|
Wireless EXPOSED
'War drivers' find most wireless networks are open to invaders 09/05/2002
Parkies, your electronic pants are down. Coppellites, yours, too. And
you folks in Addison, you may have as many Internet security
vulnerabilities as you do chain restaurants.
In fact, across the Dallas-Fort Worth area in a mere three days last
week, a team of researchers located about 1,000 wireless Internet access
points, and most of them are wide open for hacking.
Using a technique called "war driving," security consultants from Crowe,
Chizek and Co. LLP documented weaknesses in the wireless networks
springing up here and across the country.
Thousands of local residents now use Wi-Fi, or 802.11b, technology to
spread Internet access throughout their homes. Hundreds of businesses
have installed access points as a convenience to employees and visitors.
But with the freedom of wireless Internet access comes danger.
The Dallas area is awash in radio waves from these networks. They leach
out of high-rises. They hover around apartment complexes. They cloak
entire subdivisions. Many are broadcasting signals up to 300 feet from
their owners' base stations.
The majority of Dallas-area Wi-Fi kits are being installed without the
most basic security precautions. That means anyone with a laptop and a
$60 wireless computer card could break into hard drives and networks.
"People need to think of security when they set these things up," says
Jill Frisby, one of the Crowe Chizek consultants. "Not as an
afterthought."
Sensitive business records are being exposed daily. Homeowners are
risking outsiders using their broadband connections to exchange
unauthorized movies and music, as AT&T Broadband recently warned
customers.
Malicious hackers could launch nationwide attacks by just walking by
with the right equipment. Or evildoers could harvest credit card,
banking and other sensitive information from unsuspecting users.
The Wi-Fi security scene is a nightmare. And a couple of hours watching
the Crowe Chizek team is a slap of reality.
Driving north of downtown Dallas, Ms. Frisby guides her Mercury
Mountaineer up Central Expressway, then west on Mockingbird toward
Highland Park. Consultants Greg Moody and Damon Cortesi hook their
laptops to $100 wand antennas that they wiggle as they ride along.
Within seconds, the laptops begin burping and beeping. Each sound
indicates a wireless network. A GPS locator plots the detected points on
a roadmap. Meanwhile, NetStumbler software – a free program on the
Internet – checks each network's basic security settings. Open, free
access points show up as green balls on laptop-displayed maps. Secured
networks pop up in red.
By the time the van reaches Preston Road, Mr. Cortesi's map looks like a
Christmas tree. Dozens of wireless network access points have been
plotted. Most are "greenies" – ripe for intrusion.
Wireless access points without any security installed will show up on a
war driver's laptop as network names. Team members have noticed some
people are using home telephone numbers and e-mail addresses as network
names.
"That's not too smart," Mr. Cortesi says.
Basic security involves enabling encryption software called Wired
Equivalent Privacy, or WEP, and changing default settings, such as the
network's name and password. But most people don't use WEP, and many
don't even change the default names and passwords in the kits they buy.
"Anyone trying to break in is going to go for the lowest-hanging fruit,"
Mr. Cortesi says.
And there is plenty to be grabbed, evidently. The Crowe Chizek team had
spent the previous night cruising Coppell. Gossip on an Internet
discussion board had indicated freeloaders were finding plenty of
security soft spots there.
Sure enough, within a three-mile radius of a single residential
subdivision, the team detected 226 access points. Only 40 had WEP
enabled.
"It was as if the homeowners' association had a fire sale on unsecured
wireless equipment or something," Mr. Moody says.
As the van motors through the Park Cities, that same ratio is evident in
dozens of access points that blip onto the laptop screens.
And paydirt is struck again at the Addison Circle near Quorum Drive and
the Dallas North Tollway. As the van takes a leisurely spin past the
ground-level shops and spanking new, three-story apartment buildings,
the laptops burst into a noisy frenzy – 25 hits in a matter of seconds.
Only 10 had WEP.
"This area is pretty rich," Mr. Moody says.
Replies Mr. Cortesi: "You could pull over here and whip out your laptop
and be hooked right into people's hard drives. It's wide open."
The Dallas results aren't unusual. Since April, Crowe Chizek's
information risk-management team has conducted wireless security surveys
in eight cities.
Louisville, Ky., had the least wireless networks, with a total of 116
detected. Atlanta had more than 1,000. In three days of navigating
Dallas-Fort Worth, the security consultants charted 988. Of that figure,
704 weren't using WEP and 354 were using default names and passwords
well known to hackers.
"In general, we've found that only about a third in any city have
bothered to change the defaults," says Ms. Frisby. "It appears people
are actually pulling this equipment right out of the box and just
slapping it in."
Equipment manufacturers bear some of the blame, she says. In an effort
to make wireless networking easy for consumers, instructions on early
wireless kits didn't emphasize security.
That's changing. Consumers and businesses are waking up to the security
risks inherent in wireless Internet access, says Ms. Frisby. In fact,
the ratio of secured to unsecured networks has increased slightly since
the team began its war drive publicity campaign in May.
"We've seen the number of secured networks going up," Ms. Frisby says.
"But there's a long way to go."
E-mail dbedell@dallasnews.com
|
