[ISN] Technology Experts: Local wireless networks at risk

InfoSec News isn at c4i.org
Mon Sep 19 02:08:58 EDT 2005


By Wendy Brown
The New Mexican 
September 18, 2005 

The Bull Ring restaurant in downtown Santa Fe has an outside patio
that is perfect for having lunch -- and it might be an equally fine
place for some leisurely hacking into wireless computer networks.

Eric Padilla and Chris Ernst of AirNet Security of Santa Fe used a
laptop computer Thursday to demonstrate how easy it would be to break
into many wireless computer networks in downtown Santa Fe. Standing
outside The Bull Ring, Padilla and Ernst did a quick search for
networks and found six in the area.

At least half of them were businesses, and without naming any names,
some were definitely the type of enterprises that would have sensitive
information about their clients.

None of the networks was totally open, but all but one of them used
WEP, or Wired Equivalency Privacy, as a security measure. Ernst and
Padilla said using WEP is like having a paper door on your home --
someone could blast through it with little time and effort.

Ernst and Padilla used a regular Microsoft program for a wireless
laptop computer to determine the security on the networks. They didn't
do any hacking.

Ernst said free WEP-cracking programs are available on the Internet
that also include step-by-step instructions on how to use them. Most
people could get through WEP security in 10 to 20 minutes, he said.

One network used TKIP, which stands for Temporal Key Integrity
Protocol. TKIP is the next generation of WEP security, Padilla said,
but tools are also available to break into that security measure as

The only security measure that isn't breakable yet is Advanced
Encryption Standard, or AES, Padilla said, but even systems using AES
are vulnerable at the point where people log on to the system.

"Nowadays, really no network is safe," Ernst said.

Padilla and Ernst said one reason hacking has become so easy is
because many hacking tools are free and available on the Internet.

The Remote Exploit Web site is one that makes many of them available,
Ernst said. For example, anyone can download the Auditor Security
Collection from that site and put it on a compact disc, he said.

The collection is a kind of "greatest hits" of wired- and
wireless-hacking programs, Ernst said, and it also contains
easy-to-use directions for the programs. Hackers usually use
wireless-hacking programs to gain access to a network and then attack
the wired portion, he said.

The top of the Remote Exploit Web site says: "We are just a group of
people that like to experiment with computers. We hope that we can
provide some information back to the public and support the ongoing
process of learning."

Max Moser, who founded the Remote Exploit Web site in 2001, said in an
e-mail that he doesn't support hackers at all, but thinks of the site
as a place to keep security-minded people up to date on what hackers
are capable of doing. He said he lives in Switzerland.

Moser said he believes the security on wireless networks is always as
good as its encryption, but many computer configurations are weak and
contain security holes. Attacks "can overcome most protections with
ease," he said.

Padilla said the Remote Exploit site is good for security people like
himself, but the downside is that it can help hackers find new ways to
break into networks.

And most hackers don't need any encouragement, Padilla and Ernst said.

"Hackers have nothing better to do," Ernst said. "Instead of hanging
out at the bar, they're hanging out at their buddy's house creating a
new hacking tool at 3 o'clock in the morning."

The hacking community constantly has the security community on the
defense, Ernst said.

Not everyone, however, agrees that wireless networks are that easy to

Al Catanach, owner of Computer Network Service Professionals, a
company that provides wireless-Internet service in Santa Fe, said his
system is secure because it uses AES and Data Encryption Standard and
a radio system that is hardwired to a customer's computer.

The radio authenticates to the CNSP network without requiring the user
to provide a user name and password, so the wireless portion is
seamless, Catanach said.

Catanach said he was a computer-security manager for the Army National
Guard for three years and is familiar with ways to keep networks
secure. That said, even he admits that if a hacker really wants to get
in, it's possible to find a way.

"You're never going to have a fool-proof system," Catanach said.  
Thankfully, most hackers are kids who are more interested in seeing if
they can crack a network than stealing anything or doing any damage,
he said.

Josh Dennis, who is in charge of security at Grappa Wireless of Santa
Fe, said his network uses three layers of security -- DES, a user name
and password that the radio authenticates automatically (without the
customer having to type anything into the computer) and a color-code

Dennis said the government has phased out DES for secret documents
because extremely powerful computers can penetrate it, but the average
hacker with a laptop would never be able to get through.

And Gabriel Garcia, a member of Best Buy's "Geek Squad" of
computer-security technicians, said he believes 64-bit WEP is secure.  
"It's extremely difficult to get into if it's set up correctly," he

Another sign that wireless-security awareness is up is that the
WorldWide WarDrive has come to an end, according to the organization's
Web site. The drive started in 2002 and encouraged people all over the
world to test the security measures of wireless systems, frequently
showing that people weren't even using basic security measures like

"By ending the project we aren't implying that WLANs (wireless
local-area networks) are now secure," a person who signed in as
"Roamer" said on the WarDrive site. "In fact they are far from it, but
organized efforts to raise further awareness are no longer necessary.  
The message is getting out in a number of ways, and we have done our

Even though security awareness is up, it also appears so is wireless
hacking -- even if it's now more difficult.

According to the Computer Security Institute/FBI 2005 Computer
Security Survey,

55 percent of businesses surveyed reported that someone had used the
company's computer network without authorization in the last year. Of
those, about 18 percent reported abuse of a wireless network, up from
zero percent in 2003 and every preceding year.

Abuse of a wireless network cost 639 surveyed businesses more than
$500,000, and the cost for all unauthorized access was more than $31
million, according to the survey.

Ernst and Padilla said they recommend that people, and particularly
businesses, get the strongest security measures available and then
install a monitoring system so they know if someone hacks into the
system and can figure out how to stop it from happening again.

Systems for households start at $99 for a year's worth of monitoring,
and business systems cost about $500 to start and $350 a month to run,
Ernst said. "It's a small price to pay," he said.

More information about the ISN mailing list