Sunday, May 17, 2009

Steal my Info please! Things to think about when using public wifi.

Several years ago I worked for an ISP who wanted to offer wifi as an internet service. The idea was simple enough, fewer wires and it did not require their phone lines to be of a specific quality to get internet service. The downsides:
1. Line of sight, if you couldn't see the Access Point tower you could not get service.
2. Bad weather interfered with it especially heavy rain and snow.
3. Wifi can not go through live trees or metal structures.

Those where the main problems, but other became apparent after some time of running the service. One of the first questions I asked was. "Since it goes through the air via radio signal doesn't that mean anyone can see it?" I was told no by the owner (Who was fired about a year later for some bad decisions) and yes by one of the admins at the time. We soon found out the real answer when customers started calling in saying that other peoples network shares where popping up in their "My network places" section. However this was not due to the wifi signal, but to all the customers being on the same network with no restrictions between them. This problem was fixed very soon but then other problems popped up.

These problems are ones that face any wireless setup.
1. We used mac address authentication to verify customers, this meant we checked for specific numbers that the customers wireless network device had before they could gain access to the internet. This number could be faked, so basically anyone could use the service as long as the original client was not online at the time. This is known as MAC address spoofing.

2. No wep/wpa keys where used. The system was open, so even if you was not a customer you could still watch information pass around just by associating with the AP but not obtaining an ip address.

3. Ligntening loved our nice tall antennas. And man where they expensive to replace.

On a public wifi connection a person can see just about everything you do on the internet. Heres a few.
1. Read your instant messages
2. See your usernames and passwords
3. View what photos your looking at
4. See the websites your going to
5. Redirect you to another site or replace items such as images with their own.
6. Access your file shares and snoop through your files.
7. Take down the entire wireless network making it difficult or impossible for anyone to get online
8. Gain access to the wifi device and modify its settings.
9. Record all the information from the entire network and take it home to look through at their own speed and time.

You'd think these would be reason enough to ban most public wifi "hotspots" but its not. Places like Chicago and New York are flooded with free wifi, even small towns like mine have way more then you'd think. Imagine sitting down at your hotel room to check your bank account, email, or even get tickets to a show only to have your information stolen by someone in a car across the street. And its only going to get worse, as wifi gets stronger and faster new tools will emerge to make the task of stealing information easier.

If anyone is interested in proof and you live in the Quincy, IL area let me know.


No comments:

Post a Comment