Jimmy Geek
02-22-05, - 05:45 PM
Just finished a report on the Information Assurance profile of the Bahamas. While the final report was 60+ pages, the section on War Driving maybe of interest to the group.
Enjoy
************************************************
WiFi Follies
WiFi is short for Wireless Fidelity. Wireless Fidelity is the marketing name given to the inexpensive wireless routers used in many homes and business in Nassau. This small inexpensive device is credited for single handily restoring interest in the Internet and network computing after the disastrous Dot-Com bust of 2001.
WiFi is an attractive buy for business and home users interested in accessing the Internet without the burden of being tethered to a wire. With wireless devices costing as little as $50, WiFi represents affordable freedom. It is a technology that can dramatically improve user access to services while reducing their deployment costs. There are many cafes and restaurants in Nassau that are now offering WiFi access. Despite the exciting benefits of wireless, many people, especially businesses are reluctant to deploy WiFi solutions. In terms of security, their concerns are well founded.
WiFi is plagued by inherent security vulnerabilities. In one case, a hacker was able to intercept the purchasing transactions of customers from the electronic retailer Best Buy. The hacker sat in the parking lot of the retail store and was able to read the broadcast data of the store’s wireless registers. The biggest advantage of WiFi networks is also its Achilles heel. Its signals are not restricted by walls or boundaries. If the signal is not protected (through encryption or other means) any person with the right equipment can intercept the signal and read the data.
To illustrate the inherent dangers and the pervasiveness of non-secure WiFi, the author conducted an analysis of wireless networks on the island of New Providence by war driving. While the entire Island was not surveyed, the author concentrated on the commercial districts. The areas included:
· The Airport
· Cable Beach and West Bay
· Downtown and East Bay
· Palmdale and Collins Avenue
· Shirley Street
What is War Driving
The term war driving is the practice of scanning and identifying wireless networks. The practice originated in the mid 1980’s. Early hackers programmed modems to sequentially dial a block of phone numbers in an attempt to discover computer systems. This practice was known as “war dialing”. Although war driving has its roots in the underground hacking community, it has since become an inportant tool for information security professionals.
When conducting general WiFi surveys, the information security professional must ensure that precautions are in place to prevent connections (accidental or otherwise) to the networks. Under no circumstance, should the surveying equipment, connect to or attempt to connect to a network without the authorization or knowledge of the owner. Not only is this unethical, but under the Computer Misuse Act of 2003; illegal.
War Driving Equipment
The Antenna
There are many tools available that will effectively scan and identify wireless networks. Because of antenna power output restrictions, the effective range of a typical WiFi access point is limited to about 300 – 500 feet. This range is extended to 600+ feet with the addition of a high gain antenna. In this survey the author used an external 15db high gain antenna. The antenna is able to extend the receiving range to 800+ feet.
Surveying Software
There are many excellent free and commercially available WiFi surveying packages. The application chosen by the author for this project was Kismet. Kismet is an excellent Linux based wireless detector and intrusion detection system.
This application is unique in that it identifies networks by passively collecting wireless packets. It can also identify cloaked (hidden) networks by inferring their presence via data traffic from the network or wireless cards. This is a very important point. Many WiFi owners are under the false impression that by cloaking their WiFi networks, they are safe from snooping. This cannot be farther from the truth. Detecting a cloaked WiFi network is as easy as detecting a non-cloaked one.
War Driving Results
When totaled, there were an astonishing 554 WiFi networks discovered. Given the size and the population residing in the surveyed area, this figure is truly amazing. The large amount of WiFi networks are a good indication that businesses and residents are willing to invest in new technologies.
While WiFi networks are convenient and inexpensive, attention must be given to securing them. Only 18% of the systems surveyed had encryption enabled. At a minimum, Wired Equivalent Privacy (WEP) should be enabled. While WEP is considered weak because of a flaw in its RC4 cipher implementation; when combined with other preventive measures, it is still adequate (depending on risk profile) for small-office-home-office (SOHO) users. If WiFi Protected Access (WPA) is available enable it instead of WEP. WPA does not suffer from the same cipher flaws as WEP.
WiFi WEP Usage
82% (457 Access Points) - WEP Disabled
18% (97 Access Points) - WEP Enabled
The author also found 41% of the wireless networks broadcasting with factory default Service Set Identifiers (SSIDs). While default SSIDs is not considered a security risk, it will usually catch the attention of hackers.
Conventional hacker wisdom says that if an SSID is set to its factory defaults, the odds are high that other settings are also to its defaults.
