26 May 2012

Got a wireless network at home that's not locked down?

| Disinformation
Join the conversation
36

On one of my forays around the Internet, looking for things of interest in an otherwise boring lunch hour, I discovered the WiGLE project’s map of the world’s wireless networks. Of course, I looked to see if mine had been mapped. It was. This isn’t surprising as the project apparently has been running for about twelve years. I’m near enough to a major road.

It’s no big deal as far as I’m concerned. My wireless network is very well protected and I knew that anyone wanting to leech bandwidth would have quite likely discovered the easier open networks that exist within cooee of my house.

If your potential for paranoia is dying to get out, head to http://www.wigle.net/gps/gps/Map/onlinemap2/ and type Canberra in the google search bar down the bottom. Have a look at the suburbs on the map. There are some interesting things which I’ll point out. The main routes through Canberra appear to have been comprehensively mapped. That’s rather logical if someone is just cruising around for the hell of it. If you look closely, you’ll see some of the list of networks follow bikepaths, so someone has been riding around with, presumably, their phone running one of wigle’s android wardriving applications going.

Some suburbs are almost untouched. Some suburbs appear to have been almost comprehensively surveyed, It has also been done within this year if you filter results on years. It appears that there has been a bit of interest in mapping Canberra’s wireless networks in 2012. It also appears that if you’re in any sort of dead end street, you’re unlikely to be detected.

Even some of the apartment complexes in the areas of higher density housing have been mapped so someone has occasionally gone to the trouble of cruising through blocks of units.

The graphs that show encryption usage on the networks as a whole is encouraging. People appear to be getting the message. Encryption is there, so you should probably use it as most devices these days have a wireless capability inbuilt.

The number of contributors to the project has grown massively in the last few years as standalone programs to take advantage of the gps and wireless capabilities of a mobile data connected device have been exploited for the use of this project.

Some of the wireless network names are amusing. I spotted “I can hear you having sex” and “Asio surveillance van” with a few more highly offensive ones scattered in amongst it all.

Check out your house if you’ve got a wireless network. Make sure it is definitely encrypted with at least WPA or TKIP and preferably WPA2. Then you can ignore the WiGLE project and get on with your life.

But this might stir up the paranoid, so I figured I’d mention it. 🙂

Join the conversation

36
All Comments
  • All Comments
  • Website Comments
LatestOldest

There are some really amusing names for wi-fi in there. One i FOUND (CAN’T REMEMBER WHERE) WAS “yAY. wI-FI”.

p1 said :

Anyone know it “but my wifi was open, so it could have been anyone” is a legit defense in court? They recently brought in laws specifically requiring you to lock your car when you go in to buy petrol – as far as I know there is no such requirement to secure access to the interwebz.

I just read this story, which seems to suggest that at the moment, nobody really knows – it’s never been tested in court.

http://www.computerworld.com.au/article/425898/copyright_warning_issued_public_wi-fi_network_operators/

kos you should not be so eager to share your knowledge. Are you really going to look someone in the eye after their life has been turned upside down because some freak in a van downloaded lots of child pornography via their link? As others have noted, cracking wpa2 is enough of a pain that its worth advising people to do it. Have a google for some “TOR” horror stories to see what being an open relay for every Tom Dick and Harry can really end like.

Dilandach said :

To sum up what the ultra paranoid should do:

Toss the wireless and buy a cable.

FTFY

I’ve always found this illustration of complex passwords vs long passwords interesting – http://xkcd.com/936/ Basically, you don’t have to put together a password that’s chock full of different character sets to come up with something that’s virtually uncrackable.

I considered the raft of things like MAC address filtering, and found it interferes the with main reason I have a wireless router in the first place – so that random people visiting my house can use their phones/tablets/laptops/ipods/etc on the interwebz.

I do however have a quite long pass phrase (still words found in the dictionary) which no one (who I am unlikely to tell it to) will guess it any time soon.

