Open Wi-Fi network at mercy of passing paedophiles

PUBLISHED : Monday, 01 December, 2003, 12:00am
UPDATED : Monday, 01 December, 2003, 12:00am

You do not need an analyst to tell you that Wi-Fi has been one of the most successful and over-hyped technologies of the past year.

Datamonitor says the enterprise Wi-Fi market will be worth US$1.3 billion by 2006, while Dell'Oro says the overall market will be worth US$3.1 billion in 2007. Analysts forecast the public Wi-Fi market will hit US$5.5 billion by 2007, and that is just for Europe and the United States. IDC says that by that time, there will be 25 million people using commercial hotspots.

This market is growing like wildfire, whoever you listen to, and every technology analyst is trying to sell a report on it.

But all the hype must be tempered with caution. While it is great to be able to access data anywhere, from your car to your bathroom, there are dangers in Wi-Fi that should be considered before anyone splashes out on a new wireless system.

Last month, police in Toronto uncovered one of the strangest security risks so far when they stopped a driver who was heading the wrong way down a one-way street. In the words of the police: 'The gentleman driving the car was naked from the waist down, and he had a laptop computer on the passenger seat. On the screen of the laptop computer was a 10-year-old girl in a sex act with an adult male'.

While he was driving and watching videos, he was also using Kazaa to download more porn via unsecured Wi-Fi networks in the area.

For this rogue 'wardriver' to do so many things at one time is dangerous enough, even at 5am, but the risks go much further. As the police pointed out, many people are unaware that their Wi-Fi signals can be seen by strangers. And that meant people could get into your computer, your files, your internet connection and do whatever they wanted online, and if anything illegal was done, it would come back to your computer, the police said.

The danger goes further than a passing paedophile leaving porn on your PC.

A week earlier, three men were arrested in Michigan for breaking into a DIY shop's wireless network. The men had parked their car outside a branch of Lowe's Home Improvement Warehouse and used wireless laptops to break into Lowe's branches in six states and steal credit card data.

There have been many stories about terrorists, virus writers and spammers using Wi-Fi for their own nefarious ends, but to date the tales have all been apocryphal. Nevertheless, an open network must look like an attractive service for anyone who wants to surf in anonymity.

And it does not take a Nostradamus to see that similar problems will arise in Hong Kong soon.

Last year, the Professional Information Security Association (Pisa) held Hong Kong's first wardriving survey. Scanning for wireless networks on Hong Kong island, the group found 187 access points along the tramline between Kennedy Town and Causeway Bay, and another 30 in Taikoo Shing. Only 23 per cent had bothered to switch on the Wep (wired equivalent privacy) encryption protocol, which is a standard on 802.11b networks.

The group has just repeated the survey. Not surprisingly, the number of wireless access points was substantially higher - up by 153 per cent, which (by my O-Level maths) would be about 473. Skipping Taikoo, the team used a powerful antenna to scan as far as Kowloon from The Peak, finding 257 access points. As weaker signals are less easily picked up from a moving vehicle or over long-distances, the actual numbers will be far higher. In other words, it is easier than ever to hitch a lift on someone else's unsecured network.

Anyone with basic understanding of security and a copy or AirSnort or WepCrack can break poor Wep encryption. A thief with a powerful base station or a copy of Airsnarf can set up a 'honeypot' to attract casual users and steal their data.

One of the chief drawbacks to Wep is that it depends on a static key or pass phrase, which is exchanged when a device is connected to the network. Although the key is encrypted, older 40-bit keys are relatively easy to crack, and even 128 bits can be broken, given sufficient time.

Even Wep's replacement, WPA (Wi-Fi Protected Access), has its faults. WPA depends on a pass phrase set by the user, meaning there is a high chance that all an intruder needs to access a WPA-protected network is a simple dictionary attack.

It is not all bad news. The next generation of 802.11i devices is likely to include enough security features to make them, for all intents and purposes, unbreakable. For a while, at least.

Neil Taylor is editor of SCMP's Technology section.