It was surprising to see that 14% of wireless networks were cloaking their presence. This was a pleasant surprise. While the actual security advantages of cloaking can be debated, the fact that 79 WiFi networks were cloaked is a good indicator that users are aware of the risks associated with wireless use. Disappointing was the fact that many of the cloaked networks still did not have encryption enabled. Businesses and users must be informed of the dangers of deploying technologies without first considering the risks involved. If properly configured, WiFi networks are convenient and most importantly, secure.
WiFi SSID Usage
Non Default SSID - 38%
Unknown SSID - 3%
Well Known SSID - 4%
No SSID - 14%
Default SSID 41%
ECommerce Acts of 2003
In 2003 the Bahamas Parliament passed three acts (known as the eCommerce acts of 2003) that are intended to be the regulatory and legislative framework for eCommerce in the Commonwealth. The three acts are;
· The Computer Misuse Act
· The Data Protection Act
· The Electronic Communications and Transactions Act
The acts are a good starting point. They however lack provisions concerning data governance, ownership, and intent.
Computer Misuse Act
The Computer Misuse Act while well written and comprehensive; contains a glaring omission that essentially makes published books, articles, or even research results concerning security issues an offence. The wording of the act, if interpreted literally, could also make operating system manuals illegal. This strange situation could have been avoided if law makers were able to consult with a larger pool of subject matter experts on the security and privacy implications of the act.
The author understands that the purpose of the Computer Misuse Act is to protect systems from malfeasance. What the act does not take into account is the intent of any disclosure. Clause 8 of the act makes it an offence to knowingly disclose any means of gaining access to any program or data held on a computer. The clause states:
“Any person who, knowingly and without authority discloses any password, access code or any other means of gaining access to any program or data held in any computer shall be guilty of an offence if he did so –
(a) for any wrongful gain;
(b) for any unlawful purpose; or
(c) knowing that it is likely to cause wrongful loss to any person.”
The flaw in this otherwise excellent act is section c of clause 8. Section c of the clause does not take into account the intent of disclosures. If vulnerabilities are found in an application, operating system, or hardware device, the information could not be released because it is likely to cause wrongful loss. Even if the vulnerability is common knowledge to hackers, the information still could not be released without the threat of criminal charges.
The above WiFi analysis of the commercial districts of New Providence according to clause 8 section c is a prosecutable offence; although the intent and the result is better public awareness in securing their systems from common vulnerabilities, the clause should be amended to include intent and potential impact to public safety. While the clause is well intentioned, the result is security through obscurity; and security through obscurity is no security at all.
Enjoy
************************************************
WiFi Follies
WiFi is short for Wireless Fidelity. Wireless Fidelity is the marketing name given to the inexpensive wireless routers used in many homes and business in Nassau. This small inexpensive device is credited for single handily restoring interest in the Internet and network computing after the disastrous Dot-Com bust of 2001.
WiFi is an attractive buy for business and home users interested in accessing the Internet without the burden of being tethered to a wire. With wireless devices costing as little as $50, WiFi represents affordable freedom. It is a technology that can dramatically improve user access to services while reducing their deployment costs. There are many cafes and restaurants in Nassau that are now offering WiFi access. Despite the exciting benefits of wireless, many people, especially businesses are reluctant to deploy WiFi solutions. In terms of security, their concerns are well founded.
WiFi is plagued by inherent security vulnerabilities. In one case, a hacker was able to intercept the purchasing transactions of customers from the electronic retailer Best Buy. The hacker sat in the parking lot of the retail store and was able to read the broadcast data of the store’s wireless registers. The biggest advantage of WiFi networks is also its Achilles heel. Its signals are not restricted by walls or boundaries. If the signal is not protected (through encryption or other means) any person with the right equipment can intercept the signal and read the data.
To illustrate the inherent dangers and the pervasiveness of non-secure WiFi, the author conducted an analysis of wireless networks on the island of New Providence by war driving. While the entire Island was not surveyed, the author concentrated on the commercial districts. The areas included:
· The Airport
· Cable Beach and West Bay
· Downtown and East Bay
· Palmdale and Collins Avenue
· Shirley Street
What is War Driving
The term war driving is the practice of scanning and identifying wireless networks. The practice originated in the mid 1980’s. Early hackers programmed modems to sequentially dial a block of phone numbers in an attempt to discover computer systems. This practice was known as “war dialing”. Although war driving has its roots in the underground hacking community, it has since become an inportant tool for information security professionals.
When conducting general WiFi surveys, the information security professional must ensure that precautions are in place to prevent connections (accidental or otherwise) to the networks. Under no circumstance, should the surveying equipment, connect to or attempt to connect to a network without the authorization or knowledge of the owner. Not only is this unethical, but under the Computer Misuse Act of 2003; illegal.
