[1]News / Sniffing Out Open Networks * [2]Home * [3]Publications * [4]Projects * [5]Presentations * [6]In The News * [7]Speaking Schedule Sniffing Out Open Networks [8]CTIMES -- Hazimin Sulaiman WHAT do you get when you put a dozen hackers on a bus armed with wireless fidelity (Wi-Fi)-enabled notebooks and an arsenal of hacking tools? Lots of red flags. How many? During the 20-kilometre ride through Kuala Lumpur, Dhillon Kannabhiran, chief executive officer of event co-organiser Hack In The Box (M) Sdn Bhd (HITB, hackinthebox.org), said 2,758 wireless networks (infrastructure or ad hoc) were located, an increase from last year where over 1,500 networks were detected. Quite distressing is the fact that a significant number of detected networks are vulnerable to abuse. Conducting the war driving session and training were Anthony Zboralski, co-founder of Hacker Emergency Response Team (Hert) and chief technology officer of PT Bellua Asia Pacific with Jim Geovedi, Hert member and security consultant at PT Bellua Asia Pacific. Zboralski and Geovedi introduced hands-on techniques for war driving, wireless hacking and security, data analysis and mapping to a group of corporate and government participants. The results from this wireless security survey are, for the most part, confidential and will be handed to Malaysian Commission on Multimedia and Communications (MCMC). The war driving exercise was a follow-up to the one conducted last September, where the results were also handed to MCMC. According to Geovedi, of the 2,758 networks found, 935 client probes were conducted and 92.71 per cent of the networks were found to be insecure while 48.29 per cent of the networks were configured without encryption. This is alarming since the findings showed that operators or owners of the 48.29 per cent of the insecure networks are aware of security risks and tried to encrypt their networks using the now-obsolete wireless equivalent privacy (WEP) encryption mode. Of the over 2,000 networks, 44.41 per cent had no encryption while only five per cent used WEP, temporal key integrity protocol (TKIP) and Wi-Fi protected access (WPA); 1.48 per cent used WEP, TKIP, WPA, pre-shared key (PSK) and advanced encryption standard-counter with CBC-MAC (AES-CCM); and only 0.47 per cent used WEP, WEP40 , TKIP and WPA. The crucial point of this exercise is not to create panic but to enhance awareness and better educate the participants about network security. By default most wireless networks are just insecure and can compromise confidential data and information. Ignorance is the biggest enemy, thanks to the relative ease of setting up a wireless access point (WAP). Some WAP in offices are set up without the knowledge of the system administrators, which is bad news. Since there is a tendency for people to think that when a WAP supports WPA, WPA2 or WEP (encryption protocols) security, they need not worry about security issues. Getting a hotspot up and running but not referring to the manual shows that many have the insecure default settings on. This includes leaving the password and username as administrator, and not changing and hiding the default service set identifier (SSID) which is the WAPs radio broadcasted signature. This fear is supported from the findings where 348 networks or 12.61 per cent of them are still using their default network name or SSID. Ideally, an SSID should not pin-point the true ownership/location of the WAP to make it harder on malicious eavesdroppers or hackers. People in general expect technology to just work and cant be bothered with user guides. Most non-IT folks would take the device out of the box, plug the cables in, turn it on and see what happens. Most times, everything will work and users just leave it as it is, Dhillon explained. Some mistakenly think the effective range of their hotspot (around 100 feet indoors and 300 feet outdoors) wont compromise their networks. Hackers with extended range external Wi-Fi antennas can even detect WAPs on a moving bus. There were instances where the WAP of one organisation can accidentally be accessed by another organisation, thanks to Windows XPs user-friendly Wi-Fi connection manager. This presents a security risk if the WAP allows cross-bridging into networks. It boils down to a lack of awareness and overall lackadaisical attitude towards computer security, Dhillon said. Most times, people arent aware their devices arent secure by default and they need to set up WEP, change the SSID, turn off broadcasting, etc, to achieve the level of security as advertised on the box. Malicious hackers or crackers have different motives. Some are serious while others explore it for fun. Making it harder for them to access and abuse your wireless network can discourage crackers to look for other easier targets. Securing any network or device does require some effort and planning, but it isnt rocket science. Whether its easy or difficult to break into a particular network also depends on a number of factors, and your security is only as strong as your weakest link, Dhillon added. As part of the HITBSecConf2006 to be held in September, Hack In The Box is planning another war driving session dubbed War Driving.Gov. This event is different as it is open to the elite Malaysian law enforcement and Government officials, and will cover the .gov areas of Putrajaya and Cyberjaya. Copyright © 2004-2006. Jim Geovedi <[9]jim@geovedi.com> Page last modified on July 03, 2006, at 11:32 AM References 1. http://jim.geovedi.com/News 2. http://jim.geovedi.com/Main/HomePage 3. http://jim.geovedi.com/Publications/HomePage 4. http://jim.geovedi.com/Projects/HomePage 5. http://jim.geovedi.com/Presentations/HomePage 6. http://jim.geovedi.com/News/HomePage 7. http://jim.geovedi.com/SpeakingSchedule/HomePage 8. http://www.ctimes.com.my/Highlight/20060622085716/wartrevamp 9. mailto:jim@geovedi.com