As I’ve written before, I run an open WiFi network. It’s stories like these that may make me rethink that.
The three stories all fall along the same theme: a Buffalo man, Sarasota man, and Syracuse man all found themselves being raided by the FBI or police after their wireless networks were allegedly used to download child pornography. “You’re a creep… just admit it,” one FBI agent was quoted saying to the accused party. In all three cases, the accused ended up getting off the hook after their files were examined and neighbors were found to be responsible for downloading child porn via unsecured WiFi networks.
EDITED TO ADD (4/29): The EFF is calling for an open wireless movement. I approve.
Posted on April 26, 2011 at 6:59 AM •
The London Underground is getting Wi-Fi. Of course there are security fears:
But Will Geddes, founder of ICP Group which specialises in reducing terror or technology-related threats, said the plan was problematic.
He said: “There are lots of implications in terms of terrorism and security.
“This will enable people to use their laptop on the Tube as if it was a cell phone.”
Mr Geddes said there had been numerous examples of bomb attacks detonated remotely by mobile phone in Afghanistan and Iraq.
He warned a wi-fi system would enable a terror cell to communicate underground.
And he said “Trojan” or eavesdropping software could be used to penetrate users’ laptops and garner information such as bank details.
Mr Geddes added: “Eavesdropping software can be found and downloaded within minutes.”
This is just silly. We could have a similar conversation regarding any piece of our infrastructure. Yes, the bad guys could use it, just as they use telephones and automobiles and all-night restaurants. If we didn’t deploy technologies because of this fear, we’d still be living in the Middle Ages.
Posted on April 13, 2011 at 1:14 PM •
Okay, now the terrorists have really affected me personally: they’re forcing us to turn off airplane Wi-Fi. No, it’s not that the Yemeni package bombs had a Wi-Fi triggering mechanism — they seem to have had a cell phone triggering mechanism, dubious at best — but we can imagine an Internet-based triggering mechanism. Put together a sloppy and unsuccessful package bomb with an imagined triggering mechanism, and you have a new and dangerous threat that — even though it was a threat ever since the first airplane got Wi-Fi capability — must be immediately dealt with right now.
Please, let’s not ever tell the TSA about timers. Or altimeters.
And, while we’re talking about the TSA, be sure to opt out of the full-body scanners and remember your sense of humor when a TSA officer slips white powder into your suitcase and then threatens you with arrest.
EDITED TO ADD (11/8): We’re banning toner cartridges over 16 ounces.
Additionally, toner and ink cartridges that are over 16 ounces will be banned from all U.S. passenger flights and planes heading to the United States, she said. That ban will also apply to some air cargo shipments.
Other new rules include:
- International mail packages sent to the U.S. must be screened individually and certified to have come from an established postal shipper;
- Cargo shippers, such as UPS, Federal Express, and DHL, have been encouraged to report cargo manifests to Homeland Security faster, prior to departure, to aid in identifying risky cargo based on current intelligence.
There’s some impressive magical thinking going on here.
Posted on November 8, 2010 at 10:21 AM •
It’s a service:
The mechanism used involves captured network traffic, which is uploaded to the WPA Cracker service and subjected to an intensive brute force cracking effort. As advertised on the site, what would be a five-day task on a dual-core PC is reduced to a job of about twenty minutes on average. For the more “premium” price of $35, you can get the job done in about half the time. Because it is a dictionary attack using a predefined 135-million-word list, there is no guarantee that you will crack the WPA key, but such an extensive dictionary attack should be sufficient for any but the most specialized penetration testing purposes.
It gets even better. If you try the standard 135-million-word dictionary and do not crack the WPA encryption on your target network, there is an extended dictionary that contains an additional 284 million words. In short, serious brute force wireless network encryption cracking has become a retail commodity.
In related news, there might be a man-in-the-middle attack possible against the WPA2 protocol. Man-in-the-middle attacks are potentially serious, but it depends on the details — and they’re not available yet.
EDITED TO ADD (8/8): Details about the MITM attack.
Posted on July 27, 2010 at 6:43 AM •
I wrote about this in 2004. This is an improved product:
While paints blocking lower frequencies have been available for some time, Mr Ohkoshi’s technology is the first to absorb frequencies transmitting at 100GHz (gigahertz). Signals carrying a larger amount of data — such as wireless internet — travel at a higher frequency than, for example, FM radio.
Posted on October 12, 2009 at 1:47 PM •
“WiFi networks and malware epidemiology,” by Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani.
In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24–48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold.
Honestly, I’m not sure I understood most of the article. And I don’t think that their model is all that great. But I like to see these sorts of methods applied to malware and infection rates.
EDITED TO ADD (3/13): Earlier — but free — version of the paper.
Posted on February 18, 2009 at 5:53 AM •
Elcomsoft is claiming that the WPA protocol is dead, just because they can speed up brute-force cracking by 100 times using a hardware accelerator. Why exactly is this news? Yes, weak passwords are weak — we already know that. And strong WPA passwords are still strong. This seems like yet another blatant attempt to grab some press attention with a half-baked cryptanalytic result.
Posted on October 14, 2008 at 6:25 AM •
Sidebar photo of Bruce Schneier by Joe MacInnis.