WiFI Talk Bedford BCS Feb 2013

Received some pictures of the talk I did in Feb this year to the Bedford branch of the BCS at Bedford College.

"WiFi Networks: The Practicalities of Implementing A WiFi Network" is the topic of a talk by Geraint Williams, Information Risk Consultant and Trainer, IT Governance Ltd., and Honorary Visiting Fellow at the University of Bedfordshire.

Secure configuration is becoming ever more important as an increasing number of devices are incorporating wireless technology - from laptops, smartphones, tablets, projectors and cameras, to multimedia entertainment systems and games consoles. The growing demand for allowing BYOD ("Bring Your Own Device") within the corporate network means that larger numbers of organisations are implementing wireless networks.

The wireless network standard 802.11 was originally released in 1997 by the IEEE and, by computing timescales, is a mature technology with a large base of manufacturers and both commercial and domestic users. Despite initiatives like Wireless Protected Setup (WPS) to make installation easier, there are still issues in implementing a network using wireless technology in both the corporate and home environments.

The courts have already convicted paedophiles for piggybacking neighbours wireless networks to download material, and hackers for using wireless networks for pirating software, music and films and for spying on occupants using their own security cameras.

Wireless networks have a history of security problems with flaws in the implementation of WEP and recently with WPS. This talk will look at these issues, the (open source) tools that can be used, and how these apply to the wireless environment. The talk will include practical demonstrations of the tools and techniques discussed in the presentation and will unravel the alphabetic soup of the available standards.

Wireless in London

Typical WiFi environment in London, everything in the 2.4GHz band, nothing in the 5GHz band

Wigle Wifi Wardriving

Wigle Wifi Wardriving

Is slightly different to the other tools I have reviewed, it is an open-source wardriving app to netstumble, display and map found wireless networks and cell towers anywhere in the world, easily uploading to the wigle net database. According the website WiGLE was started in 2001 and now has over 59 million wifi networks worldwide.

The list screen shows the detected WiFi networks, giving details of the MAC address and encryption if any.

The map screen plots the found WiFi networks on a map

The run screen gives details of the current war drive

The Data screen allows the conversion and export of data, including the uploading to the Wigle net database

The setting screen allows configuration of the Wigle account and the wardrive

From within the list screen if you click on a network it is displayed on the map along with details of the network and when first seen.

There are a number of option available for most of the screens

Wireless Attack Tree

Wireless Attack Tree

As part of the my research project I'm trying to develop an attack tree for domestic WiFi, the latest version is displayed here.

Wi-Fi Analytics Tool

The Wi-Fi Analytics Tool by amped wireless is another of the tool I have used for investigating WiFi networking it is currently at version 3.2.1

WiFi Scanner shows the currently available networks, touching a channel allows you to connect to it.

Channel interference screen shows how congested the available channels are, the longer the bar the more congested the channel is, it also recommends a list of channels.

Channel Graph shows the signal strength on each of the channels

Signal Graph screen shows the signal strength over a period of time.

Signal Strength signal meter shows the strength of the currently selected channel

Signal Strength Widget allows you to configure a widget for use on the android display.

WiFi sniffing & Patents

As a research student looking at Wireless networking I am always keen to follow up stories about the legality of war driving and other activities.

Today I came across this article http://www.scientificamerican.com/podcast/episode.cfm?id=is-wi-fi-sniffing-a-crime-12-09-13 on the Scientific American about the legality of actual sniffing data as opposed to my definition of war driving which involves locating wireless access points and the parameters of the 802.11 network traffic ie encrypted or not.

The article says a judge (in Illinois) ruled that Innovatio IP Ventures capturing wireless traffic in order to ascertain whether their patents had been infringed was legal.

This is certainly an interesting decision and I do wonder if Google might not try claiming they were trying to protect patents in future cases. Digs at Google aside the concerns of individuals rights to privacy and about what will happen to the collected do appear to be taken into account by the Judge as the company have to issue protocols about the collection of the data.

"Innovatio sought permission to obtain a preliminary ruling on the admissibility of the information that it gains in the sniffing process. (Dkt. No. 290.) The court granted permission to Innovatio to seek an admissibility ruling (Dkt. No. 323), but expressed some concern that Innovatio's sniffing may implicate the privacy interests of the customers using the Wi-Fi networks under the federal Wiretap Act. 18 U.S.C. §§ 2510-2522. Accordingly, the court ordered Innovatio's motion to describe its proposed sniffing protocol in detail and to address the applicability of the Wiretap Act. Innovatio has submitted a proposed protocol under seal (Dkt. No. 329, Ex. A), and now requests that the court approve that protocol and issue a preliminary ruling on the admissibility of any evidence Innovatio may gather through the use of that protocol."

The conclusion of the judgement says that " the evidence Innovatio collects through the use of that protocol will not be inadmissible because of a violation of those Acts. Accordingly, if Innovatio lays a proper foundation under the Federal Rules of Evidence at trial for the information it collects through the sniffing protocol, that evidence will be admissible." this I understand as at the moment it is not legal to sniff wireless data to gather evidence of patent infringement as it is not currently admissible.

French prosecution over insecure WiFi?

I have been following the conviction of a Frenchman over downloading two Rihanna music tracks http://www.bbc.co.uk/news/technology-19597429, and I came across this article from PC World http://www.pcworld.com/article/262313/french_piracy_law_claims_first_innocent_victim.html that in the article claimed he was convicted for an insecure WiFi network.

In the article it states "Though his wife admitted, in court, to illegally downloading two Rihanna songs, Alain Prevost was still fined for failing to secure his Wi-Fi network." however it does not follow up on what this meant.

The article goes on to say he was convicted under a French anti-piracy law known as HADOPI (Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet), not a law dealing with WiFi networks.

It would of been interesting to know whether the WiFi was insecure?, did his wife/ex-wifi illegal connect to his wifi? Did he not change the encryption key after separating?  

Does lead to the through what happens when partners seperate and they have been using WiFi, the encryption key should be changed to prevent the ex-partner from reconnecting and downloading illegal material as revenge.