Skip to content Skip to main navigation

Business

A consulting company that trust its employees to do great work

Got a wireless network at home that’s not locked down?

By Disinformation 26 May 2012 38

On one of my forays around the Internet, looking for things of interest in an otherwise boring lunch hour, I discovered the WiGLE project’s map of the world’s wireless networks.  Of course, I looked to see if mine had been mapped. It was. This isn’t surprising as the project apparently has been running for about twelve years.  I’m near enough to a major road.

It’s no big deal as far as I’m concerned. My wireless network is very well protected and I knew that anyone wanting to leech bandwidth would have quite likely discovered the easier open networks that exist within cooee of my house.

If your potential for paranoia is dying to get out, head to http://www.wigle.net/gps/gps/Map/onlinemap2/ and type Canberra in the google search bar down the bottom. Have a look at the suburbs on the map.  There are some interesting things which I’ll point out.  The main routes through Canberra appear to have been comprehensively mapped.  That’s rather logical if someone is just cruising around for the hell of it.  If you look closely, you’ll see some of the list of networks follow bikepaths, so someone has been riding around with, presumably, their phone running one of wigle’s android wardriving applications going.

Some suburbs are almost untouched. Some suburbs appear to have been almost comprehensively surveyed,  It has also been done within this year if you filter results on years.  It appears that there has been a bit of interest in mapping Canberra’s wireless networks in 2012.  It also appears that if you’re in any sort of dead end street, you’re unlikely to be detected.

Even some of the apartment complexes in the areas of higher density housing have been mapped so someone has occasionally gone to the trouble of cruising through blocks of units.

The graphs that show encryption usage on the networks as a whole is encouraging. People appear to be getting the message. Encryption is there, so you should probably use it as most devices these days have a wireless capability inbuilt.

The number of contributors to the project has grown massively in the last few years as standalone programs to take advantage of the gps and wireless capabilities of a mobile data connected device have  been exploited for the use of this project.

Some of the wireless network names are amusing.  I spotted “I can hear you having sex” and “Asio surveillance van” with a few more highly offensive ones scattered in amongst it all.

Check out your house if you’ve got a wireless network. Make sure it is definitely encrypted with at least WPA or TKIP and preferably WPA2. Then you can ignore the WiGLE project and get on with your life.

But this might stir up the paranoid, so I figured I’d mention it.  🙂

What’s Your opinion?


Please login to post your comments, or connect with
38 Responses to
Got a wireless network at home that’s not locked down?
Filter
Showing only Website comments
Order
Newest to Oldest
Oldest to Newst
Baldy 1:43 pm 29 May 12

There are some really amusing names for wi-fi in there. One i FOUND (CAN’T REMEMBER WHERE) WAS “yAY. wI-FI”.

thatsnotme 9:28 am 29 May 12

p1 said :

Anyone know it “but my wifi was open, so it could have been anyone” is a legit defense in court? They recently brought in laws specifically requiring you to lock your car when you go in to buy petrol – as far as I know there is no such requirement to secure access to the interwebz.

I just read this story, which seems to suggest that at the moment, nobody really knows – it’s never been tested in court.

http://www.computerworld.com.au/article/425898/copyright_warning_issued_public_wi-fi_network_operators/

POK 8:31 pm 28 May 12

kos you should not be so eager to share your knowledge. Are you really going to look someone in the eye after their life has been turned upside down because some freak in a van downloaded lots of child pornography via their link? As others have noted, cracking wpa2 is enough of a pain that its worth advising people to do it. Have a google for some “TOR” horror stories to see what being an open relay for every Tom Dick and Harry can really end like.

dvaey 2:00 pm 28 May 12

Dilandach said :

To sum up what the ultra paranoid should do:

Toss the wireless and buy a cable.

FTFY

thatsnotme 1:53 pm 28 May 12

I’ve always found this illustration of complex passwords vs long passwords interesting – http://xkcd.com/936/ Basically, you don’t have to put together a password that’s chock full of different character sets to come up with something that’s virtually uncrackable.

p1 1:52 pm 28 May 12

I considered the raft of things like MAC address filtering, and found it interferes the with main reason I have a wireless router in the first place – so that random people visiting my house can use their phones/tablets/laptops/ipods/etc on the interwebz.

I do however have a quite long pass phrase (still words found in the dictionary) which no one (who I am unlikely to tell it to) will guess it any time soon.