I also live in a quiet back street in a quiet neighbourhood full of old people. No script kiddies live within range – I think I would be a whole lot more paranoid if I lived in a apartment complex.

Jivrashia said :

You’re a closet nerd JB, that’s what we think.

Closet nerd???? I’m the goddam king of the nerds and don’t you go forgetting it!

johnboy said :

locking the router to only talk to known MAC addresses?

Goddamit, beaten to it!

johnboy said :

What do the nerds think…

You’re a closet nerd JB, that’s what we think.

johnboy said :

[Note to the less technical, a Media Access Control address is unique to every network interface and nothing to do with Apple]

However, Apple devices do also have MAC address, just as any other network device.

johnboy said :

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

True. The first pain is whether people know how to find out their MAC address either through their device, or via their home modem-router.

Yes, spoofing is also relatively easy because MAC address isn’t encrypted regardless of whatever encryption method you employ (e.g. WPA2, which is the recommended method). It is only hoped that it will deter script kiddies and mildly curious neighbours.

Dilandach said :

Effective but not a solution in itself. They can be spoofed.

If I had already got into your network but faced that, I’d just do some packet sniffing to work out the MAC addresses on the network.

That’s what I was thinking. Not worth the significant inconvenience.

johnboy said :

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

Correct. Intruder just changes their MAC Address to one observed to be allowed. MAC filtering and turning off DHCP will each only slow an attacker for mere seconds.

WPA2 + decent passphrase is this best defence. Everything else is a waste of time.

johnboy said :

Jivrashia said :

The other way to increase your home WiFi security is to filter via MAC address.

This allows only devices you own/know onto your home network, and denies all others.

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

Basically out of the box encryption is like not having security screens on every door and window.

For most threat environments you’ll probably be OK.

Having WPA2 on and switching off your wireless when you’re not using it is enough for most circumstances.

Most people are looking for open or WEP encrypted connections, if they see WPA2 they’ll just move on to an easier target.

To sum up what the ultra paranoid should do:

* Change the SSID from default as well as the password
* Disable SSID broadcasting
* Turn it off when you’re not using it
* Disable DHCP
* Use a long random passphrase (remember dictionary brute forcing)
* Limit the signal strength
* Check the logs occasionally
* Put on MAC filtering

Jivrashia said :

The other way to increase your home WiFi security is to filter via MAC address.

This allows only devices you own/know onto your home network, and denies all others.

It is, however, a spectacular pain in the arse, technically beyond the vast majority of end users, and still prone to spoofing I believe?

Basically out of the box encryption is like not having security screens on every door and window.

For most threat environments you’ll probably be OK.

johnboy said :

What do the nerds think about locking the router to only talk to known MAC addresses?

[Note to the less technical, a Media Access Control address is unique to every network interface and nothing to do with Apple]

Effective but not a solution in itself. They can be spoofed.

If I had already got into your network but faced that, I’d just do some packet sniffing to work out the MAC addresses on the network.

The other way to increase your home WiFi security is to filter via MAC address.

This allows only devices you own/know onto your home network, and denies all others.

johnboy said :

What do the nerds think about locking the router to only talk to known MAC addresses?

It’s certainly another layer of protection – not infallible, but every little bit helps if you’re securing your network.

What do the nerds think about locking the router to only talk to known MAC addresses?

[Note to the less technical, a Media Access Control address is unique to every network interface and nothing to do with Apple]

I just upgraded from a tinfoil to an aluminium foil beanie so I should be right.

Grrrr said :

Hrmm, I think it’s time I got around to disabling SSID broadcasting on my router… :-O

That won’t help secure you. Sniffers hear your SSID and other details on regular frames as well as beacons.

WPA2, long and random passphrase (and vulnerable implementation of WPA turned off if it exists) is what you want.

Not having the wireless hand out IPs can’t hurt also, not that a quick sniff wouldn’t work out whats on the network anyway.

