Wireless MSc Research
Saturday 6 April 2013
WiFI Talk Bedford BCS Feb 2013
Received some pictures of the talk I did in Feb this year to the Bedford branch of the BCS at Bedford College.
"WiFi Networks: The Practicalities of Implementing A WiFi Network" is the topic of a talk by Geraint Williams, Information Risk Consultant and Trainer, IT Governance Ltd., and Honorary Visiting Fellow at the University of Bedfordshire.
Secure configuration is becoming ever more important as an increasing number of devices are incorporating wireless technology - from laptops, smartphones, tablets, projectors and cameras, to multimedia entertainment systems and games consoles. The growing demand for allowing BYOD ("Bring Your Own Device") within the corporate network means that larger numbers of organisations are implementing wireless networks.
The wireless network standard 802.11 was originally released in 1997 by the IEEE and, by computing timescales, is a mature technology with a large base of manufacturers and both commercial and domestic users. Despite initiatives like Wireless Protected Setup (WPS) to make installation easier, there are still issues in implementing a network using wireless technology in both the corporate and home environments.
The courts have already convicted paedophiles for piggybacking neighbours wireless networks to download material, and hackers for using wireless networks for pirating software, music and films and for spying on occupants using their own security cameras.
Wireless networks have a history of security problems with flaws in the implementation of WEP and recently with WPS. This talk will look at these issues, the (open source) tools that can be used, and how these apply to the wireless environment. The talk will include practical demonstrations of the tools and techniques discussed in the presentation and will unravel the alphabetic soup of the available standards.
Sunday 2 December 2012
Saturday 29 September 2012
Wigle Wifi Wardriving
Wigle Wifi Wardriving
Is slightly different to the other tools I have reviewed, it is an open-source wardriving app to netstumble, display and map found wireless networks and cell towers anywhere in the world, easily uploading to the wigle net database. According the website WiGLE was started in 2001 and now has over 59 million wifi networks worldwide.
The list screen shows the detected WiFi networks, giving details of the MAC address and encryption if any.
The map screen plots the found WiFi networks on a map
The run screen gives details of the current war drive
The Data screen allows the conversion and export of data, including the uploading to the Wigle net database
The setting screen allows configuration of the Wigle account and the wardrive
From within the list screen if you click on a network it is displayed on the map along with details of the network and when first seen.
There are a number of option available for most of the screens
Is slightly different to the other tools I have reviewed, it is an open-source wardriving app to netstumble, display and map found wireless networks and cell towers anywhere in the world, easily uploading to the wigle net database. According the website WiGLE was started in 2001 and now has over 59 million wifi networks worldwide.
The list screen shows the detected WiFi networks, giving details of the MAC address and encryption if any.
The map screen plots the found WiFi networks on a map
The run screen gives details of the current war drive
The Data screen allows the conversion and export of data, including the uploading to the Wigle net database
The setting screen allows configuration of the Wigle account and the wardrive
From within the list screen if you click on a network it is displayed on the map along with details of the network and when first seen.
There are a number of option available for most of the screens
Wednesday 19 September 2012
Wireless Attack Tree
Wireless Attack Tree
As part of the my research project I'm trying to develop an attack tree for domestic WiFi, the latest version is displayed here.Tuesday 18 September 2012
Wi-Fi Analytics Tool
The Wi-Fi Analytics Tool by amped wireless is another of the tool I have used for investigating WiFi networking it is currently at version 3.2.1
WiFi Scanner shows the currently available networks, touching a channel allows you to connect to it.
Channel interference screen shows how congested the available channels are, the longer the bar the more congested the channel is, it also recommends a list of channels.
Channel Graph shows the signal strength on each of the channels
Signal Graph screen shows the signal strength over a period of time.
Signal Strength signal meter shows the strength of the currently selected channel
Signal Strength Widget allows you to configure a widget for use on the android display.
WiFi Scanner shows the currently available networks, touching a channel allows you to connect to it.
Channel interference screen shows how congested the available channels are, the longer the bar the more congested the channel is, it also recommends a list of channels.
Channel Graph shows the signal strength on each of the channels
Signal Graph screen shows the signal strength over a period of time.
Signal Strength signal meter shows the strength of the currently selected channel
Signal Strength Widget allows you to configure a widget for use on the android display.
Monday 17 September 2012
WiFi sniffing & Patents
As a research student looking at Wireless networking I am always keen to follow up stories about the legality of war driving and other activities.
Today I came across this article http://www.scientificamerican.com/podcast/episode.cfm?id=is-wi-fi-sniffing-a-crime-12-09-13 on the Scientific American about the legality of actual sniffing data as opposed to my definition of war driving which involves locating wireless access points and the parameters of the 802.11 network traffic ie encrypted or not.
The article says a judge (in Illinois) ruled that Innovatio IP Ventures capturing wireless traffic in order to ascertain whether their patents had been infringed was legal.
