As many of you will know, I have warned a number of times about the insecurities that come with Wifi.

This (http://www.theregister.co.uk/2007/02/15/router_vuln/) has been published yesterday.

The long & short of it? Using the most popular models of wifi routers, your settings can be changed if you're not VERY careful, just by visiting the wrong website. This can open up all sorts of scary things, like you thinking that you're logging in to hotmail, but it's not, it's a fake login page, and someone has just stolen your password. Alternatively, you could be made to use a proxy site, that would capture ALL details you enter into the browse, and save them (online shopping/banking anyone?).

Thinking outside the box a little, please make sure that your wifi routers are configured properly folks. Changing from the default password does not actually protect you from this kind of attack. It merely makes it take longer (and not much longer in most cases).

By "properly configured" I mean that you only allow certain MAC's access, that you're not offering DHCP, nor broadcasting SSID, and that your password is something secure. If you want help making a secure password, click here (http://www.goodpassword.com/) (I'd recommend the bottom radio button - "(0-9a-zA-Z.?:;!,)" with a length of at least 10, but they can be hard to remember). At the very least, almost all wireless communications should be conducted in WPA, if not better (but not many support anything better than WPA).

If the above is not done, you're basically asking for someone to steal all your money, all identities in your household, and run up a massive bill for broadband going over it's usage limits.

Please note, I'm not trying to do a good dose of scaremongering here, I just geniunely hate wifi, it's the least secure technology that I've seen in years.

If anyone wants specific help with securing their wifi router, drop me a message.

I use WEP and other things, though I keep forgeting to secure it via mac address, I should know better. I find the best security of all is to turn it off when not need, which is most of the time. Shame the routers don't have a button on the front, 'Turn off/on WiFi'.

Yup, wifi opens up a lot of scary possabilities (even with just the tools I sent a PM to you about).

Ever seen a website with the text backwards, and all images upside down? :smt104

I agree completely, turn the damn thing off unless you really, absoluetly need it. I'd rather knock holes in my walls & run cables, than someone have the possability of stealing my bank details from a few hundred feet from the house.

My bank details are not on my PC.

My bank details are not on my PC.
By that I assume that you mean you don't do online banking. Because if you do, it's possible to capture them (a remote possability, I know, but a possability non-the-less).

The point isn't that it's only bank details that are vulnerable though.

I use WEP and other things, though I keep forgeting to secure it via mac address, I should know better. I find the best security of all is to turn it off when not need, which is most of the time. Shame the routers don't have a button on the front, 'Turn off/on WiFi'.

Still haven't managed to hack my router yet, though I don't think I ran the collector long enough to get all the IV's I needed.

I haven't tried forced attacks yet.

By that I assume that you mean you don't do online banking. Because if you do, it's possible to capture them (a remote possability, I know, but a possability non-the-less).

The point isn't that it's only bank details that are vulnerable though.Well all the accounts that i used to access are now invalid. I only access my current one from work. As for anything else. theres sod all else on my PC worth having, other than 100gb of music!! But i do see where you are coming from.

As proof it could be done, after a conversation with a neighbour (quite a good friend), I cracked his 128bit WEP key, logged onto his network, changed his favourites, gained access to his amazon account and ordered a book on network security (could have deleted vital system files if id been that way inclined)

Needless to say he now is using WPA and VPN ;)

Pete

Needless to say he now is using WPA and VPN ;)
WPA is better, but not invulnerable. VPN? I'm not sure why a home user (as that's all you've said about) would need VPN, but still, there could be things that you haven't said about in your post.

Like I always say, it's a matter of trade-offs. Much akin to riding the bike & the delicate art of keeping upright.

oooooooooh, mis-understood, from the title thought you had just let off :rolleyes: ;) :D

oooooooooh, mis-understood, from the title thought you had just let off :rolleyes: ;) :D
There's always one...

:smt047

As proof it could be done, after a conversation with a neighbour (quite a good friend), I cracked his 128bit WEP key, logged onto his network, changed his favourites, gained access to his amazon account and ordered a book on network security (could have deleted vital system files if id been that way inclined)

Needless to say he now is using WPA and VPN ;)

Pete

How long did it take you to hack it?

As proof it could be done, after a conversation with a neighbour (quite a good friend), I cracked his 128bit WEP key, logged onto his network, changed his favourites, gained access to his amazon account and ordered a book on network security (could have deleted vital system files if id been that way inclined)

Needless to say he now is using WPA and VPN ;)

Pete
Did you keep the book?

Wireless in general is weak as someone with a Linux box and the right software can still detect the hidden SSID / Network name, MAC address used on the network. Spoofing a MAC address is simple as well.

Dictionary attacks on WEP keys can break the keys in seconds, fastest I ever broke one was 2.3 seconds on 1 encrypted packet.

Still WPA is prone to these attacks. Like mentioned above, use very strong phrases/passwords and never use the default stuff!

The other one you need to look out for is fake wireless routers/access points, again these are easy to set up and sometimes work a treat in Hotspot area's ;-)

OK, read about this today, but didn't think about it much...

I chanfed the passwords on my router when I set it up, use WEP 128 with an unusual phrase used to generate the network key.

Keep meaning to implement MAC filtering, but keep thinking maybe tomorrow.

If all defaults have been changed how open is the router>

Stu

As many of you will know, I have warned a number of times about the insecurities that come with Wifi.

