One of the factor I will need to cover is the question "Is wireless insecure?" we know the answer is yes, we know about vulnerabilities and exploits that affect the wireless LANs, we see paper published about them etc. So what I need to answer is not only is there insecurity in wireless networks but there are incidents of people using these exploits in the real world.
Here are examples I have come across which I think prove the point that wireless exploits are being used but also people are not doing enough to protect they networks and there can be serious consequences to having a WiFi network hacked.
We have the granddad of the privacy concerns when Google was found to be not only locating wireless access points to speed up the fixing of location, but also capturing wireless packets containing data.
This was reported in the Register in June 2010 in the UK
http://www.theregister.co.uk/2010/06/09/google_wi_fi_sniffing/
There is also the recent reported case where burglars where caught using WiFi as reported on the Infsec Island blog. http://www.infosecisland.com/blogview/20757-Wireless-Security-Wi-Fi-Hacking-Burglars-Get-Busted.html
This is similiar to the TK Maxx security breach in 2005 & 2006 when hackers broke in and stole the records which included millions of credit card numbers via a WiFi network. http://www.sec.gov/Archives/edgar/data/109198/000095013507001906/b64407tje10vk.htm
Other examples I have found are listed below, but if you know of other cases with reference links can you please send the links to me by sending me a tweet to @GeraintW
November 2003 in Toronto, Canada, a man was arrested with a WiFi-enabled laptop in his car - and his pants down. He was wardriving and tapping into unprotected wireless networks. Ultimately, however, he was charged not for that, but for the illegal paedophile pornography he was in the process of downloading. http://www.theregister.co.uk/2003/11/26/wifi_hacker_caught_downloading_child/
July 2005, a UK man was fined £500 after a British jury found him guilty of using a neighbourhood wireless broadband connection without permission. Gregory Straszkiewicz, 24, was also sentenced to a 12 months conditional discharge after he was convicted of dishonestly obtaining an communications service and related offences at London's Isleworth Crown Court. http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/
March 2006, an Illinois man was fined for piggybacking on a Wi-Fi System. David M. Kauchak, 32, pleaded guilty in Winnebago County to remotely accessing someone else's computer system without permission. http://www.governmentsecurity.org/forum/topic/20063-illinois-man-fined-for-piggybacking-on-wi-fi-service/
April 2007, Two people have been cautioned for using people's wi-fi broadband Internet connections without permission. Neighbours in Redditch, Worcestershire, contacted police on Saturday after seeing a man inside a car using a laptop while parked outside a house. He was arrested and cautioned. A woman was arrested in similar circumstances in the town earlier this month. http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm
Oct 2008, Lincolnshire police have arrested a 16-year-old suspected of hacking into next door's Wi-Fi after his neighbour complained the connection was running a bit slow. Police arrived at the lad's house after nine o'clock on Sunday October 5, and arrested him under the Computer Misuse Act 1990. http://www.theregister.co.uk/2008/10/30/wi_fi_arrest/
A pub owner has been fined £8,000 because someone unlawfully downloaded copyrighted material over their open Wi-Fi hotspot, according to the managing director of hotspot provider The Cloud. http://www.zdnet.co.uk/news/networking/2009/11/27/pub-fined-8k-for-wi-fi-copyright-infringement-39909136/
April 2011. A man recently found a swarm of armed federal agents descending on his Buffalo, New York, home after a neighbour accessed his open Wi-Fi network and used it to download child pornography. http://www.theregister.co.uk/2011/04/26/open_wifi_networks/
July 2011 Barry Ardolf, 46, repeatedly hacked into his next-door neighbour's WiFi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden. http://arstechnica.com/tech-policy/news/2011/07/wifi-hacking-neighbor-from-hell-gets-18-years-in-prison.ars
No comments:
Post a Comment