By Andy Sullivan
Wireless Internet users may not know that it's easy for outsiders to
read their email or scoop up passwords or other sensitive information.
Secretly using a stranger's Wi-Fi connection is so easy that sniffing
out open connections has become a sport among computer hackers.
At a recent conference in Las Vegas, wireless network enthusiasts,
known as "wardrivers," had two hours to find 1,000 wireless networks
in one of many contests that test their prowess.
Hackers ogled high-powered antennas that can pick up signals from over
a mile away, and promoted wardriving Web sites like Wigle.net that map
millions of wireless access points, or "hotspots," around the globe.
Hacking the Defcon conference's own wireless network proved popular as
well -- organizers said they fended off some 1,200 attempts to
compromise network security.
Wardrivers say the goal is not to steal bandwidth or spy on
unsuspecting Internet users, and they frown upon those who do
so. Rather, they hope to convince consumers and equipment
manufacturers to improve the dismal state of wireless security.
"We're trying to raise awareness. Security, by default, should not be
turned off," said an Edmonton, Alberta wardriver who goes by the name
Panthera.
Wireless routers, many costing less than $100, enable consumers to
surf the Web from their back yard or living room couch. With a range
of several hundred feet, a Wi-Fi signal can reach to the street or
surrounding houses, allowing neighbors to get online too.
Equipment sellers like Wardrivingworld.com say they do a lot of
business with truckers and Winnebago owners as well as war drivers.
"People think truckers just drink beer and eat chili and belch, but
800 truck stops across the United States have wireless access," said
Wardrivingworld.com co-founder Matthew Shuchman.
Hotspot owners can set passwords, encrypt their traffic to deter
eavesdroppers, or limit network access only to specified computers.
But most don't have that kind of protection in place -- a June, 2004
wardrive of some 230,000 hotspots conducted found that 62 percent were
not encrypted.
Encryption won't stop a determined hacker. Wardrivers say that the WEP
encryption standard used by many access points is easily crackable,
though the recent WPA standard is tougher.
Open networks can expose sensitive information in homes, businesses
and government offices.
A Michigan man in 2004 was convicted of using an unsecured network at
a Lowe's home improvement store to steal credit card numbers, while a
Toronto man was charged in 2003 with downloading child pornography
using a nearby wireless connection.
Some wardrivers say that manufacturers like Linksys, a division of
Cisco Systems Inc. are to blame because they don't ship their products
with security settings turned on and are more concerned with ease of
use than security.
"They're not taking care of their customers -- they're intentionally
putting them in harm's way," said RenderMan, a prominent wardriver who
has logged some 20,000 access points in Edmonton.
New Linksys routers allow consumers to set up a secure connection with
other Linksys devices by simply pushing a button, said Mike Wagner,
the company's director of worldwide marketing. But Linksys, which
accounts for 57 percent of the U.S. consumer market, can't ship its
products with security settings turned on because most users won't
bother to change the default password, Wagner said.
"That preconfigured password will be the exact same on 500,000
wireless products that we ship every month. So that's actually
creating a false sense of security," he said.
Legal aspects of wardriving remain murky. While a variety of laws make
it illegal to access a computer network without permission, very few
have been tested in court.
Reading e-mail and other traffic on a wireless network could invite
prosecution and it's unclear if wardrivers are breaking the law when
they use open networks for Internet access, said San Francisco lawyer
Robert Hale.
In Tampa, Florida, a man was arrested in April and charged with
unauthorized access to a computer network after police found him using
a nearby hotspot without permission.
"It comes down to a policy debate about whether the Internet is open
or not," Hale said at a Defcon forum.
RenderMan and other prominent wardrivers say that people shouldn't tap
into open networks even if the owners don't mind.
"We actively do not condone unauthorized use of people's networks," said
Andy Carra, who helps run the Wigle.net wardriving Web site.
Copyright 2005 Reuters Limited.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
articles daily.
Andy Sullivan (sullivan@telecom-digest.org)