jiwire

A Wi-Fi network is the modern equivalent of a party line. In the same way that Sam and Ethel down the road could tap into your late night phone calls to L.L. Beanor Victoria's Secretand then discuss your predilections with your neighbors, so, too, can neighbors, network crackers, and scammers access much of the information you pass over a Wi-Fi network and use it to your disadvantage.

The information that flows over Wi-Fiwhether on your home or office network or at a hotspotis often privileged, private, or personal, or all three. It may be an email password that's being sent to a colleague, a picture of a baby you're sending to a family member, or a spreadsheet showing the next layoffs at your company. Most people want this information kept from all but the intended recipients.

Wi-Fi networking is inherently insecure. By that, we mean that the network is designed to connect you to a local network or the Internetnot to keep your particular information away from the eyes of others. Wi-Fi and its latest security and encryption updates described in this white paper try to protect network access but not necessarily the information that flows over that network.

Don't fool yourself into thinking that only a high-end cracker with sophisticated radio gear, an expensive laptop, and specialized software will be looking into a network. A used $200 laptop with a $10 Wi-Fi card and free software is quite effective and often used for these purposes.

Two primary threats bedevil Wi-Fi users on any network: sniffers, who intercept data and extract information from it; and rogue access points, also described more recently as "evil twins," that mimic a Wi-Fi network gateway and then fool you or your computer into providing secrets.

RISK: A sniffer can capture any unencrypted data and passwords passing across a Wi-Fi network, or an Ethernet to which the Wi-Fi access point is connected.

A third threat is more general but is aggravated by Wi-Fi networks: the proliferation of worms that spread viruses among machines on a network and the ability to probe other machines on a local network for weaknesses and information (including computers with active firewalls that are designed to protect such intrusion).

Wi-Fi uses radio waves to send data, and radio waves are notorious for penetrating beyond walls, floors, and ceilings. That's why Wi-Fi has had such success in spreading itself into millions of homes and businesses and tens of thousands of hotspots.

That same penetration, however, makes Wi-Fi ripe for monitoring. Someone interested in the data passing over a network need only be in the vicinity. For a hotspot, they could be sitting next to you; for a corporation, they might be sitting in a car on a public street with a powerful antenna that's not visible from the outside of their vehicle.

The basic fact is that unless you surround a building with a wire cage, signals leak and you must treat your access to the network as completely available to anyone within line-of-sight range.

And don't fool yourself into thinking that only a high-end cracker with sophisticated radio gear, an expensive laptop, and specialized software will be looking into a network. A used $200 laptop with a $10 Wi-Fi card and free software is quite effective and often used for these purposes.

On a network that employs none of the security methods we discuss in Section III, a sniffer need only intercept the wireless signals by joining or associating with the Wi-Fi network. (They can also plug into an Ethernet port if one is available.)

The sniffer can decode any data passing by into its original form, such as instant messaging conversations, Web site visits, email messages, and FTP (file transfer protocol) transfers (see Diagram 1).

Unfortunately, there are a host of free software packages available on the Internet for many platforms, including Windows, Macintosh, GNU/Linux, and Unix, that specialize in fi nding networks, extracting passwords and other data that passes in the clear.

Computer data can be easily intercepted using a number of free, readily available software packages commonly referred to as Stumblers, Snoopers, and Crackers.

Stumbling software just alerts the person running it to the existence of Wi-Fi networks, detailing their signal strength, network name, encryption status, and channel number.

Stumblers are available for all platforms, including handhelds, and are often used for the hobby called wardriving in which people pass the time by driving around and recording available Wi-Fi networks in businesses and homes.

If someone can connect to your network, they can view all of the data passing across it. This includes data that's encrypted: they may not be able to decipher what you're sending or receiving from a secure Web site, for instance, but they could snatch and use your email password if you aren't using APOP (Authenticated POP), which uses one-time passwords, or POP over SSL which encrypts a username, password, and all email messages in a session.

Unix and Linux distributions might employ tcpdump, a monitoring program that allows viewing of network data to determine which protocols are in active use, such as email or streaming media.

The Unix and Windows ntop utility collects data comprehensively, building a database as it works, and then presents a Web interface through which you can examine connections and traffic statistics. This is a way to learn more about which machines are on a network.

A dedicated password sniffer is called ettercapNG, and available for Unix, Mac OS X, and Windows. This program can automatically extract and capture passwords for many kinds of services.

The original method of encrypting a Wi-Fi network, WEP (Wired Equivalent Privacy), has to be found to have deep flaws that render it easy to crack. Its replacement, TKIP (Temporal Key Integrity Protocol) that's part of WPA and WPA2, has an easy-to-avoid flaw as well. (Both protocols are discussed later in Section III.)

Several programs include modules that acquire enough data from a Wi-Fi network encrypted with WEP to crack the key which renders the network's traffic completely transparent to a sniffer. The amount of data needed can vary from megabytes to gigabytes depending on when all of the Wi-Fi adapters on the network were updated.

TKIP passphrases can be cracked when you choose very short phrases entirely composed of words found in dictionaries.

"Evil Twins," also commonly referred to as "rogue access points," can be easily set up to trick your computer into connecting to the wrong network, at which point your data can be intercepted.

The sniffer listens to traffi c over an existing network, but one level up is the "evil twin:" a Wi-Fi signal that is disguised as the network you want to connect to. Your computer associates with this rogue access point, which then intercepts all data and relays it back and forth to the legitimate network without your knowledge (see Diagram 2). In the process, the evil twin can extract even more data from your computer and perform "phishing" attacks.

For instance, the evil twin can control what Web site appears when you enter a domain name. Enter "paypal.com" and instead of being taken to PayPal's secure Web page, the evil twin displays an unsecured page with a login prompt. An evil twin can also try to force software on your computer to re-connect to services that require passwords and extract them when they're re-sent.

RISK: An evil twin can intercept and redirect network traffi c in such a way as to fool software on your computer into revealing secrets, such as passwords and account information.

Evil twins can be set up using a piece of hardware near an existing network, but it's more likely to be software running on a laptop computer. There's no software that's purposely designed to be an evil twin, but most operating systems allow a computer to be turned into an access point through the wireless driver.

The evil twin is one of the greatest direct threats to a user's online identity and security, and has been seen more frequently as Wi-Fi becomes more popular.

We don't need to describe in great detail the well-known damage and loss of productivity caused by Internet-based wormsmalicious viruses that use resources on a computer to connect to other computers to spread themselves or other viruses.

A local network is a great place for viruses to spread, and on any Wi-Fi or Ethernet network, whether it has encryption enabled or not, all of your peers are as likely to infect you as you are them.

Even if you have a firewall installed, you may still be at high risk on a Wi-Fi network. Why? Because most users configure their firewall to allow machines on a local network, such as their home or work network, to have more privileges than computers or servers trying to reach your machine from the rest of the Internet.

Now think of the position in which a Wi-Fi network puts a laptop or handheld: it's on a local network, and your firewall permissions will give it the kind of access a trusted network would get.

Many Wi-Fi networks in public hotspots and other locations use the same range of private Internet protocol addresses that home and office networks employ, making those Wi-Fi networks appear exactly like each other to a firewall. (Many firewalls alert you to new networks, but you might ignore those prompts, turn them off, or click Yes when you should have clicked No.)

This allows entry for worms, as well as probes that try to find weaknesses in your system, or access shared network folders that you've failed to password protect.

A VPN can block this kind of subterfuge by rejecting or ignoring all attempts from machines on a local network to access your computer.