Security Folks Shift Old Hotspot Story To Muni-WiFi

from the gotta-keep-the-fear-up dept

A few years ago, when retailers started putting in WiFi hotspots to attract new users, it became a pretty common story to see security people overhype the threat of using those hotspots. It’s true that there are some security issues in using a WiFi hotspot, but there are ways to protect yourself from most of those risks without much effort. Of course, now that the hotspot story has pretty much disappeared, it appears that the security folks are trying to re-position those same stories as talking about the “risks” of muni-WiFi. Again, the risks are somewhat overstated. There are risks — but with a little preparation they’re unlikely to be a big deal. At least this article includes some comments from those who believe the threat is overblown, suggesting that the stories are being spread by telcos who are against muni-WiFi.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security Folks Shift Old Hotspot Story To Muni-WiFi”

Subscribe: RSS Leave a comment
19 Comments
Matt says:

Lovely….a “security experts don’t know what they’re talking about” story clearly written by someone who doesn’t understand security.

On the other hand, I don’t think there are any more problems with “muni” wifi than if a similar service was run by a telco (unless the municipality hires a bunch of idiots for implementation).

As always, the weakest link in security is always the people (end users in this case).

Mike (profile) says:

Re: Re:

Lovely….a “security experts don’t know what they’re talking about” story clearly written by someone who doesn’t understand security.

Ah, so you believe the risks in the article are not being overstated by the so called “experts”? And the risks concerning using a hotspot a couple years ago weren’t overblown either?

As I said, there are weaknesses, but the risk level is much lower than these security folks imply. This is a FUD piece, pure and simple.

Matt says:

I can’t comment on the “a couple years ago” bit, because the first techdirt article links to a page that isn’t there anymore.

If the muni networks are setup without encryption (WEP doesn’t count, because it is trivial to crack), then there certainly is risk. Without encryption, it is trivial to sniff any traffic on the network. (http://www.kismetwireless.net)

Just as an example, suppose someone checks their POP3 email account. More than likely, they aren’t using secure POP3, so we can see the user name and password for their account. Now, we can log in and read all their email at our leisure. But that’s just the beginning of what we can do. After a while of reading their email, there’s probably a good chance we can figure out what bank they use (either from reading their email, or watching what websites they go to). Now we can send them a targeted phishing attack (spear phishing). Or maybe we send them an email with a custom built trojan/keystroke logger. Or, let’s be simple. What are the chances that their POP3 password is the same as their Ebay/Paypal/Amazon password? Or maybe the administrator password on their laptop? Or maybe the password for their VPN connection to work (if the company is stupid enough to use just passwords for authentication).

What if I setup a fake Muni wifi hotspot? Now I can do a Man in the Middle attack and just get your banking login/password directly. Sure the user might get a message saying the certificate is invalid, but users are generally trained to just click through these messages.

Will I be able to get your information? Maybe not. But I can guarantee that without encryption, I can get someones.

As the Redherring article indicates, if implemented properly, it wouldn’t be much of an issue. But you need to educate users about the risk, and you need to encrypt ALL of the traffic.

Lay Person says:

Big Deal Matt

Matt:

The security risk IS OVERSTATED as the article suggests.

Even your responses are way overdone.

You even said yourself, if it’s encrypted–end of story. Encryption is not some cryptic, arcane methodology. Many devices have simple one-button security features, including assignment of 128 bit encryption WEP keys–as weak as WEP may be, I challenge anyone to break a 128 bit encrytption.

Lay Person says:

Re: Re: #14 Big Deal Matt

Not quite.

From your own article source, you failed to read one small caveat. It’s easy to talk about cracking but another thing to do it.

“The simplest brute force attack involves trying every possible binary key, a process that is completely impractical for 128 bit keys but may be worth trying for 64 bit keys if you have a few supercomputers lying around. WepLab and dwepcrack provide the ability; you provide the CPU cycles.”

In fact I run 128 bit encryted WEP just to prove it’s not that bad. I have my points yet to be breached. Please explain to me how you are going to crank out the required processing power with a laptop? Yeah maybe in a van that has satellite linkage to a supercomputer, but even then my access points generate random keys after each authentication, how is any scenario (with todays cracksoftware/processors) like this possible?

I myself tried to crack it, it can crack it but it took three days and even then it only cracked one of dozens of variable, random keys.

Please explain your position. It’s simply not practical, once one key is cracked, the access point is no longer using that key. The only way to really crack it is to do it quickly and nothing out there is that quick.

Matt says:

128 bit WEP cracked in minutes

http://www.tomsnetworking.com/2005/03/31/the_feds_can_own_your_wlan_too/

Note that the Feds were simply using 2 laptops and freely available tools.

Cracking WEP is trivial at this point. A full brute force attack is not required.

While using WPA/WPA2 would solve the problem, implementing encryption on a wide scale (think millions of end users in NYC) is definitely non-trivial.

Lay Person says:

Hmmm...

Well depending on the key strength, the carcking algorithm will shift methodology, if it can’t use the dictionary approach it has to use brute force…that just takes time.

By the time the key is cracked, it’s no longer a valid key. Due to the fault of key usage, WEP has been problematic because people created their own keys that contained stringed ascii sequences like “ilikecars1″…this is way easier to carck than say “x1H2kKe39h”. Again, that is not even inluding the fact that the key changes everytime a client connects.

Believe me, I have supported countless wireless networks. I have used different standards of encryption. They are all good if used properly. A room is as secure as the people that lock the door.

Wireless security is not as open as everyone claims.

Lay Person says:

Agree with you but again...

I agree with the article but again there is one small caveat to this approach. To successfully complete a defragmentation attack, at some point the access point must be connected to the internet.

Mine are isolated and not available across a public network.

As soon as my firwall picks up an unknown address it gets blacklisted as an attack.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...