Reply to comment
An exploration of the security levels of wireless networks in and around Leeds, West Yorkshire, England.
17th March 2004
People are so trustworthy. Or at least that’s what many users of wireless networks seem to think. They allow anyone to eavesdrop on their network traffic, they trust everybody, they believe that nobody has any malicious intent. I expect these are the same people who always leave the keys in their cars and their houses unlocked when they go out too.
Why do people seem to be so trusting when they install wireless networks?
Ignorance is Bliss
In many cases users are simply unaware of what they are doing. And not only home users, where this may (just) be excusable, business users too make basic security mistakes.
Wireless equipment is cheap and easily available. It very easy to install and set up. The downside is that ease of installation is achieved by switching off all the security features. Most users plug it in, switch it on and forget it.
Wardriving has nothing to do with war and very little to do with driving. It simply involves using a computer with a wireless card and software to scan for wireless networks. The most common used software is Netstumbler (or for PDAs and handhelds, Ministumbler). Both are freely available on the Internet. Netstumbler is ’friendly’ in that it will not probe deeply into networks and will not attempt to connect to the networks it finds.
Wardriving can be as simple or as elaborate as you want it to be. You can build complicated antennae, there are numerous designs on the Internet, and detect networks from miles away. You can build sensitive receiving equipment and buy special wireless cards, but you don’t need to go to those lengths.
To prove how incredibly easy Wardriving is we decided to do it the simplest way possible, using absolutely basic tools. We used a standard laptop PC running Windows XP fitted with a standard Linksys wireless card and Netstumbler. That’s it, no specialist hardware, only simple, readily available software, it really is that easy.
Then we drove through the centre of Leeds to see what would show up. We didn’t even bother with an external antenna so our car body may have shielded some of the less powerful networks from detection. Even so we were surprised by what we found.
Open for Business
Leeds City Centre is open for business, arguably a bit too open in many cases. Our route took us form Leeds Market, up the Headrow, past the Leeds Metropolitan University, Leeds University, through Headingley and out to the ring road at Lawnswood.
Happily there are wireless networks active in the centre of Leeds. It would be much more of a surprise if there weren’t. Less happily was the number of networks that are wide open to attack.
All together we detected 66 networks. Every one was freely broadcasting its network name (the SSID). 15 of those were using the manufacturer supplied default SSID, pretty easy for a hacker to work out. Most of the others were very obvious, such as the company name. Broadcasting the SSID can be switched off with one click of a button. Although not strictly a security issue this will at least make the hacker do a bit of work.
Wireless devices can work in two modes. Businesses mostly use ’Infrastructure’ mode, where several users connect to an ’Access Point’ to gain access to the wired network. The alternative mode is Ad-hoc (Peer to Peer) where wireless devices talk directly to each other. Both types of network were detected in our survey, 7 were Ad-hoc networks, only one was using any security.
It is obviously difficult to know (and control) who picks up the signals sent out by your wireless equipment. The designers included a form of security known as Wired Equivalent Privacy (WEP). The intention was to make wireless networks as secure as the more traditional wired network. They succeeded partly in this aim. WEP encrypts the data, making it unreadable to outsiders.
In practice WEP only provides partial security. Flaws have been exposed and a determined hacker will, given enough time, be able to break your WEP keys. But, if used properly, WEP can provide adequate security for most users. In circumstances where the data is very sensitive then other security measures may be required. Some security is better than none, all wireless networking equipment supports WEP so obviously everyone will use it?
Not according to our Wardriving survey. Less than half of our networks were using WEP, 29 out of our 66. The others were all sending data in unencrypted form, making it readable by anyone. Even worse by making the SSID visible it would be easy to attempt to connect to any of these networks.
Of course some of these networks will be home users and they may argue that there is nothing in the least bit sensitive in the data they send. This may well be true, but it’s not an argument for having no security. The real threat is that anyone can eavesdrop, possibly act on what they find, or simply use what they know to disrupt your network or steal your Internet access. How would you know if a neighbour two doors away was using your broadband connection for free? Would you know what your neighbour was getting up to? The fact is you would not know until something bad happens.
Business users have an even bigger problem. With equipment so cheap and easy to install many System Managers find that despite policies to the contrary their users have installed a wireless network. This can have serious implications for data and network security. Allowing hackers the chance to connect to your network is a risk too far. Imagine what might be detected on a Bank or Lawyer’s network?
Who exactly is connected? Are there unauthorised users? Is someone attempting to hack into my network? Are there unauthorised Access Points? Is the security adequate? System Administrators need to know the answers to these questions.
What Can You Do?
Everyone with a wired network knows the importance of Firewalls, Virus protection and so on. With wireless security is even more important.
The first thing to do is to use the security features built-in to your equipment. Features are no use if you don’t switch them on!
To keep you aware of what’s happening on your network you should install an Intrusion Detection System. Typically wireless sensors are deployed around the network and report back to a central Management Console where a database is kept updated and alarms are raised. The sophistication of the threat detection software is the important feature and the whole network should be covered. Price is not always a good indicator of the best solution.
Our survey has shown that Wardriving is extremely easy to do and that wireless networks are particularly vulnerable. They can be a way for hackers to bypass your network security, finding out what’s on the network is very simple, stealing someone else’s access to the Internet is easy. By using the built-in security and with very little effort you can make your wireless network secure, by deploying an Intrusion Detection System you can be alerted to hacking attempts, by being aware of what users are doing you can take control of the network again.
Being open for business is a good thing for Leeds, wireless networking is here to stay, opening your network to hackers is quite a different matter. Making sensible use of the features you have already and taking some reasonable precautions will make your wireless network secure. Do it now before it’s too late.
Update 1/5/2013: FYI Jack did a follow up post The state of Wi-Fi security in 2009.