Results of a Personal Wardrive

Wi-Fi networks are becoming well-known and readily available in electronics
and office supply stores. A couple of years ago you had to look hard to find
wireless LAN products on store shelves. Now, there are full-length aisles full
of wireless adapters and routers. With this growing popularity, lots of homes
and small offices are deploying wireless LANs.

With this in mind, a couple of my staff members drove through residential and
office areas while running a wireless LAN analyzer. The goal was to find out
what security issues were commonly present in wireless LAN implementations in
the area — what some call a wardrive. Heres what we found:

Home WLAN Security Not to Good

After driving through a few large residential areas and capturing details from
a couple hundred wireless routers
and access points, we found that roughly fifty percent were not using any form
of security. Of course the problem with this is that a neighbor or someone who
parks in the street can easily access Internet services and retrieve files stored
on the homeowners computers.

A while ago, a friend of mine living in an apartment installed a wireless LAN
router (with no security) attached to a broadband Internet service. After a
few months, he found that a couple of unknown users were associating with the
router and using his Internet service from somewhere else within the apartment
complex. He quickly implemented Wi-Fi Protected Access (WPA), which
solved the problem. You could also disable SSID (service
set identifier) broadcasting (if available on the unit) to limit other users
from automatically gaining access.

Also, Id heard that a friend of our family bought a laptop with an integrated
Wi-Fi adapter, took it home, and found it really cool that they could access
the Internet wirelessly. This user, however, hadnt yet installed any routers
or Internet service! Apparently, the radio card in the laptop was associating
with a neighbors unsecured wireless router, which was graciously providing
access.

The funny thing was that this person didnt even realize that you needed any
special hardware in the home to make this work. Theyd thought that the wireless
connection was only enabled by the radio device in the laptop and that the connection
to the Internet was magically made available. Maybe we need to educate
the home crowd a bit more…

SSIDs Identify Businesses

In our drive around testing, we found that many of the homes and businesses
were broadcasting the default SSID, which actually isnt too much of a problem.
In most cases, the default value is the hardware vendors name (except Cisco,
which uses tsunami). Some of the SSIDs found in our testing clearly indicate
company names. In fact, we found several large businesses having the SSID the
same as their company name. These companies were not broadcasting SSIDs, but
our packet analyzer readily found the SSIDs in user association request frames.

The knowledge of the SSID alone doesnt allow access to a WLAN that employs
solid authentication and encryption mechanisms. The issue is that having an
SSID the same as the company name may identify a network that a hacker would
rather attack than others. Id argue that its safer to have the SSID equal
to the default vendor name rather than use your company name. In addition, the
use of meaningless characters as the SSID draws the attention of hackers and
makes them suspicious that it represents a company trying to hide themselves.

Business WLAN Security Not Much Better

In business areas, we found that the usage of wireless security was around
seventy five percent. This was better than the residential areas, but there
were still several rather large, well-known companies operating wireless LANs
without any form of security. There was even evidence that a significant portion
of these businesses were connecting their access points directly to the corporate
network.

A business, especially a large one, is a bigger target for hackers wanting
to either disrupt operations or steal information. Companies not implementing
wireless security are certainly inviting hackers in to overhear email transmissions,
access corporate data, and change network configurations.

The bottom line in homes and small offices is to secure the network with at
least wired equivalent privacy (WEP). Even
though WEP has weaknesses, its better than nothing. If WPA is available, use
it. For larger companies, consider the use of a VPN (virtual private
network) and/or 802.1X authentication.

News Around the Web