Cookie Consent by Free Privacy Policy website
 

News and Events

Takahashi: Wi-Fi can leave users exposed

A NETWORK PASSWORD CAN HELP SECURE USERS' PRIVACY

Mercury News
http://multichannel.com/article/CA6486535.html
10/8/07, By Dean Takahashi

Taking out the garbage one night, I noticed a woman sitting in a sport-utility vehicle in front of my house. Her face was lit by the white glow of a laptop. Odd, I thought. I went up to her and tapped on her window and asked her what she was doing. She said she was waiting for her husband to return from walking the dog and that she lived in a house a couple of doors away.

"Oh, I thought you were stealing my Wi-Fi connection," I said, referring to my wireless high-speed Internet connection.

I went back inside, then realized her story didn't make sense. I went back out, and she was gone. There was no SUV at the house where she had pointed, and never had been. So I think she was piggybacking on my Wi-Fi, or someone else's.

That's one of the hazards of Wi-Fi networks. The woman in the SUV might have taken a lot of things that are important to me - in my computers - without ever stepping inside my house. Our networks leak out of our houses and the problem is only getting worse as most new Wi-Fi products use the long-range 802.11n wireless network standard that the industry recently adopted.

I have a new "n" router, a Netgear WNR854T RangeMax Next Wireless Router, that gives me broadband at any part of my house, including my back yard and garage. But the downside is that the radius of my network is now extended three or four times farther than the 50-meter range of my old Wi-Fi 802.11g network. That distance is far enough for my neighbors or anyone else outside to piggyback on my Wi-Fi, allowing them to use laptops to access the Internet for free while I pay for it.

Left unsecure, this unintentional extension of Wi-Fi bubbles beyond property borders can exacerbate family problems. One family I know had a problem with its neighbor's Wi-Fi. The family had a rule that the 15-year-old son wasn't allowed to use the Internet past a certain time. They shut down the computer network at night. But the boy simply hopped on the neighbor's unprotected network instead. To parents, the neighbor's Wi-Fi is essentially pollution.

The security issues are much worse with unprotected public Wi-Fi and Wi-Fi in coffee shops sprouting everywhere. Competent hackers can use "sniffers" to collect and analyze all of the data traffic going back and forth over a compromised Wi-Fi network.

"It's absolutely crazy," says Jeff Moss, security expert and organizer of the Black Hat security conference. "The Wi-Fi infrastructure is insecure, but the public awareness isn't there."

It is a simple matter to set a security password for your Wi-Fi network. My Netgear router came with software on a CD that explained how to set up a password using the wired equivalent privacy, or WEP. Any password should have capital letters and numbers and be at least 10 characters long.

But people shouldn't use WEP anymore, says Robert Graham, security consultant and CEO of Errata Security in Atlanta. Just ask TJX, the owner of various retailers that lost a lot of customer information to hackers who broke into its computers via WEP-protected Wi-Fi. The problem is that a lot of old laptops, printers and other gear work only with WEP security. Most router companies give consumers a choice for the kind security they use.

Home users with newer equipment should use a variant of the Wi-Fi Protected Access protocol, or WPA2, which is more secure than WEP, says David Henry, product marketing manager at Netgear. Most new home routers in the past two years come with procedures for setting up WPA2 security. Some equipment vendors also enable users to download software updates that allow older equipment to use WPA2 security. Even so, as easy as it is to set up, about 20 percent to 30 percent of people don't bother to set up any password protection, Henry says.

That's a big mistake. At the recent Black Hat convention in Las Vegas in August, Graham showed how he could easily break into Wi-Fi networks in public places and even break the security for Google's Gmail. He could read the e-mails of anyone logging into Gmail, in fact, even though he didn't have their logins and passwords. He could do the same for many other sites.

He advises people to be vary wary about using Wi-Fi in hotels or conferences, where the odds are strong that someone is looking over your shoulder.

"It's just too dangerous to use," he says.

Google says that over time it will shift to a more-protected login process as its default for those logging into Gmail. Currently you can log into Gmail in a secure way if you type https://www.gmail.com instead of just www.gmail.com. If you're really worried about it, visit www.Wi-Fialliance.org. for more information.

Meanwhile, watch out for those Wi-Fi bandits parked outside your house.


Contact Dean Takahashi at dtakahashi@mercurynews.com or (408) 920-5739. See my previous columns and blog at www.mercurynews.com/deantakahashi.