One of the factor I will need to cover is the question "Is wireless insecure?" we know the answer is yes, we know about vulnerabilities and exploits that affect the wireless LANs, we see paper published about them etc. So what I need to answer is not only is there insecurity in wireless networks but there are incidents of people using these exploits in the real world.
Here are examples I have come across which I think prove the point that wireless exploits are being used but also people are not doing enough to protect they networks and there can be serious consequences to having a WiFi network hacked.
We have the granddad of the privacy concerns when Google was found to be not only locating wireless access points to speed up the fixing of location, but also capturing wireless packets containing data.
This was reported in the Register in June 2010 in the UK
http://www.theregister.co.uk/2010/06/09/google_wi_fi_sniffing/
There is also the recent reported case where burglars where caught using WiFi as reported on the Infsec Island blog. http://www.infosecisland.com/blogview/20757-Wireless-Security-Wi-Fi-Hacking-Burglars-Get-Busted.html
This is similiar to the TK Maxx security breach in 2005 & 2006 when hackers broke in and stole the records which included millions of credit card numbers via a WiFi network. http://www.sec.gov/Archives/edgar/data/109198/000095013507001906/b64407tje10vk.htm
Other examples I have found are listed below, but if you know of other cases with reference links can you please send the links to me by sending me a tweet to @GeraintW
November 2003 in Toronto, Canada, a man was arrested with a WiFi-enabled laptop in his car - and his pants down. He was wardriving and tapping into unprotected wireless networks. Ultimately, however, he was charged not for that, but for the illegal paedophile pornography he was in the process of downloading. http://www.theregister.co.uk/2003/11/26/wifi_hacker_caught_downloading_child/
July 2005, a UK man was fined £500 after a British jury found him guilty of using a neighbourhood wireless broadband connection without permission. Gregory Straszkiewicz, 24, was also sentenced to a 12 months conditional discharge after he was convicted of dishonestly obtaining an communications service and related offences at London's Isleworth Crown Court. http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/
March 2006, an Illinois man was fined for piggybacking on a Wi-Fi System. David M. Kauchak, 32, pleaded guilty in Winnebago County to remotely accessing someone else's computer system without permission. http://www.governmentsecurity.org/forum/topic/20063-illinois-man-fined-for-piggybacking-on-wi-fi-service/
April 2007, Two people have been cautioned for using people's wi-fi broadband Internet connections without permission. Neighbours in Redditch, Worcestershire, contacted police on Saturday after seeing a man inside a car using a laptop while parked outside a house. He was arrested and cautioned. A woman was arrested in similar circumstances in the town earlier this month. http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm
Oct 2008, Lincolnshire police have arrested a 16-year-old suspected of hacking into next door's Wi-Fi after his neighbour complained the connection was running a bit slow. Police arrived at the lad's house after nine o'clock on Sunday October 5, and arrested him under the Computer Misuse Act 1990. http://www.theregister.co.uk/2008/10/30/wi_fi_arrest/
A pub owner has been fined £8,000 because someone unlawfully downloaded copyrighted material over their open Wi-Fi hotspot, according to the managing director of hotspot provider The Cloud. http://www.zdnet.co.uk/news/networking/2009/11/27/pub-fined-8k-for-wi-fi-copyright-infringement-39909136/
April 2011. A man recently found a swarm of armed federal agents descending on his Buffalo, New York, home after a neighbour accessed his open Wi-Fi network and used it to download child pornography. http://www.theregister.co.uk/2011/04/26/open_wifi_networks/
July 2011 Barry Ardolf, 46, repeatedly hacked into his next-door neighbour's WiFi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden. http://arstechnica.com/tech-policy/news/2011/07/wifi-hacking-neighbor-from-hell-gets-18-years-in-prison.ars
Tuesday 27 March 2012
Thursday 22 March 2012
InfoSec Island: Wireless Security: Wi-Fi Hacking Burglars Get Busted
This is a copy of a blog from the Infosec Island http://www.infosecisland.com/ that I have been given permission to reprint here. All rights to the content of the blog belong Infosec Island and Robert Siciliano. I would like to thank Infosec Island and the author for the permission to reprint the blog.