Hrmm, I think it’s time I got around to disabling SSID broadcasting on my router… :-O

That won’t help secure you. Sniffers hear your SSID and other details on regular frames as well as beacons.

WPA2, long and random passphrase (and vulnerable implementation of WPA turned off if it exists) is what you want.

Disinformation11:30 am 28 May 12

kos said :

Why should you have WPA2 (or more) encryption on your wireless network? It is trivial to crack and consumer grade access points will not lock out brute force attacks or even notify that their has been mulitiple failed login events. .

Please supply details of your methodology and experience with cracking WPA2 and also the time you took ot achieve this?
There’s a world of difference between reading about a new attack vector in a news article and actually doing it in the wild.
You carelessly failed to mention the corresponding issues of standard SSIDs and weak passphrases which are still necessary to gain a foothold. Or the fact that it can only be cracked by the average joe if it is a dictionary word or very short. Never mind the massively parallel computing facilities you’ll need to attempt brute force attacks on something that even approaches the medium length Pre-Shared key passphrases that WPA2 can handle.
If you were even equivalent to an IT security professional’s bootlace you wouldn’t be expousing illogical theories that are undermined by multiple instances of prosecutions of people who have utilised unsecured wireless networks in the UK and USA. Defending yourself to the tune of tens of thousands of dollars in legal fees because someone used your unsecured or undersecured wireless home network is somehow preferable to you, instead of using an optimised password and WPA2?

These scenarios are possible because they have actually happened and will no doubt happen again as long as people open themselves up for exploitation.
I’m yet to hear of one instance internationally where someone decided to spend the time and money to crack WPA2 even to basic levels just to steal some bandwidth, much less send threatening emails to the US President.
Even some consumer level wireless routers can be single tick box configured to Force VPN over wireless.
The most basic protection for consumer levels of risk needs to be higher than none. There is still plenty of no protection out there and the incentive to steal bandwidth has dropped in accordance with free access at cafes and restaurants, not to mention affordable data plans which arrived with the introduction of smart phones.

Go read some Bruce Schneier and learn something.

Boy, the house behind mine is called Party Central. Thankfully they are very quiet parties because I haven’t heard anything.

noticed lots of green at the suburbs with low education…

cool – mine’s not on there.

Interesting, all my neighbours are listed but mines missing.

I note theres a part on that site where members can register as part of a group. Maybe we should make a RiotACT group and show those yanks whos boss.

I’ve got a 15dbi omnidirectional on my roof. I can detect around 100 wireless networks around, although I haven’t used the antenna in nearly 2 years. There were a lot of people using WEP and I was able to connect and use their internet. If I was particularly devious I could have just sit on their network sucking up packets, changing the DNS settings on the wireless router to my own DNS in order to point to my own false sites. Various nasty things that could be done.

Gungahlin_Bob10:50 am 27 May 12

Thatsnotime,

I concur that WPA2 is not trivial to break.

First of all anyone running WEP now, is waiting for a break in, usually from school age kids plying and learning their craft and earning street cred as a hacker. WEP can be broken in a few minutes with the correct tools.

As for WPA/WPA2, similar methods can be employed. However it as most have known it takes many more hours, and requires large amounts of traffic to transferred over a link for it to work with these methods. Someone who downloads large amounts of torrent/movies, would provide this traffic quantity. The chances of someone sitting outside your house for hours/days on end is unlikely. The real possibility is someone in the same building (e.g. office) or in houses close to you that are getting your signal. On the whole it is unlikely….To reduce your chances, select the highest security method your wireless allows…e.g. WPA2 instead of WPA.

However the WPS hack is more prevalent. Agreed it still needs a few hours, but the number of early wireless access points that have WPS, do not actually disable WPS when you turn them off. (this still might be the case with some new ones as well- especially the cheaper end of the market) . I believe some of the later routers have fixed this issue, but we have several years of routers out there that have WPS, and that accounts for a lot.

