[ISN] The War Driver Returns
InfoSec News
isn at c4i.org
Tue May 16 05:11:23 EDT 2006
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000422
David Ramel
May 15, 2006
Computerworld
I am back on the prowl. Stealthily I slide through the night,
searching for unprotected wireless networks. I find one!
And then I find hundreds more. Who cares? War driving is so 2004.
Wireless security has matured and moved on. When's the last time you
heard of a wireless hack? If it happens, it sure doesn't get any
publicity anymore.
But the news is chock-full of stolen laptops and other data breaches -
take a look at our Data Security Breaches page.
Why sit out in a parking lot for hours "sniffing" wireless traffic
when you can just walk in and grab the finance guy's laptop? Or surf
your county's Web site for all kinds of personal data?
Also, increased awareness about the much-stronger WPA2 encryption spec
and other precautions have cut down on all the fun - er, I mean, made
us all safer.
For sure, there are plenty of targets out there. Two years ago, I went
war driving on my route to work and found more than 100 wireless
networks. This year, I found more than 400.
Back then, about 70% weren't encrypted; this year it was around 55%.
So even though a higher percentage of networks are encrypted, there
are now many more total unencrypted networks.
Is there really a wireless security problem?
So, why the lack of hacks? Is wireless security still a problem?
"I think the problem is relatively small and dropping," said Gartner
Inc. analyst John Pescatore. He said a big part of the problem a
couple of years ago was that companies weren't supporting wireless
networking but users were doing it anyway, setting up rogue access
points with no central security management or strategy.
Now, Pescatore said, companies are supporting wireless and following
security precautions. For example, he said businesses are more aware
that they need something "stronger than password authentication," so
he is seeing more companies rely upon secondary authentication.
Fellow Gartner analyst Ken Dulaney agrees. "This has become less of an
issue," he said, for two primary reasons. First, "WPA2 has given us
very good security, and the devices themselves are better protected
than in past years."
He said there are now multiple levels of security implemented and
extending to the desktop itself - such as PC firewalls - instead of a
reliance on perimeter security only. "People are beginning to realize
that protecting the environment is not working," he said.
Farpoint Group analyst and Computerworld columnist Craig Mathias said
in an e-mail response that the wireless security threat should be
divided into curious, casual hackers and professional data thieves. As
for the casual hacker, he said, "I think the war-driving days are
over; there's no real sport left in that, and simple WPA or WPA2
security are quite effective here."
Mathias said the bigger threat is the professional data thieves, and
they don't typically attack wirelessly. "Rather, they use physical
theft, social engineering and exploiting known weaknesses to get what
they want. The best way to counter this is to stop thinking about
wireless security and start thinking about network security. This
means end-to-end VPN-based encryption, encrypting sensitive data
anywhere it is stored, and using strong two-factor authentication on
every sensitive resource."
Any wireless hacks out there?
So, aren't there any big wireless hacks out there? "I don't know of
any \[recent\] significant wireless breaches," said consultant Jack
Gold, of J. Gold Associates, via e-mail. He said most companies have
gotten pretty good at security.
"Not only have they turned on the security on the AP, but they also
generally run some sort of firewall and isolate each location from the
rest of the network," he said. "So any 'wireless hackers' would
generally have to break through the wireless security, \[and\] then
also have to break through the firewalls to get beyond the local
network. Not impossible, but this is a hard thing to do, and do you
really want to be sitting in a car outside a shopping center trying to
hack in for a long period of time? Probably not."
Dulaney also didn't know of any such wireless breaches.
Pescatore didn't know of any documented cases, but he has his
suspicions. "I have to believe that in some cases there have been
targeted wireless sniffing attacks or man-in-the-middle attacks," he
said. He suspects this because he knows of breaches where the thief
left no electronic trail, like there usually is in a wired intrusion.
He said the attackers could have been unusually proficient and covered
their tracks, but the victim companies kept good network and firewall
logs that contained no evidence at all. "That's when you realize,
somebody sniffing wirelessly doesn't leave a trail," he said.
The computer trade press certainly believes a big wireless security
threat still exists. The "Top 10 Tips for Wireless Security" story is
a staple, regurgitated again and again in different forms, much like
the "How to Lose 10 Pounds in a Week" or "Is He The Right One?"
articles in other magazines.
In fact, Computerworld just trotted out another one last week. I
e-mailed the columnist to ask if it was really a big problem and if he
knew of any examples of wireless data theft. He seemed shocked at my
ignorance. He said my query could almost be material for another
column (look for one soon; these people aren't paid chicken feed!).
"Attackers love ignorance, and this is a great case of it," he said.
"I am not insulting you. I am just saying that it is these
misperceptions that give people a false sense of security and hackers
a ... dream."
I thanked him for his reply and asked him to help me overcome my
ignorance by answering my original questions as to how exactly a
wireless hacker would go about stealing data from even an unsecured
network at a private home or company and if he knew of any specific
instances of such theft, beyond hearsay reports.
He didn't provide any specific techniques but said anyone with basic
computer and networking knowledge could do it. He said he knew of
wireless breaches but couldn't talk about them.
I asked several other people and no one knew exactly how to access
even an unprotected wireless network and steal stuff. Even the Web
wasn't much help just a lot of vague references.
As near as I can tell, you would have to practically beg somebody to
steal from you: don't encrypt, don't change default SSID, don't change
default password, turn on sharing for your PC and turn off the
firewall, make sure your bank account number and password are readily
available, etc.
I guess there are people doing all that, but I wonder what they have
to steal and who's putting much effort into finding them.
If even one default is changed, it appears you would have to resort to
sniffers or frame generators or traffic injectors or something equally
labor- and time-intensive.
So maybe there are master hackers out there with arcane methods of
compromising wireless networks and installing bots, spyware, Trojans
and what-have-you, and they cover their tracks and no one knows about
them.
Yeah, right.
Please drop me a line if you know of any wireless breaches. Or if you
know exactly how one would steal data from a home or company with a
wireless network -- what tools you would use and how you would use
them. Or if you have any thoughts on the subject at all. I would love
to hear from you. Use the "Send Us Feedback" link below or send e-mail
to david_ramel at computerworld.com.
More information about the ISN
mailing list