This is certainly an interesting decision and I do wonder if Google might not try claiming they were trying to protect patents in future cases. Digs at Google aside the concerns of individuals rights to privacy and about what will happen to the collected do appear to be taken into account by the Judge as the company have to issue protocols about the collection of the data.
"Innovatio sought permission to obtain a preliminary ruling on the admissibility of the information that it gains in the sniffing process. (Dkt. No. 290.) The court granted permission to Innovatio to seek an admissibility ruling (Dkt. No. 323), but expressed some concern that Innovatio's sniffing may implicate the privacy interests of the customers using the Wi-Fi networks under the federal Wiretap Act. 18 U.S.C. §§ 2510-2522. Accordingly, the court ordered Innovatio's motion to describe its proposed sniffing protocol in detail and to address the applicability of the Wiretap Act. Innovatio has submitted a proposed protocol under seal (Dkt. No. 329, Ex. A), and now requests that the court approve that protocol and issue a preliminary ruling on the admissibility of any evidence Innovatio may gather through the use of that protocol."
The conclusion of the judgement says that " the evidence Innovatio collects through the use of that protocol will not be inadmissible because of a violation of those Acts. Accordingly, if Innovatio lays a proper foundation under the Federal Rules of Evidence at trial for the information it collects through the sniffing protocol, that evidence will be admissible." this I understand as at the moment it is not legal to sniff wireless data to gather evidence of patent infringement as it is not currently admissible.
Today I came across this article http://www.scientificamerican.com/podcast/episode.cfm?id=is-wi-fi-sniffing-a-crime-12-09-13 on the Scientific American about the legality of actual sniffing data as opposed to my definition of war driving which involves locating wireless access points and the parameters of the 802.11 network traffic ie encrypted or not.
The article says a judge (in Illinois) ruled that Innovatio IP Ventures capturing wireless traffic in order to ascertain whether their patents had been infringed was legal.
This is certainly an interesting decision and I do wonder if Google might not try claiming they were trying to protect patents in future cases. Digs at Google aside the concerns of individuals rights to privacy and about what will happen to the collected do appear to be taken into account by the Judge as the company have to issue protocols about the collection of the data.
"Innovatio sought permission to obtain a preliminary ruling on the admissibility of the information that it gains in the sniffing process. (Dkt. No. 290.) The court granted permission to Innovatio to seek an admissibility ruling (Dkt. No. 323), but expressed some concern that Innovatio's sniffing may implicate the privacy interests of the customers using the Wi-Fi networks under the federal Wiretap Act. 18 U.S.C. §§ 2510-2522. Accordingly, the court ordered Innovatio's motion to describe its proposed sniffing protocol in detail and to address the applicability of the Wiretap Act. Innovatio has submitted a proposed protocol under seal (Dkt. No. 329, Ex. A), and now requests that the court approve that protocol and issue a preliminary ruling on the admissibility of any evidence Innovatio may gather through the use of that protocol."
The conclusion of the judgement says that " the evidence Innovatio collects through the use of that protocol will not be inadmissible because of a violation of those Acts. Accordingly, if Innovatio lays a proper foundation under the Federal Rules of Evidence at trial for the information it collects through the sniffing protocol, that evidence will be admissible." this I understand as at the moment it is not legal to sniff wireless data to gather evidence of patent infringement as it is not currently admissible.
Sunday 16 September 2012
French prosecution over insecure WiFi?
I have been following the conviction of a Frenchman over downloading two Rihanna music tracks http://www.bbc.co.uk/news/technology-19597429, and I came across this article from PC World http://www.pcworld.com/ article/262313/ french_piracy_law_claims_first_ innocent_victim.html that in the article claimed he was convicted for an insecure WiFi network.
In the article it states "Though his wife admitted, in court, to illegally downloading two Rihanna songs, Alain Prevost was still fined for failing to secure his Wi-Fi network." however it does not follow up on what this meant.
The article goes on to say he was convicted under a French anti-piracy law known as HADOPI (Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet), not a law dealing with WiFi networks.
It would of been interesting to know whether the WiFi was insecure?, did his wife/ex-wifi illegal connect to his wifi? Did he not change the encryption key after separating?
Does lead to the through what happens when partners seperate and they have been using WiFi, the encryption key should be changed to prevent the ex-partner from reconnecting and downloading illegal material as revenge.
In the article it states "Though his wife admitted, in court, to illegally downloading two Rihanna songs, Alain Prevost was still fined for failing to secure his Wi-Fi network." however it does not follow up on what this meant.
The article goes on to say he was convicted under a French anti-piracy law known as HADOPI (Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet), not a law dealing with WiFi networks.
It would of been interesting to know whether the WiFi was insecure?, did his wife/ex-wifi illegal connect to his wifi? Did he not change the encryption key after separating?
Does lead to the through what happens when partners seperate and they have been using WiFi, the encryption key should be changed to prevent the ex-partner from reconnecting and downloading illegal material as revenge.
Subscribe to:
Posts (Atom)