Security Folks Shift Old Hotspot Story To Muni-WiFi

from the gotta-keep-the-fear-up dept

Mon, Aug 14th 2006 7:03pm — Mike Masnick

A few years ago, when retailers started putting in WiFi hotspots to attract new users, it became a pretty common story to see security people overhype the threat of using those hotspots. It's true that there are some security issues in using a WiFi hotspot, but there are ways to protect yourself from most of those risks without much effort. Of course, now that the hotspot story has pretty much disappeared, it appears that the security folks are trying to re-position those same stories as talking about the "risks" of muni-WiFi. Again, the risks are somewhat overstated. There are risks -- but with a little preparation they're unlikely to be a big deal. At least this article includes some comments from those who believe the threat is overblown, suggesting that the stories are being spread by telcos who are against muni-WiFi.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

19 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

meeee, 14 Aug 2006 @ 7:51pm

first comment?

i use hotspots all the time with no problem...
[ link to this | view in thread ]
Anonymous Coward, 14 Aug 2006 @ 8:05pm

Re:
And I use hotspots, spoofing your identity, all the time with no problem....
[ link to this | view in thread ]
Matt, 14 Aug 2006 @ 8:30pm

Lovely....a "security experts don't know what they're talking about" story clearly written by someone who doesn't understand security.

On the other hand, I don't think there are any more problems with "muni" wifi than if a similar service was run by a telco (unless the municipality hires a bunch of idiots for implementation).

As always, the weakest link in security is always the people (end users in this case).
[ link to this | view in thread ]
Anonymous Coward, 14 Aug 2006 @ 8:49pm

Re:
As always, you can't always make general assumptions as to whose the weakest link. Apparently you've never heard of software exploits...
[ link to this | view in thread ]
qyiet, 14 Aug 2006 @ 9:08pm

With the exception of SSID spoofing (which would be rare to say the least) The "risks" of muni wi-fi sound a lot like the risks of dial-up

-Qyiet
[ link to this | view in thread ]
Matt, 14 Aug 2006 @ 9:21pm

Re: Re:
"As always, you can't always make general assumptions as to whose the weakest link. Apparently you've never heard of software exploits..."

Actually, funny you should mention that. That's what I do for a living.
[ link to this | view in thread ]
Mike (profile), 14 Aug 2006 @ 10:10pm

Re:
Lovely....a "security experts don't know what they're talking about" story clearly written by someone who doesn't understand security.

Ah, so you believe the risks in the article are not being overstated by the so called "experts"? And the risks concerning using a hotspot a couple years ago weren't overblown either?

As I said, there are weaknesses, but the risk level is much lower than these security folks imply. This is a FUD piece, pure and simple.
[ link to this | view in thread ]
Riyadh, 14 Aug 2006 @ 10:24pm

whts the deal?
I use hotspots all the time, is there vulnerbility? Im not much advanced when it comes to exploitis but familiar with all types of networking
[ link to this | view in thread ]
Anonymous Coward, 14 Aug 2006 @ 10:35pm

FUD
like 7 said, its fud - and an easy job for the "journalist(s)" too - search Google (or just your "news company's" site) for fud wifi hotspot stories from a year ago, copy + paste the article, and find + replace "hotspot(s)" with "muni-wifi"
[ link to this | view in thread ]
Matt, 14 Aug 2006 @ 11:24pm

I can't comment on the "a couple years ago" bit, because the first techdirt article links to a page that isn't there anymore.

If the muni networks are setup without encryption (WEP doesn't count, because it is trivial to crack), then there certainly is risk. Without encryption, it is trivial to sniff any traffic on the network. (http://www.kismetwireless.net)

Just as an example, suppose someone checks their POP3 email account. More than likely, they aren't using secure POP3, so we can see the user name and password for their account. Now, we can log in and read all their email at our leisure. But that's just the beginning of what we can do. After a while of reading their email, there's probably a good chance we can figure out what bank they use (either from reading their email, or watching what websites they go to). Now we can send them a targeted phishing attack (spear phishing). Or maybe we send them an email with a custom built trojan/keystroke logger. Or, let's be simple. What are the chances that their POP3 password is the same as their Ebay/Paypal/Amazon password? Or maybe the administrator password on their laptop? Or maybe the password for their VPN connection to work (if the company is stupid enough to use just passwords for authentication).

What if I setup a fake Muni wifi hotspot? Now I can do a Man in the Middle attack and just get your banking login/password directly. Sure the user might get a message saying the certificate is invalid, but users are generally trained to just click through these messages.

