Wireless networks easy to hack

By Reuters
Las Vegas, 08 Aug 2005

Wireless Internet users may not know that it`s easy for outsiders to read their e-mail or scoop up passwords or other sensitive information.

Secretly using a stranger`s WiFi connection is so easy that sniffing out open connections has become a sport among computer hackers.

At a recent conference in Las Vegas, wireless network enthusiasts, known as "wardrivers", had two hours to find 1 000 wireless networks in one of many contests that test their prowess.

Hackers ogled high-powered antennas that can pick up signals from over a mile away, and promoted wardriving Web sites like that map millions of wireless access points, or hotspots, around the globe.

Hacking the Defcon conference`s own wireless network proved popular as well - organisers said they fended off 1 200 attempts to compromise network security.

Wardrivers say the goal is not to steal bandwidth or spy on unsuspecting Internet users, and they frown upon those who do so. Rather, they hope to convince consumers and equipment manufacturers to improve the dismal state of wireless security.

"We`re trying to raise awareness. Security, by default, should not be turned off," said an Edmonton, Alberta wardriver who goes by the name Panthera.


Wireless routers, many costing less than $100, enable consumers to surf the Web from their back yard or living room couch. With a range of several hundred feet, a WiFi signal can reach to the street or surrounding houses, allowing neighbours to get online too.

Equipment sellers like say they do a lot of business with truckers and Winnebago owners as well as war drivers.

"People think truckers just drink beer and eat chilli and belch, but 800 truck stops across the US have wireless access," said co-founder Matthew Shuchman.

Hotspot owners can set passwords, encrypt their traffic to deter eavesdroppers, or limit network access only to specified computers.

But most don`t have that kind of protection in place - a June 2004 wardrive of 230 000 hotspots conducted found that 62% were not encrypted.

Encryption won`t stop a determined hacker. Wardrivers say the WEP encryption standard used by many access points is easily crackable, though the recent WPA standard is tougher.

Open networks can expose sensitive information in homes, businesses and government offices.

A Michigan man in 2004 was convicted of using an unsecured network at a Lowe`s home improvement store to steal credit card numbers, while a Toronto man was charged in 2003 with downloading child pornography using a nearby wireless connection.

False security

Some wardrivers say manufacturers like Linksys, a division of Cisco Systems, are to blame because they don`t ship their products with security settings turned on and are more concerned with ease of use than security.

"They`re not taking care of their customers - they`re intentionally putting them in harm`s way," said RenderMan, a prominent wardriver who has logged 20 000 access points in Edmonton.

New Linksys routers allow consumers to set up a secure connection with other Linksys devices by simply pushing a button, said Mike Wagner, the company`s director of worldwide marketing. But Linksys, which accounts for 57% of the US consumer market, can`t ship its products with security settings turned on because most users won`t bother to change the default password, Wagner said.

"That pre-configured password will be the exact same on 500 000 wireless products that we ship every month. So that`s actually creating a false sense of security," he said.

Legal aspects of wardriving remain murky. While a variety of laws make it illegal to access a computer network without permission, very few have been tested in court.

Reading e-mail and other traffic on a wireless network could invite prosecution and it`s unclear if wardrivers are breaking the law when they use open networks for Internet access, said San Francisco lawyer Robert Hale.

In Tampa, Florida, a man was arrested in April and charged with unauthorised access to a computer network after police found him using a nearby hotspot without permission.

"It comes down to a policy debate about whether the Internet is open or not," Hale said at a Defcon forum.

RenderMan and other prominent wardrivers say people shouldn`t tap into open networks even if the owners don`t mind.

"We actively do not condone unauthorised use of people`s networks," said Andy Carra, who helps run the wardriving Web site.