Home | News | Hacking | Sciences | Technology | Ti 92 | Programming | Free articles | Links | Webmaster

BBC NEWS

Hackers take to the air
    Wednesday, 17 October, 2001, 14:43 GMT 15:43 UK

 
London city skyline
 

Data is out there if you know where to look for it
Wireless computer networks pose a threat to the security of anyone using them, warn security experts.


The typical places for base stations is against a wall or in a corner. Of course, this means it's broadcasting outside as well as inside


Gunter Ollmann, Internet Security Systems

Many organisations and individuals are turning to wireless networks because they are easy to set up, remove the need for expensive and unsightly cabling and make it much easier to re-arrange offices or computer equipment.
But the cost of this convenience can be a significant drop in security, particularly now that tools are available to let people spot and penetrate these wireless networks.

Information about unsecured wireless networks in major cities is already circulating on the net.

Cheap and popular

Over the last year, wireless, or WiFi, networks have been growing in popularity as the cost of the components to create them have dropped in price.

Now, a base station (that acts as the co-ordinator for a wireless network) and the cards that link computers to it, can be bought for a few hundred pounds. The networks are popular because they are so easy to set up. Any PC fitted with a wireless network card will automatically seek out and connect to any base station within range. The maximum reach of a WiFi, or 802.11b, network can be several hundred metres.

"WiFi networks are made to be convenient, and the security measures are designed with that in mind," said Gunter Ollmann, principal consultant in the security assessment arm at Internet Security Systems (ISS).

Weak encryption

Mr Ollmann said there were security measures built into the WiFi standard, but few were active when a wireless network was first turned on. For instance the encryption system built into Wifi, called Wired Equivalent Privacy, is switched off by default.

Cable spaghetti

Too many cables can be unsightly

Assessment work by ISS revealed that few people took the trouble to adjust security settings once the network was up and running, said Mr Ollmann. The lax security makes it easy for those inside the company to log on to the corporate network and get to work. But, said Mr Ollmann, it made it easy for outsiders to join the network too.
Serious weaknesses have been found in the algorithm WEP, one of the WiFi security systems, uses to encrypt data. WEP also sends important information about the keys being used to scramble data with every packet of data that is broadcast.

Inside and out

One research report described WEP's use of encryption as "fundamentally unsound". Software tools can be found online which gather up these packets and, given enough time, can work out the key needed to open them.
On a busy network, a day's worth of traffic would generate enough information to crack the packet key, said Mr Ollmann. Other tools circulating on the net make it easy to spot and home in on wireless networks. Many of these tools have been developed by concerned computer professionals to point up the weaknesses of WiFi.

Unwittingly, many companies are aiding those hunting for networks.
"The typical places for base stations is against a wall or in a corner," said Mr Ollmann. "Of course, this means it's broadcasting outside as well as inside."
In some cases those outside a building may enjoy better wireless network reception than those inside.

Hacking tools

This ease of discovery is being exploited by many hacking groups who are maintaining net-based lists and maps of wireless networks around the world.
One British-based group claims to have discovered more than 40 wireless networks in London. Anyone who spots a network in this way will gather important information about how it is configured, and whether the default security settings have been changed.
This "sniffing" of networks was totally passive and almost impossible to detect, said Mr Ollmann. It can put malicious hackers inside a corporate network, beyond any firewall that is designed to stop wire-based attacks.

Gathering similar information about cabled networks without being detected was much harder and would leave far more evidence, he said.

Anyone using a wireless network should do more to protect the network from casual abuse and malicious hackers, said Mr Ollmann.
WiFi networks should be corralled behind a separate firewall. Any data traffic passing betwen the wireless spur and the main data network should be closely watched, he recommended.
Companies should definitely use the encryption built into the WiFi specification, and consider imposing more of their own to put off casual hackers.

 

BBC NEWS