Famous reformed hacker Kevin Mitnick told a 400-strong audience at the ITWeb Security Summit yesterday that he detected a number of 'open` wireless networks - networks not using Wired Equivalency Privacy (WEP) encryption - belonging to many high-profile technology companies in Sandton, including ITWeb`s own network.
He demonstrated that even wireless networks using encryption can be easily cracked into in a matter of minutes.
Mitnick said he sought local legal counsel before conducting two 'wardriving` expeditions while in Johannesburg this week.
Wardriving involves searching for wireless networks by using a moving vehicle equipped with detection equipment.
The vulnerabilities
"Many companies around here use their name as the network name, so it is very easy to work out who they are when you detect a network," he said.
Mitnick also detected that many Sandton networks are using default settings, allowing a hacker to obtain default user names and passwords as well as IP address ranges by simply searching vendor sites or forums on the Internet.
Additional common problems include companies disabling WEP or WiFi Protected Access (WPA) encryption tools, not segmenting wireless networks from main networks, and having access points that transmit at highest power with multi-directional antenna.
He advised companies to enable media access control filtering and consider using third-party software to manage filtering.
The threats
Mitnick`s 'wardriving gear` comprised a laptop with a wireless network interface card, external antennas, scanning software, pigtail connectors, network analysis tools and WEP cracking tools.
Even a simple empty Pringles crisps tube, which he calls a 'cantenna`, can be modified into an antenna that doubles the range of the detection equipment.
Mitnick said hackers target wireless networks to transfer stolen data, store contraband data and access corporate networks.
"The threats may be competitors, criminals involved in fraud or business theft, curious hackers, sneaky neighbours trying to steal bandwidth or wardriving hobbyists hunting for open networks," he noted.
The countermeasures
The WPA class of systems designed to secure wireless networks is an improvement on WEP, said Mitnick, but noted that it is still possible to hack WPA-enabled networks.
WPA uses temporal key integrity protocol, a cryptology technology providing per-packet key mixing, message integrity checks and a re-keying mechanism.
Mitnick also urged companies to train users on wireless security and how to set up their systems, deploy virtual private network technologies to tunnel traffic, choose passwords that should be difficult to guess (such us combinations that cannot be found in a dictionary), change default network names, scan the network with analysis tools like Kismet, and place timers on access points rendering them undetectable when not being used.
He believes people should become more aware of the vulnerabilities of most public wireless hotspots. "Don`t think you can go into a wireless hotspot for a couple of minutes and check your e-mail without the possibility that someone on the network will be watching, or capturing your details."
Mitnick said the percentage of 'open` wireless networks he detected in Sandton was in line with the US statistics, where 47% of the 5.2 million wireless networks are insufficiently protected.
* Sinisa Jovanovic, ITWeb`s technology director, contributed to this story.
Related stories:
Architecture, vendors at fault, says MS architect
Mitnick warns of 'holes in human firewall`
Disruptive tech drives security
Share