Part of the issue is that many households do not upgrade their routers regularly with most households running the original Wireless access point because its too hard to change and the family friend who set it up originally is not around. Or they implement WEP because they could not get one of their laptops (usually the kids pass me down laptops) to work with WPA, so they opt for WEP.

Finally we have the lack of complexity in the WPA password, with many using a simple, easy to remember password or using all numbers, quite often their phone number.

Using a phrase password like J8$3ld98iUp30+-g3K*#o98 is going to be a lot harder for dictionary or number bruteforce attacks. However, this password is hard to remember, just as hard to type and get right, but it has to be done. Even if they do not want to have a complex password like the above, even something like #Love2Th3World! would be better than many of the passwords I have seen used. Making sure that Symbols, numbers and upper/lower characters are used.

I use an Wireless access point with custom firmware, that I know has the WPS turned off.

As for the original statement, about stirring up the paranoid, I don’t think this is the case…..people need to know…..it does happen….and no I don’t work for any retailer looking to boost their sales….

Regards

Bob

kos said :

Why shouldn’t you share your internet with your neighbours…..

?

I would suggest that this is one pretty good reason : http://www.huffingtonpost.com/2011/04/24/unsecured-wifi-child-pornography-innocent_n_852996.html

thatsnotme said :

kos said :

Why should you have WPA2 (or more) encryption on your wireless network? It is trivial to crack and consumer grade access points will not lock out brute force attacks or even notify that their has been mulitiple failed login events. Combine that with most users having no idea about an attack or how it could happen, why do it?

Why shouldn’t you share your internet with your neighbours who might not be able to afford 30-60 a month to check their emails every few days, or to the random user who walks past to check on google maps for directions?

It’s silly to think that encrypting your network will stop the localized bad guys doing anything to your hosts; the majority of the threats come from the internet, not locally (don’t get me started on Bulgaria). Better advice would be to put your wireless access points into a DMZ or utilize the local firewalls that every operating system comes with combined with AV on all the hosts in the network. I don’t know about your neighborhood, but my local area isn’t hosting any malware or C&C servers. I’ve yet to see an intrusion in Australia where the threat came from a wireless user entering a non encrypted wireless home network.

I certainly wouldn’t say WPA2 is ‘trivial’ to crack. The only major flaw is that WPS (wireless protected setup) has been hacked, leading to an attacker possibly accessing your network in a few hours. Disabling WPS fixes that issue, newer routers probably have fixes in place to avoid the flaw, and it’s unlikely that crack is going to be made by someone driving by.

Brute force attacks are only effective against very weak passwords. Look at this table – http://lastbit.com/psw.asp It doesn’t take a whole lot of extra complexity to make a brute force attack almost impossible, and completely impractical for anyone just looking to steal someone’s bandwidth.

The idea that you should just share your bandwidth with anyone who wants to use it is a bit silly as well. If you’ve got neighbours who can’t afford their own connection, just let them know what your key is. Most people have data limits on their internet plans – do you really want to just give people the ability to blow your data limit by running their torrents over your network? Not to mention the issues with copyright that are then pinned against your connection. I don’t know about you, but I’d rather not have to explain that it wasn’t actually me seeding the latest new release summer blockbuster when the movie studio’s lawyers come knocking.

For me, securing my network isn’t about minimising the risk of virus infection – it’s about controlling who uses my data, and what it’s used for.

The comment about having to explain the torrent in court when the studio comes knocking is an interesting one.

Anyone know it “but my wifi was open, so it could have been anyone” is a legit defense in court? They recently brought in laws specifically requiring you to lock your car when you go in to buy petrol – as far as I know there is no such requirement to secure access to the interwebz.

kos said :

Why shouldn’t you share your internet with your neighbours who might not be able to afford 30-60 a month to check their emails every few days, or to the random user who walks past to check on google maps for directions?

Sure, why not? I’ll leave the key to my wine cellar available too, just in case any poor person passing fancies a bottle or two.

Twit.