I was looking to blog on some incidents involving Wireless Security when I found this entry, and I think it adequately shows why wireless security is important to implement correctly.
Wireless Security: Wi-Fi Hacking Burglars Get Busted
Thursday, March 22, 2012
Contributed By: Robert Siciliano
http://www.infosecisland.com/blogview/20757-Wireless-Security-Wi-Fi-Hacking-Burglars-Get-Busted.html
In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along with 41 burglaries.
They are alleged to have stolen at least $750,000 in funds, computer equipment and other items.
SeattlePI reported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated.
Once a Wi-Fi network is located through wardriving, hackers can remotely watch for information that may reveal the network’s security setup and vulnerabilities.
Police said they used sophisticated electronic equipment to break through networks using a 12-year-old security algorithm — Wired Equivalent Privacy, or WEP protection.
Right out of a Mission Impossible movie these burglars hacked wireless networks and stole employee and client data. Their burglaries involved stealing laptops they used those laptops to crack payroll accounts and steal banking information.
Once they turned the data into cash they turned the cash into prepaid debit cards.
Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security. But WEP has been cracked, hacked, and decimated.
Home or office Wi-Fi with a WPA encryption is better. Wi-Fi Protected Access is a certification program that was created in response to several serious security vulnerabilities researchers found in WEP, the previous system. WPA and WPA2 are tougher to crack, but not impossible.
Small businesses would fare much better if they also installed a monitored security alarm system with cameras. It’s not enough to lock doors especially if there is thousands of dollars in technology waiting for a burglar to take it.
Robert Siciliano is a personal and small business security specialist to ADT Small Business Security. Disclosures
I was looking to blog on some incidents involving Wireless Security when I found this entry, and I think it adequately shows why wireless security is important to implement correctly.
Wireless Security: Wi-Fi Hacking Burglars Get Busted
Thursday, March 22, 2012
Contributed By: Robert Siciliano
http://www.infosecisland.com/blogview/20757-Wireless-Security-Wi-Fi-Hacking-Burglars-Get-Busted.html
In Seattle 3 men have been arrested for hacking the wireless networks of over a dozen businesses along with 41 burglaries.
They are alleged to have stolen at least $750,000 in funds, computer equipment and other items.
SeattlePI reported their Wi-Fi hacking techniques included “wardriving,” in which hackers mount a high-strength Wi-Fi receiver inside a car and search for networks that can be penetrated.
Once a Wi-Fi network is located through wardriving, hackers can remotely watch for information that may reveal the network’s security setup and vulnerabilities.
Police said they used sophisticated electronic equipment to break through networks using a 12-year-old security algorithm — Wired Equivalent Privacy, or WEP protection.
Right out of a Mission Impossible movie these burglars hacked wireless networks and stole employee and client data. Their burglaries involved stealing laptops they used those laptops to crack payroll accounts and steal banking information.
Once they turned the data into cash they turned the cash into prepaid debit cards.
Wired Equivalent Privacy was introduced in 1997 and is the original version of wireless network security. But WEP has been cracked, hacked, and decimated.
Home or office Wi-Fi with a WPA encryption is better. Wi-Fi Protected Access is a certification program that was created in response to several serious security vulnerabilities researchers found in WEP, the previous system. WPA and WPA2 are tougher to crack, but not impossible.
Small businesses would fare much better if they also installed a monitored security alarm system with cameras. It’s not enough to lock doors especially if there is thousands of dollars in technology waiting for a burglar to take it.
