An Introduction to Wireless Security

Consider this typical scenario: You've just got a Wireless Network Kit for Christmas. You plug everything in, and it "just works". Do you A) Fiddle with the configuration settings, possibly making it no longer work or B) Just use it?

I suspect most people will go with B, but a wireless network needs to be configured to change it off of its default channel, and to enable WEP encryption. Otherwise, an attacker, let's name her Eve, could drive up to your house with her own wireless laptop, and read all the data you send and receive. Next time you order something off the Internet, she'll get your credit card number.

Consider this typical scenario: You've configured your Wireless access point (AP) so that it uses a non-default channel, and you've enabled a WEP password which you've entered both on your AP and on your laptop. Do you A) Fiddle with it every month, changing the password regularly or B) Just use it?

I suspect most people will go with B, but the WEP password on a network should be changed at least once a month to ensure security. While traditional encryption techniques usually take thousands of years to break (no system except one time pads is unbreakable), WEP is relatively weak, and can be cracked within a few months, which is why you need to keep changing the password.

Consider this typical scenario: You're browsing the Internet on your wireless laptop, when the WiFi connection drops momentarily. This happens all the time. Like when you're walking from one room to the next, there might be a "dead" zone in the hallway where you can't receive the connection anymore. You get the little WinXP bubble saying "WiFi Connection Lost", and then, within milliseconds, "WiFi Connection now established", with a prompt to re-enter in your password. Do you A) Re-enter your password or B) get extremely paranoid and stop using WiFi altogether?

If you haven't figured out the pattern yet, B is always the more secure answer. There's a relatively new attack called the "Evil Twin" attack. Eve brings her own wireless AP with her when she drives up to your house. She's hacked the AP so that its output is much stronger than FCC recommendations. So strong, in fact, that it interferes with your AP, drowning it out. That's why your connection dropped. And now Eve's AP masquerades as being your AP (acting like an "Evil Twin" of your AP), telling your laptop "So sorry. I guess our connection just dropped. Ah well, it happens, eh? Anyway, since we got disconnected, I can't be sure you're really you now, so you'll have to re-enter your password." Do so, and you're just sending your password straight to Eve.

This is a common theme in security in consumer products: encryption ensure that only you and the person you're speaking to can understand the conversation, but it does not guarantee that the person you're speaking to really is who he or she claims he is. When you entered in your password in the last scenario, only you and Eve would have been able to decode any future transmission between you two. But while you thought you were speaking to your own AP, you were actually speaking to Eve's AP.

When you use a debit card in a store and you enter in your PIN, you don't know that you're actually talking to your Bank. It has happened before in Quebec (I've lost the newspaper article now) that a clerk at a depanneur simply rewired the DirectDebit panel thingy into his laptop, and whenever a customer used DirectDebit, the laptop recorded the PIN she entered and always accepted the transaction. Then, the clerk emptied out the accounts. There exists fixes for this (look up "Challenge-response authentication" to learn more), but banks has no real motivation to implement any of them.

E-mail this story to a friend.
1. Leafy Person said:
The conclusion I get from your post is that the casual use of a wireless network is not safe and making it safe is too cumbersome and impractical,so installing a wireless network in one's home is not worth the bother. Right?
Posted on Fri January 21st, 2005, 11:47 PM EST acknowledged
2. Nebu Pookins said:

That's the conclusion I came to a year ago, but it wasn't the "main point" of this post. I'd have to do some studying on how WiFi works to find out if there exists a way to defeat the Evil Twin attack, but I wouldn't be surprised if there did not exist a way at all.

Posted on Sat January 22nd, 2005, 12:41 PM EST acknowledged

You must be logged in to post comments.