I also live in a quiet back street in a quiet neighbourhood full of old people. No script kiddies live within range – I think I would be a whole lot more paranoid if I lived in a apartment complex.

johnboy 1:36 pm 28 May 12

Jivrashia said :

You’re a closet nerd JB, that’s what we think.

Closet nerd???? I’m the goddam king of the nerds and don’t you go forgetting it!

Jivrashia 1:24 pm 28 May 12

johnboy said :

locking the router to only talk to known MAC addresses?

Goddamit, beaten to it!

johnboy said :

What do the nerds think…

You’re a closet nerd JB, that’s what we think.

johnboy said :

[Note to the less technical, a Media Access Control address is unique to every network interface and nothing to do with Apple]

However, Apple devices do also have MAC address, just as any other network device.

johnboy said :

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

True. The first pain is whether people know how to find out their MAC address either through their device, or via their home modem-router.

Yes, spoofing is also relatively easy because MAC address isn’t encrypted regardless of whatever encryption method you employ (e.g. WPA2, which is the recommended method). It is only hoped that it will deter script kiddies and mildly curious neighbours.

JitterBlip 1:17 pm 28 May 12

Wow. Thanks for the advice about SSID broadcasting and MAC address filtering, the latter of which is indeed

johnboy said :

a spectacular pain in the arse

.

Increasing the length and complexity of my WPA2 passphrase and dropping MAC address filtering sounds good to me.

http://blogs.technet.com/b/steriley/archive/2007/10/16/myth-vs-reality-wireless-ssids.aspx

johnboy 1:03 pm 28 May 12

Dilandach said :

Effective but not a solution in itself. They can be spoofed.

If I had already got into your network but faced that, I’d just do some packet sniffing to work out the MAC addresses on the network.

That’s what I was thinking. Not worth the significant inconvenience.

Grrrr 1:02 pm 28 May 12

johnboy said :

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

Correct. Intruder just changes their MAC Address to one observed to be allowed. MAC filtering and turning off DHCP will each only slow an attacker for mere seconds.

WPA2 + decent passphrase is this best defence. Everything else is a waste of time.

Dilandach 1:02 pm 28 May 12

johnboy said :

Jivrashia said :

The other way to increase your home WiFi security is to filter via MAC address.

This allows only devices you own/know onto your home network, and denies all others.

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

Basically out of the box encryption is like not having security screens on every door and window.

For most threat environments you’ll probably be OK.

Having WPA2 on and switching off your wireless when you’re not using it is enough for most circumstances.

Most people are looking for open or WEP encrypted connections, if they see WPA2 they’ll just move on to an easier target.

To sum up what the ultra paranoid should do:

* Change the SSID from default as well as the password
* Disable SSID broadcasting
* Turn it off when you’re not using it
* Disable DHCP
* Use a long random passphrase (remember dictionary brute forcing)
* Limit the signal strength
* Check the logs occasionally
* Put on MAC filtering

johnboy 12:56 pm 28 May 12

Jivrashia said :

The other way to increase your home WiFi security is to filter via MAC address.

This allows only devices you own/know onto your home network, and denies all others.

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

Basically out of the box encryption is like not having security screens on every door and window.

For most threat environments you’ll probably be OK.

Dilandach 12:55 pm 28 May 12

johnboy said :

What do the nerds think about locking the router to only talk to known MAC addresses?

[Note to the less technical, a Media Access Control address is unique to every network interface and nothing to do with Apple]

Effective but not a solution in itself. They can be spoofed.

If I had already got into your network but faced that, I’d just do some packet sniffing to work out the MAC addresses on the network.

Jivrashia 12:50 pm 28 May 12

The other way to increase your home WiFi security is to filter via MAC address.

This allows only devices you own/know onto your home network, and denies all others.

Deref 12:45 pm 28 May 12

johnboy said :

What do the nerds think about locking the router to only talk to known MAC addresses?

It’s certainly another layer of protection – not infallible, but every little bit helps if you’re securing your network.

johnboy 12:43 pm 28 May 12

What do the nerds think about locking the router to only talk to known MAC addresses?

[Note to the less technical, a Media Access Control address is unique to every network interface and nothing to do with Apple]

poetix 12:40 pm 28 May 12

I just upgraded from a tinfoil to an aluminium foil beanie so I should be right.

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2018 Riot ACT Holdings Pty Ltd. All rights reserved.
the-riotact.com | aboutregional.com.au | b2bmagazine.com.au | thisiscanberra.com

Search across the site