Which Wireless Network Are You On?

You don’t really know which wireless network you’re connected to.

Wireless security is a very difficult thing. I was reminded of just how difficult it can be by an article I read in the Los Angeles Times today. I can name my network whatever I want. I can call it “Linksys”, “D-Link”, “USC Wireless”– even though my router isn’t any of those brands. All of my Internet traffic goes through my wireless router, and if I wanted to, I could easily log it at the router level. That means URLs and timestamps for sure, and for unsecure pages, maybe the content and submitted data, too. Let’s take a look at just why security is so difficult and what kinds of attacks “hackers” can pull.

Millions of people use wireless on a regular basis.
And this number is expanding. “About 14.3 million American households use wireless Internet, and this figure is projected to grow to nearly 49 million households by 2010, according to JupiterResearch…” Millions of laptops are, at this moment, configured to automatically join networks called Linksys or D-Link when they are available.

People have come to expect public Wi-Fi.
In cafes, hotels, airports, and university campuses, there’s often an abundance of free Internet connections in the air. And this is definitely a good thing. It means more freedom, more choices, more connectivity and more information at our fingertips.

The basic scam: a hotspot that looks official, but isn’t.
The basic attack addressed in this article, which I think is a good one that will definitely be exploited more and more in the coming years, is setting up a fake access point. Once a computer connects to a hacker’s wireless network, the hacker immediately has access to the user’s Shared Folders on the network. Although it usually isn’t, this data could be valuable in itself. Furthermore, if any of these folders have write-access, the hacker could plant viruses and other malware in the folders, making it look legitimate: especially if he names the files to look like real files the user used to have! By default, there is no logging of this activity, so you can’t trace it back. And file creation and modification dates are easily spoofed as well. Additionally, the hacker could still allow Internet traffic to pass-though, so the user doesn’t see anything suspicious happening. But on the router, the hacker could easily log all the user’s activity, including private data.

Setting up a Wi-Fi trap is so easy, a child could do it.
“The actual tools you need, the software, the hardware, etc., to mount this sort of attack has become insanely easy to acquire…You need a laptop, wireless radio and the ability to download a free tool and run it. It literally is child’s play.” And I agree. It’s a good thing that manufacturers have made the process so easy. (If it were hard, some people would still do it, but the public might not be as aware that the risk exists!) But that also means that we all need to be much more aware of wireless security.

One letter might separate security from scam– but you might not even get that much.
The article cites the example of Mark Loveless, who “had two networks to choose between on his laptop screen– same name, one beginning with a lowercase letter, one with a capital. He chose the latter and, as he had done earlier that day, connected. But this time, a screen popped up asking for his log-in and password.” There’s nothing preventing me from setting up a similar scam, but naming the networks the same. There’s nothing stopping me from designing the log-in page to look exactly– pixel-for-pixel– like the official USC Wireless login. In other words…

There’s virtually no way to tell the difference between a legitimate hotspot and a hackers’.
The wide availability of the technology means we can all do what we want, but in public airspace, that means we can make our hotspots look 100% legitimate– and still track the data and traffic going through. Once I have that data, there’s nothing stopping me from exploiting it. Just a couple possible exploits have been dubbed “evil twin” and “man in the middle” attacks– you can search on Google for more info on these. The point is, in both cases and in others, there isn’t necessarily any indication that you’ve logged onto a fake network! So how can you be secure?…

You can encrypt your home wireless connection, but that only protects you when you’re at home.
If you only use your home wireless connection, that takes away your ability and freedom to roam around different locations and use public Wi-Fi. That’s not a compromise I’m willing to make, and therefore…

The only sure way I can see to secure your connection is to use a reliable VPN.
Virtual Private Networks, or VPNs, create a “virtual” network by connecting computers “privately” over the Internet. Since the connection goes across the Internet, it’s inherently insecure: but VPNs also encrypt all traffic, so any of the data intercepted by a hacker can’t be read. It’ll just look like mumbo-jumbo. I have one VPN network I can use: the USC VPN. It uses 168-bit 3-DES encryption. Other people probably don’t have access to one (I wouldn’t, if I weren’t a USC student). And so they’re stuck: there’s no way for them to get a secure wireless connection on the road.

What do you think? Are wireless networks really as insecure as they seem to me? Is there another way? Leave a comment.