Robert Siciliano is a personal and small business security specialist to ADT Small Business Security. Disclosures
Tuesday 20 March 2012
Projects
As part of the wireless research I am doing towards my MSc by research, I am working on the following projects
Wardrive comparison of Luton, UK. I did a survey of Luton in 2005 and I am now in the process of completing another war drive of Luton. The aim is to identify changes over the 6 years between the war drives to see what has changed, in particular I'm looking at the number of access points with no security to see if the home user have become more security aware. As part of this I have developed a series of python scripts that take the results for scans by viStumber and put them into a PostgreSQL database and the retrieve data depending on criteria and plot the results on Google earth using a custom set of icons to identify, channel, frequency band, security etc. and a KML file.
Development of an utility that sits in the notification area and monitors the number of wireless networks on each channel, this is to aid in the selection of channel to reduce collisions due to nearby networks on the same channel.
A series of war drives to monitor whether access points are being left on or being turned off when not in use. As part of this looking at developing a sensor that can be left running to monitor wireless network up/down time using a micro PC with wireless card.
I will also be doing some work on security testing of wireless networks and access points testing the encryption and features such as WPS to evaluate the tools and whether the videos on You Tube are acting as a good source of material for those wishing to abuse wireless networks.
Some of the software I an working may be made into open source tools and hence my interest in bitbucket and git.
There are a couple of ideas that I want to develop involving mobile wifi hotspots involving tablets, smart phones and the use of 3G dongles and security configuration. Especially since BYOD is becoming more popular, although this won't be part of my MSc by research I will be covering all my activities in wireless networking in this blog.
Wardrive comparison of Luton, UK. I did a survey of Luton in 2005 and I am now in the process of completing another war drive of Luton. The aim is to identify changes over the 6 years between the war drives to see what has changed, in particular I'm looking at the number of access points with no security to see if the home user have become more security aware. As part of this I have developed a series of python scripts that take the results for scans by viStumber and put them into a PostgreSQL database and the retrieve data depending on criteria and plot the results on Google earth using a custom set of icons to identify, channel, frequency band, security etc. and a KML file.
Development of an utility that sits in the notification area and monitors the number of wireless networks on each channel, this is to aid in the selection of channel to reduce collisions due to nearby networks on the same channel.
A series of war drives to monitor whether access points are being left on or being turned off when not in use. As part of this looking at developing a sensor that can be left running to monitor wireless network up/down time using a micro PC with wireless card.
I will also be doing some work on security testing of wireless networks and access points testing the encryption and features such as WPS to evaluate the tools and whether the videos on You Tube are acting as a good source of material for those wishing to abuse wireless networks.
Some of the software I an working may be made into open source tools and hence my interest in bitbucket and git.
There are a couple of ideas that I want to develop involving mobile wifi hotspots involving tablets, smart phones and the use of 3G dongles and security configuration. Especially since BYOD is becoming more popular, although this won't be part of my MSc by research I will be covering all my activities in wireless networking in this blog.
Sunday 18 March 2012
Wireless tools - Part 1
Here are just some of the tools that I am using for research and consultance work in wireless network, in particular I specialise in 802.11 WiFi network
Linux Equipment
Windows
Linux Equipment
- Acer Laptop
- Backtrack 5r1
- Alfa AWUS036H
- Motorola Xoom
- Wolf wifi pro
- wi-fi analytics
- wifi analyzer
- wardrive
- etc
Windows
- HP Laptop
- Wi-Spy DBX
- Chanalyser
- InSSIDer
- vistumbler
- commview for wifi
- Airpcap TX
Monday 5 March 2012
BitBucket
Just signed up for a Bitbucket repositories too do the development of the software artefact for my MSc by Research, this will be a private repository until after I have completed the MSc when I will probable make the tool open source.
Friday 2 March 2012
Resurrection
Meet with my supervisor to resurrect my MSc by Research into Wireless security, particular around home based wireless networks, my studying has been been in a hiatus due to leaving the University where I was a staff member and starting work in the commercial world and confusion of status and fees, hope to get it resolved shortly.
Will be transferring my blog of the research activities from the pebblepad blog to this blog.
Will be transferring my blog of the research activities from the pebblepad blog to this blog.
Subscribe to:
Posts (Atom)