Will I be able to get your information? Maybe not. But I can guarantee that without encryption, I can get someones.

As the Redherring article indicates, if implemented properly, it wouldn't be much of an issue. But you need to educate users about the risk, and you need to encrypt ALL of the traffic.
[ link to this | view in thread ]
Jesse McNelis, 15 Aug 2006 @ 2:43am

Re: Re:
Even with software expolits. It's still the user that has to obtains the data/software from a malicious source.
In computer security it's much more likely to be user error than software exploit that is the cause of a security breach on a desktop system.
[ link to this | view in thread ]
eb, 15 Aug 2006 @ 7:57am

How Are You Going to Educate
the typical AOL-type user? The people who still open attachments they're not expecting in email? People who don't even know how to control which access points they use and who say "Huh?" when you talk about encryption? Sorry, but I think these people are going to get scammed in droves.
[ link to this | view in thread ]
Lay Person, 15 Aug 2006 @ 8:08am

Big Deal Matt
Matt:

The security risk IS OVERSTATED as the article suggests.

Even your responses are way overdone.

You even said yourself, if it's encrypted--end of story. Encryption is not some cryptic, arcane methodology. Many devices have simple one-button security features, including assignment of 128 bit encryption WEP keys--as weak as WEP may be, I challenge anyone to break a 128 bit encrytption.
[ link to this | view in thread ]
Anonymous Coward, 15 Aug 2006 @ 9:01am

Re: Big Deal Matt
I challenge anyone to break a 128 bit encrytption

Done.
http://www.google.com/search?hl=en&q=crack+wep&btnG=Google+Search
[ link to this | view in thread ]
Lay Person, 15 Aug 2006 @ 9:24am

Re: Re: #14 Big Deal Matt
Not quite.

From your own article source, you failed to read one small caveat. It's easy to talk about cracking but another thing to do it.

"The simplest brute force attack involves trying every possible binary key, a process that is completely impractical for 128 bit keys but may be worth trying for 64 bit keys if you have a few supercomputers lying around. WepLab and dwepcrack provide the ability; you provide the CPU cycles."

In fact I run 128 bit encryted WEP just to prove it's not that bad. I have my points yet to be breached. Please explain to me how you are going to crank out the required processing power with a laptop? Yeah maybe in a van that has satellite linkage to a supercomputer, but even then my access points generate random keys after each authentication, how is any scenario (with todays cracksoftware/processors) like this possible?

I myself tried to crack it, it can crack it but it took three days and even then it only cracked one of dozens of variable, random keys.

Please explain your position. It's simply not practical, once one key is cracked, the access point is no longer using that key. The only way to really crack it is to do it quickly and nothing out there is that quick.
[ link to this | view in thread ]
Matt, 15 Aug 2006 @ 9:53am

128 bit WEP cracked in minutes
http://www.tomsnetworking.com/2005/03/31/the_feds_can_own_your_wlan_too/

Note that the Feds were simply using 2 laptops and freely available tools.

Cracking WEP is trivial at this point. A full brute force attack is not required.

While using WPA/WPA2 would solve the problem, implementing encryption on a wide scale (think millions of end users in NYC) is definitely non-trivial.
[ link to this | view in thread ]
Lay Person, 15 Aug 2006 @ 10:10am

Hmmm...
Well depending on the key strength, the carcking algorithm will shift methodology, if it can't use the dictionary approach it has to use brute force...that just takes time.

By the time the key is cracked, it's no longer a valid key. Due to the fault of key usage, WEP has been problematic because people created their own keys that contained stringed ascii sequences like "ilikecars1"...this is way easier to carck than say "x1H2kKe39h". Again, that is not even inluding the fact that the key changes everytime a client connects.

Believe me, I have supported countless wireless networks. I have used different standards of encryption. They are all good if used properly. A room is as secure as the people that lock the door.

Wireless security is not as open as everyone claims.
[ link to this | view in thread ]
Matt, 15 Aug 2006 @ 11:51am

re: Hmmm....
Maybe you should read this:

http://www.cs.ucl.ac.uk/staff/M.Handley/papers/fragmentation.pdf
[ link to this | view in thread ]
Lay Person, 15 Aug 2006 @ 2:40pm

Agree with you but again...
I agree with the article but again there is one small caveat to this approach. To successfully complete a defragmentation attack, at some point the access point must be connected to the internet.

Mine are isolated and not available across a public network.
As soon as my firwall picks up an unknown address it gets blacklisted as an attack.
[ link to this | view in thread ]