets, according to market research firm Allied Business Intelligence. Research firm EMarketer Inc. forecasts that by 2004, 63 million people in the U.S. will be connecting to the Internet by using cell phones or personal digital assistants.
Businesspeople use Wi-Fi to view documents from distant conference rooms. Forklift drivers use wireless hand-helds to monitor inventory in warehouses.
Shoppers browse Amazon.com or answer e-mail over wireless links while sipping a cafe latte at Starbucks. The coffee chain has equipped hundreds of outlets with Wi-Fi, and many other restaurants and airports have done likewise.
That mobility comes at a price.
During an audit for a Silicon Valley company, “we picked up signals from a nearby hospital,” Luster said. “It was a large amount of patient data, completely in clear text,” meaning the information was not scrambled or encrypted.
“We approached this hospital, and I offered to [plug the gap] for free,” he said.
The hospital refused to talk to him, Luster said.
“It would have been an admission of a problem, and people don’t want to do that,” he said.
On another occasion, he stumbled across a Nevada casino that was broadcasting unencrypted details of its security operations.
Call it the “if I can’t see it, it can’t hurt me” effect. Computer-savvy businesses take at least basic steps to protect wired networks, such as using anti-virus programs and installing software “firewalls” to block hackers.
Yet unwired vigilance is rare. Wi-Fi security is among the most leaky in the wireless world, and because its nodes often connect to standard networks, they can expose all manner of company secrets.
The root of the problem, experts said, is the same one that has plagued standard computer networks for decades. Wi-Fi was designed for convenience and economy, not security.
Default Wi-Fi security settings are next to useless. Few users bother to learn about advanced settings for wired equivalent privacy, or WEP, which is built into Wi-Fi devices. Manufacturers don’t ship products with the most secure settings turned on because that causes conflicts with Wi-Fi products from other vendors.
WEP is meant to encrypt data traveling over the airwaves and patch holes in company networks through wireless access points, or hubs. But even when set up properly, WEP provides weak protection on both fronts. Hacking software called AirSnort and WEPCrack, freely available online, allow even inexperienced hackers to obtain WEP’s encryption “key” to unscramble airborne text.
Ease of use has led to another big problem: “rogue” access points. A multitude of technically savvy but careless employees set up ad hoc wireless connections to their company networks.
“Companies say, ‘We don’t need wireless security because we don’t have a wireless network,’” said Christopher W. Klaus, chief technology officer of Internet Security Systems Inc., an Atlanta-based security company. “But just sniffing around their office, we find four or five access points.”
Large businesses can install virtual private networks, which block hackers fairly reliably. But that solution can be prohibitively costly and complex.
Experts advise common sense: Turn on WEP to deter casual eavesdroppers, and shut down rogue hubs.
They also urge caution in setting up authorized hubs. Wi-Fi is meant to broadcast only 150 feet, effectively within one building. But if hubs are set inside windows on the building’s periphery--where no walls impede signal strength--networks become open to remote hackers, Klaus said.
He has picked up Wi-Fi signals six miles from a network access point. Bad guys do the same, using a popular hacking tool, a Pringles potato chip can, as the antenna.
Ultimately, Wi-Fi security should improve as new standards upgrade WEP over the next couple of years. The first of these, called 802.1x, will be finalized within a couple of months. It changes the WEP encryption keys about every five minutes, rendering common hacking tools ineffective.
As consumers adopt high-speed 3G cellular phones, they may want to consider Wi-Fi’s cautionary tale.
The 3G networks will fix voice encryption problems that make many of today’s cell phones easy to tap. But 3G mobile commerce will require interaction with Web sites and networks whose security may not be so reliable. Such glitches have plagued PC-based e-commerce from its inception.
“3G services will all be insecure,” said Bruce Schneier, a cryptographer and chief technology officer of Counterpane Internet Security Inc. in Cupertino, Calif. “We’ll be patching it up as we go.”
