Sponsor for PC Pals Forum

Author Topic: Wireless boom is hackers' heaven  (Read 729 times)

Offline Clive

  • Administrator
  • *****
  • Posts: 75152
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Wireless boom is hackers' heaven
« on: January 22, 2005, 17:46 »
09:30 22 January 2005
New Scientist

Setting up a wireless computer network at home has never been easier or cheaper. But the freedom to access the internet from anywhere in or around the house comes at a cost: Wi-Fi networks leave home computer users open to unprecedented levels of security breaches.

Wi-Fi's radio signals carry up to 100 metres, and anyone within range can pick them up. That is good news if you want to take your laptop into the garden and connect to the net from there. But radio waves are no respecters of household boundaries, and that can leave the network wide open to an intruder operating a Wi-Fi PC from a neighbouring house, or sitting in a car outside.

Most Wi-Fi networks come with security features to prevent this. But they are not always easy to implement, so many users do not bother. And with Wi-Fi sales rocketing (see graph), this carefree approach is worrying security experts.

For an example of what could go wrong, consider the case of a man who was arrested in Toronto 12 months ago after committing a minor traffic offence. It turned out he had been driving around looking for unsecured domestic networks that he then used to access paedophile websites via his Wi-Fi laptop. If he had not been caught in the act, the trail of evidence would have led instead to the people whose networks he had hijacked.

Firewall software
Domestic Wi-Fi networks are centred on a box called a wireless router, which is usually connected directly to a broadband modem to give access to the internet. The router uses a low-power radio signal to transmit and receive data through Wi-Fi transceiver cards installed in computers anywhere in the house.

Wireless routers come with a battery of built-in security features. To prevent people hacking in from the net they run firewall software that blocks off attempts to gain access via the modem. On the Wi-Fi network side, encryption can be used to scramble the radio dialogue between the router and the computers. This should prevent eavesdroppers reading emails, documents or any other material as it passes round the network. The router can also be set up to ensure that only computers authorised by the user are able to use the network.

At least, that is the theory. In reality many Wi-Fi users are not bothering to activate these features after completing the daunting process of getting Wi-Fi up and running, says Ollie Whitehouse of Symantec Antivirus in London, UK. Others are failing to change the default passwords set by manufacturers - passwords that all hackers know.

Ross Anderson of the University of Cambridge, UK, says it is simpler for the home user to run a Wi-Fi network on the security defaults that are set when it comes out of the box. The software that comes with Wi-Fi cards and routers is often complicated to configure, and turning on the encryption can stop the network working unless people know what they are doing.

Wi-Fi cellphones
And it is not just home users who are leaving themselves wide open. Consultancy firm KPMG says that around 70% of the Wi-Fi networks on commercial premises it polled in 2002 were not encrypted, leaving companies vulnerable to email snooping, password pilfering and data theft.

Phone calls could also be vulnerable to eavesdropping. People are increasingly using voice over IP (VOIP) software to make phone calls over the internet via their computer headsets. The danger can only increase when Wi-Fi enabled mobile phones - which can be used to make free VOIP calls when in range of a Wi-Fi network - come onto the market this year.

Security experts say that the solution lies in educating people about the risks involved in going wireless, and making the software to protect them easier to use. "Blaming the consumer is wrong. Computers are too complex for the average person to secure. It's the fault of the network, the operating system and the software vendors," says California-based cryptographer Bruce Schneier in the US. "Products need to be secure out of the box," he says.

Unless security is improved, new breeds of computer virus that target the multiple devices connected to Wi-Fi networks are likely to emerge, says Mikko Hypponen of Finnish security firm F-Secure. A virus picked up via email could, for instance, disable a Wi-Fi cellphone or perhaps divert calls to others on its owner's contacts list.

Schneier is pessimistic. "When convenience and features are in opposition to security, security generally loses. As wireless networks become more common, security will get worse."

http://www.newscientist.com/article.ns?id=dn6894


Show unread posts since last visit.
Sponsor for PC Pals Forum