This (http://www.theregister.co.uk/2007/02/15/router_vuln/) has been published yesterday.


Did you actually read the article? It applies to ALL broadband routers, not just wi-fi ones and simply says that you MUST change the default password, else you'll likely get hacked, which is common sense really. That's got nothing to do with WEP or WPA.

I have a wireless router at my uni flat; i've never figured out how to make it secure (encrypted blah blah)

And Maria's home wireless isnt secure either.

Can you help us out a bit baph? I'll talk to you a bit more on MSN about it. I do worry about stuff like this myself

Matt

My wireless router is super secure at the moment, its switched off ! I only use it when I'm on call and I need to VPN in with my work laptop. Am I right in thinking that the MAC address is broadcast in every packet ? so If someone hacks your WPA/WEP they can just sniff, get the MAC address and then spoof it ?

VPN? I'm not sure why a home user (as that's all you've said about) would need VPN, but still, there could be things that you haven't said about in your post.

VPN Server in the router, then after connecting via wireless to the router, connect to the VPN using high level encryption..

Protects the likes of pop3 passwords etc even if you are unlucky enough to have your key cracked.

How long did it take you to hack it?

20 minutes to generate enough traffic, less than 2 seconds for the software to extract the WEP key from the captured traffic.

Did you keep the book?

My neighbour has it now ;)

I would recommend for anyone technically minded, check if your router is compatable with dd-wrt firmware here (http://www.dd-wrt.com/wiki/index.php/Supported_Devices#List_of_all_supported_routers)an d if so, flash it and make use of all the extra features including vpn server
Pete

...I find the best security of all is to turn it off when not need, which is most of the time...

I do exactly the same, but primarily to conserve energy.

Hi there,

if you're worried about wireless security, but still enjoy using wi-fi in your own apartment, just screw off the antenna that comes with the wireless.

This will dramatically reduce its coverage to less than 2 metres (on a Netgear in any case)....works for me...

Hi there,

if you're worried about wireless security, but still enjoy using wi-fi in your own apartment, just screw off the antenna that comes with the wireless.

This will dramatically reduce its coverage to less than 2 metres (on a Netgear in any case)....works for me...

If you're connecting devices that are less than 2 meters apart, then why bother with wi-fi? Use an ethernet cable, it's faster.

If you're connecting devices that are less than 2 meters apart, then why bother with wi-fi? Use an ethernet cable, it's faster.

partly it's easier to work with without trailing ethernet cables, particularly if you like working on a laptop from the sofa or bed....

Good way to turn the wireless off as then you'd have to bewith in 2 meters of the router. Can't do it with mine as the airial don't unscrew.

Can you help us out a bit baph? I'll talk to you a bit more on MSN about it. I do worry about stuff like this myself
Shoot, I'll be available most days in the office. Just not first thing on a monday, because this monday I'm moving to a funky new office :D and I have a meeting every monday morning :(

Am I right in thinking that the MAC address is broadcast in every packet ? so If someone hacks your WPA/WEP they can just sniff, get the MAC address and then spoof it ?
It's not quite broadcast in EVERY packet (it's not needed for most packets), but a default setup repeats the SSID pretty frequently. Most routers will broadcast an SSID on average every 3 seconds, if they're configured to broadcast (obviously).

If SSID broadcast is off, it's not foolproof, it just takes an attacker longer (if it's a determined hacker that knows what they're doing, you might as well have it enabled, but for most, it'd be good to stump them for a couple of minutes).

There's a problem with MAC spoofing. Firstly, you have to have the gear to do it, which means routing packets locally via software to re-write the packets, then pass them to the target AP, and vice-versa on return. But assuming you can do that, there's another problem.

Windows has a nasty habbit of telling you about IP conflicts (and it also reports conflicting MAC's, if it notices - most of the time it doesn't). The solution to this, is just to knock the clone victim offline, so they can't talk to the router. This then also stops the router knowing about anything fishy going on, and diverts attention away from the attack. An administrator would get told about a machine that couldn't connect to the internet, not about a conflicting IP (in business use at least).

Anyway, sorry for dragging the thread back up, but I felt those questions meritted a little answer at least :)

Cheers Baph :thumbsup:

I'm only using WEP/MAC address filter/no SSID broadcast at the moment.

I used to run WPA/TKIP but had a problem with my laptop and it had to undergo a rebuild. When it came back, it had some old wireless drivers that wouldn't do WPA so I just changed to WEP as I couldn't be bothered to download a better driver so I just reconfigured the router to WEP. :oops:

This little thread has reminded me to sort it out :)

This little thread has reminded me to sort it out :)
Another public service proven useful then :)

If one person listens & takes heed of what they actually hear, it has to be worth the few mins it takes to type :)

Is WPA2k(i think its called) with only allow certian MAC addresses to contact any good?

so am as safe as i could possibly be...

Netgear dg834g

non-std password (only 6 digit tho)
WPA-psk - 128 hexidecimal
mac filtering
non-broadcast of ssid

so am as safe as i could possibly be...

Netgear dg834g

non-std password (only 6 digit tho)
WPA-psk - 128 hexidecimal
mac filtering
non-broadcast of ssid

Assuming that you're running the 2.10.22 version firmware on that, then yes, pretty much. You could add the VPN option as commented by someone on this thread (I forget who that was).

Still only makes life difficult, but a difficult target is often dropped in favour of an easier one :)