Very interesting website. I notice our street has only been partially mapped via a footpath that disects it but I can also see some networks for neighbours in the same street but which are flagged about 60 to 70 metres away in another street.

What’s the bet that networks with names like default or dlink etc are the ones that are worth trying to crack first. I imaging a large number haven’t even bothered to set a password let alone a secure one.

Best option is if you are building a new house or extension run cable. Bit harder to retrofit but often possible and it doesn’t slow your download speeds.

Anyway, any chance of someone removing this post before our neighbours see it and change their passw……….

kos said :

Why should you have WPA2 (or more) encryption on your wireless network? It is trivial to crack and consumer grade access points will not lock out brute force attacks or even notify that their has been mulitiple failed login events. Combine that with most users having no idea about an attack or how it could happen, why do it?

Why shouldn’t you share your internet with your neighbours who might not be able to afford 30-60 a month to check their emails every few days, or to the random user who walks past to check on google maps for directions?

It’s silly to think that encrypting your network will stop the localized bad guys doing anything to your hosts; the majority of the threats come from the internet, not locally (don’t get me started on Bulgaria). Better advice would be to put your wireless access points into a DMZ or utilize the local firewalls that every operating system comes with combined with AV on all the hosts in the network. I don’t know about your neighborhood, but my local area isn’t hosting any malware or C&C servers. I’ve yet to see an intrusion in Australia where the threat came from a wireless user entering a non encrypted wireless home network.

I certainly wouldn’t say WPA2 is ‘trivial’ to crack. The only major flaw is that WPS (wireless protected setup) has been hacked, leading to an attacker possibly accessing your network in a few hours. Disabling WPS fixes that issue, newer routers probably have fixes in place to avoid the flaw, and it’s unlikely that crack is going to be made by someone driving by.

Brute force attacks are only effective against very weak passwords. Look at this table – http://lastbit.com/psw.asp It doesn’t take a whole lot of extra complexity to make a brute force attack almost impossible, and completely impractical for anyone just looking to steal someone’s bandwidth.

The idea that you should just share your bandwidth with anyone who wants to use it is a bit silly as well. If you’ve got neighbours who can’t afford their own connection, just let them know what your key is. Most people have data limits on their internet plans – do you really want to just give people the ability to blow your data limit by running their torrents over your network? Not to mention the issues with copyright that are then pinned against your connection. I don’t know about you, but I’d rather not have to explain that it wasn’t actually me seeding the latest new release summer blockbuster when the movie studio’s lawyers come knocking.

For me, securing my network isn’t about minimising the risk of virus infection – it’s about controlling who uses my data, and what it’s used for.

kos said :

Why should you have WPA2 (or more) encryption on your wireless network?

Like the lock on your front door – it’ll keep the honest people out. With so many networks around, the bandwidth bandits will go for the easier stuff.

Fascinating stuff, Disinformation. Thanks for posting. 🙂

Why should you have WPA2 (or more) encryption on your wireless network? It is trivial to crack and consumer grade access points will not lock out brute force attacks or even notify that their has been mulitiple failed login events. Combine that with most users having no idea about an attack or how it could happen, why do it?

Why shouldn’t you share your internet with your neighbours who might not be able to afford 30-60 a month to check their emails every few days, or to the random user who walks past to check on google maps for directions?

It’s silly to think that encrypting your network will stop the localized bad guys doing anything to your hosts; the majority of the threats come from the internet, not locally (don’t get me started on Bulgaria). Better advice would be to put your wireless access points into a DMZ or utilize the local firewalls that every operating system comes with combined with AV on all the hosts in the network. I don’t know about your neighborhood, but my local area isn’t hosting any malware or C&C servers. I’ve yet to see an intrusion in Australia where the threat came from a wireless user entering a non encrypted wireless home network.

Holden Caulfield11:36 pm 26 May 12

I’m not too far from a main road, but haven’t been mapped just yet.

Mine appears to be missing. But I guess I live on a back street.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.