[ISN] Students to study Valley's vulnerability to hackers

InfoSec News isn at c4i.org
Tue Mar 8 02:19:31 EST 2005 

http://www.eastvalleytribune.com/index.php?sty=37537

EMILY BEHRENDT
March 7, 2005

The Tempe-based University of Advancing Technology will be
"wardriving" around Valley neighborhoods this year.  Although it
sounds hostile, it's actually for the benefit of Valley residents.
 
Wardriving is a term for finding unsecured wireless access points, 
which are locations where an outsider could hack into a home computer 
system because the wireless signal extends beyond the walls of the 
house. Any laptop that comes in range of the signal would be able to 
connect to the home computers and potentially create all kinds of 
mischief, including identify theft or other Internet crimes. 

Most people who have wireless computer networks inside their homes are 
not even aware they are at risk, said Raymond Todd Blackwood, IT 
manager for the university. 

The school's students have begun working on a research project to find 
home computers that are vulnerable and try to increase awareness of 
the problem in the community. 

"What we are not doing is, we are not connecting at all," Blackwood 
said. "All we are doing is looking for those signals being broadcast." 

For the project, the Valley has been split into four grids, with 
Central Avenue and Camelback Road dividing the quadrants. The students 
are responsible for covering their assigned area within four weeks, 
and their data are collected monthly. Their findings are then put into 
a database, and the unsecured access points are plotted on a map. 

When the students wardrive, they use an IBM laptop running the Linux 
operating system, a program called Kismet and a global positioning 
system locator. The locator is a hand-held device that plugs into the 
laptop through a serial port and logs the specific coordinates. 

The students drive around neighborhoods, apartment complexes and 
business areas, and the Kismet program will tell them when a wireless 
frequency is present. 

"This would kind of be equivalent to a person walking around and 
checking to make sure people's front doors are locked," Blackwood 
said. 

During the first two weeks of the project, students discovered 16,000 
unsecured access points, and they had only covered one third of the 
Valley. 

The students will collect the data every month for one year. Once all 
the data are collected and logged, the school will determine the 
highest concentrations of unsecured wireless access points. 

They will then launch a campaign in those neighborhoods to educate 
people about the potential risks. 

"We want to know how popular wireless is, and how much do people know 
about it." Blackwood said, "We are trying to provide clear, easy to 
understand information, and increase sophistication and awareness in 
the community." 

Securing a network is simple. Under the network settings, there is a 
button to "enable wireless encryption protocol." 

Simply clicking that button will encrypt the signal and secure the 
network, Blackwood said. The default option leaves the network 
unsecured.

More information about the ISN mailing list