War Driving Equipment
The Antenna
There are many tools available that will effectively scan and identify wireless networks. Because of antenna power output restrictions, the effective range of a typical WiFi access point is limited to about 300 – 500 feet. This range is extended to 600+ feet with the addition of a high gain antenna. In this survey the author used an external 15db high gain antenna. The antenna is able to extend the receiving range to 800+ feet.
Surveying Software
There are many excellent free and commercially available WiFi surveying packages. The application chosen by the author for this project was Kismet. Kismet is an excellent Linux based wireless detector and intrusion detection system.
This application is unique in that it identifies networks by passively collecting wireless packets. It can also identify cloaked (hidden) networks by inferring their presence via data traffic from the network or wireless cards. This is a very important point. Many WiFi owners are under the false impression that by cloaking their WiFi networks, they are safe from snooping. This cannot be farther from the truth. Detecting a cloaked WiFi network is as easy as detecting a non-cloaked one.
War Driving Results
When totaled, there were an astonishing 554 WiFi networks discovered. Given the size and the population residing in the surveyed area, this figure is truly amazing. The large amount of WiFi networks are a good indication that businesses and residents are willing to invest in new technologies.
While WiFi networks are convenient and inexpensive, attention must be given to securing them. Only 18% of the systems surveyed had encryption enabled. At a minimum, Wired Equivalent Privacy (WEP) should be enabled. While WEP is considered weak because of a flaw in its RC4 cipher implementation; when combined with other preventive measures, it is still adequate (depending on risk profile) for small-office-home-office (SOHO) users. If WiFi Protected Access (WPA) is available enable it instead of WEP. WPA does not suffer from the same cipher flaws as WEP.
WiFi WEP Usage
82% (457 Access Points) - WEP Disabled
18% (97 Access Points) - WEP Enabled
The author also found 41% of the wireless networks broadcasting with factory default Service Set Identifiers (SSIDs). While default SSIDs is not considered a security risk, it will usually catch the attention of hackers.
Conventional hacker wisdom says that if an SSID is set to its factory defaults, the odds are high that other settings are also to its defaults.
It was surprising to see that 14% of wireless networks were cloaking their presence. This was a pleasant surprise. While the actual security advantages of cloaking can be debated, the fact that 79 WiFi networks were cloaked is a good indicator that users are aware of the risks associated with wireless use. Disappointing was the fact that many of the cloaked networks still did not have encryption enabled. Businesses and users must be informed of the dangers of deploying technologies without first considering the risks involved. If properly configured, WiFi networks are convenient and most importantly, secure.
WiFi SSID Usage
Non Default SSID - 38%
Unknown SSID - 3%
Well Known SSID - 4%
No SSID - 14%
Default SSID 41%
ECommerce Acts of 2003
In 2003 the Bahamas Parliament passed three acts (known as the eCommerce acts of 2003) that are intended to be the regulatory and legislative framework for eCommerce in the Commonwealth. The three acts are;
· The Computer Misuse Act
· The Data Protection Act
· The Electronic Communications and Transactions Act
The acts are a good starting point. They however lack provisions concerning data governance, ownership, and intent.
Computer Misuse Act
The Computer Misuse Act while well written and comprehensive; contains a glaring omission that essentially makes published books, articles, or even research results concerning security issues an offence. The wording of the act, if interpreted literally, could also make operating system manuals illegal. This strange situation could have been avoided if law makers were able to consult with a larger pool of subject matter experts on the security and privacy implications of the act.
The author understands that the purpose of the Computer Misuse Act is to protect systems from malfeasance. What the act does not take into account is the intent of any disclosure. Clause 8 of the act makes it an offence to knowingly disclose any means of gaining access to any program or data held on a computer. The clause states:
“Any person who, knowingly and without authority discloses any password, access code or any other means of gaining access to any program or data held in any computer shall be guilty of an offence if he did so –
(a) for any wrongful gain;
(b) for any unlawful purpose; or
(c) knowing that it is likely to cause wrongful loss to any person.”
The flaw in this otherwise excellent act is section c of clause 8. Section c of the clause does not take into account the intent of disclosures. If vulnerabilities are found in an application, operating system, or hardware device, the information could not be released because it is likely to cause wrongful loss. Even if the vulnerability is common knowledge to hackers, the information still could not be released without the threat of criminal charges.
The above WiFi analysis of the commercial districts of New Providence according to clause 8 section c is a prosecutable offence; although the intent and the result is better public awareness in securing their systems from common vulnerabilities, the clause should be amended to include intent and potential impact to public safety. While the clause is well intentioned, the result is security through obscurity; and security through obscurity is no security at all.