Monday, 18 June 2007

Badly Secured Home WiFi

It still amazes me just how many home users and small businesses out there are using unsecured home wireless networks. I visited a friend over the weekend to help out with a computer related issue, I booted my laptop up, enabled my WiFi card, and I immediately picked up several WiFi access points, of which two had no encryption, no passcode required! One of the SSIDs was even called "NetGear". I also picked up a small business WiFi network called "WEP", oh dear, lol.

It's frightening what some home WiFi users are leaving themselves exposed to. Anyone in the vicinity could easily use their WiFi connection to visit "dodgy and illegal websites”, should this activity be discovered by the authorities, who will track them down through via the ISP, it will be on the WiFi owner’s door which the police will be knocking. It also begs the question if someone wanted to "get away" with visiting dodgy websites, by deliberately leaving open their WiFi connection and playing the fool, could that be a legal "get out" clause? Who knows when it comes to computer crime laws, which is well behind the times in the UK, in a population approaching 60 Million, there is on average of less than 10 people a year being prosecuted under the Computer Misuse Act, with computer related crime tending to end up under either theft or fraud charges and convictions.

So just how are these unsecured WiFi networks originating, as these days most ISPs are providing WiFi routers with the ISP configuration with WPA encryption preloaded as standard. Well it comes from the days when all the ISPs provided, was a standard DSL router/modem, home users would themselves trundle down to their local PC Supermarket (*cough* rip off *cough*), and buy a WiFi Router from the ever NOT so knowledgeable shop assistant. They would just chuck the WiFi Router in at home and just be ever so pleased to eventually get it working with their DSL provider and home devices. So they either over look security completely or probably didn't know enough about it or even how to go about configuring it.

Perhaps manufactures should enable security by default on their products (some may do now). As a Cisco Security guy, I know the Cisco line is to disable all security features by default on their Routers, Cisco take the stance it’s the end user's responsibility to secure the product for use. However I must admit I don't know what the default settings are like on the Cisco LinkSys range of products these days, which is aimed at home market.

Whether or not manufacturers are providing enough security as default on their WiFi products is just half the puzzle, as I think it's more about getting the message "home" to those "home users" - forgive the pun.

7 comments:

Alex said...

What's the risk of someone using your unsecured home WiFi for dodgy websites?

Dave Whitelegg CISSP said...

Good question, lets say someone were to hi-jack your internet bandwidth via WiFi, and that someone then used your bandwidth to go to an illegal child porn website or chat group or even share or download illegal files via peer to peer, and this activity is just happens to be monitored by the child protection police. The first thing the police would do is track and trace it back through the big digital foot print left behind with all internet use, the IP address. The IP internet address foot print left would be the public IP address of your WiFi Router, so not the individual PC. The WiFi Router uses NAT or PAT, so all devices going out onto the net would has same Public IP Address on the Internet. So when the police check the public IP address with the ISP which owns (leases) it, the ISP provides your name and addresss. So I guess it would be up to you to prove it wasn't your PC that was using at the time, which could be some serious hassle and stress.

Any if you think the police don't monitor this sort of thing, just check out this report from the UK today, when an internet Child Porn ring was smashed.

http://news.bbc.co.uk/1/hi/uk/6763817.stm

ibneko said...

Dodgy and illegal websites, as well as more dangerous things, like using the unsecured wireless to pull identity theft crimes (buying things with a stolen credit card) or maybe, if the owners have file sharing turned on, perhaps stealing sensitive information.

It'd also important for end-users to change the default router password - sometime ago, there was a nasty javascript hack of some sort that would modify routers, so victims would be routed to phishing sites when they tried to access, say, a banking site.

I think one of the best solutions to this (and the other security problems) is that the manufacturers should have the router redirect all requests to itself, and present the user with a very simple "Please set up your router now" set of pages, forcing the user to enter in a non-default password (which they can write down somewhere in the manual, maybe, if necessary) and enable the security options (WPA, hopefully) before they can actually get online.

Alex said...

Hi Dave,

Technical ability of the threat agent, nor the impact isn't the question - the question is the frequency with which threat events (contact AND action) are occurring.

I'd say you have a MUCH better chance of winning the lottery. At least that has priors. And when the frequency of threat events are close to zero, so becomes the probability of a loss event.

Dave Whitelegg CISSP said...

The technical ability of this kind of threat is that it doesn't require any technical ability to use someone else's unsecured Wifi broadband connection. I don't have any evidence to support the frequency, but I do suggest the frequency of...lets call it "WiFi hi-jacking" is far more wide spread than people realise. Home novices, who lets face it have unsecured wifi network will not be able to detect foreign use of their bandwidth, until they get a fine through the post for downloading an illegal movie.

I see a general trend by various authorities to "crackdown" and control internet privacy and the illegal stuff, hence the increase anti-trust news stories, so perhaps this issue will be brought into the fore in the future.

At the end of day, everyone should ensure they secure they wifi network.

ibneko, yeah I always change the user accounts from the default for that reason.

Amanda Shaw said...

We recommend a content filtering solution when installing public wireless hotspots in order to protect both the venue and their visitors from being offended by viewing any websites they deem unsuitable. www.letsgowifi.co.uk

Maox said...

On a lighter, less conspiratorial (is that a word?) note, I've been wondering if there's any way to send a message or start chatting with someone I'm "stealing" wifi from when I'm outside with my laptop. I usually surf Wikipedia or such, and want to thank the person in question that he lets me use his connection (where I live, there is a MUCH higher probability of people intentionally leaving their connections unsecured rather than being ignorant of the fact that they do). I'd like to say "thanks" and "btw, you DO know your connection is unsecured, huh?". You know, common courtesy and at the same time informing them just in case. Anyone knows how one would go about doing that? (Assuming that they are using their computers at the time)

Also, is there a possibility for them to get at my computer and rummage through stuff in any way?