BBC NEWS Americas Africa Europe Middle East South Asia Asia Pacific Arabic Spanish Russian Chinese Welsh

 You are in: Sci/Tech
Front Page 
UK Politics 
Talking Point 
In Depth 

Commonwealth Games 2002

BBC Sport

BBC Weather

Tuesday, 6 November, 2001, 13:15 GMT
Wireless networks wide open
Laptop and GPS unit, BBC
This equipment found eight open networks in minutes
Ivan Noble

Wireless computer networks are often wide open to intruders.

The security features of popular wireless network adapters are switched off by default, and many installers do not bother to turn them on or configure them sensibly.

Driving around the City of London, two security consultants found eight unprotected networks in a quarter of an hour.

The equipment they used - a laptop, an off-the-shelf network card and a piece of software downloadable from the internet - could be acquired for around 1,000.

Open doors

Building on such knowledge to penetrate computer networks would require some technical knowledge and would in most circumstances be illegal, but it would not be very difficult.

Many networks leave Wep protection switched off
Poor Wep setups are easy to crack
Even well set up, Wep will yield to the patient intruder
Tools which scan for weaknesses are on the internet and often free
But many companies do not use them
Wireless network systems are generally sold with all their security features turned off because this makes them easier to set up.

The idea is that the network installer gets the network up and running, then switches on a scrambling feature which is intended to afford as much security as that enjoyed by a conventional wired network.

And if the installers bother to switch on the security measures, many will use easily guessed passwords and system IDs, or do not change such settings from their defaults.

But all this may be pointless anyway because the security technology at the heart of some of these networks is flawed.

A cracker monitoring even a well-configured network for long enough would be able to break in and masquerade as an insider.

There is one way of making a wireless network much more secure than this, but it is rarely used.

Convenient option

Wireless networks are popular because they connect computers together without the need for running cables and drilling holes in walls. But they can be a headache for people responsible for computer security, sometimes bypassing expensive and carefully maintained firewalls.

Most wireless interface cards on the market employ a system known as Wired Equivalent Privacy (Wep) to provide the user, in theory, with the same level of privacy they would have on a standard, cabled network.

But even if Wep is properly configured, it simply lengthens the period of time an intruder would need to gain access.

A quirk in the way Wep manages the initial stages of conversation over a network leaves it vulnerable to the kind of intruder that has enough time to hang around and listen in on hours or days of network traffic.

Software downloadable from the internet without charge listens in works out the key protecting the network. Once the intruder has the key, the e-mails and documents stored on computers on the network are extremely vulnerable.

Public service?

Basic scanning tools will provide an idea of how many machines are on the compromised network and whether they hold much data. At the moment, few tools are straightforward to install and use.

Often they do not run on Microsoft Windows systems, nor do they come with the kind of installers that make commercial software easier to use.

And many require a fair degree of familiarity with the internals of Unix-based systems - not something the average user has.

The creators of these tools make them available via the internet. They say that having such tools publicly available makes people aware of the problems of wireless networking and helps find a solution.

Some people criticise them, saying that they put into the public arena powerful tools which can be used for good or bad.

Groups of individuals have also published lists of vulnerable networks.

Legal position

Listening to the airwaves to see who has an unsecured wireless network in the area is a passive activity, as is listening in to enough network traffic to gain the key to a secured network.

Provided no-one goes a stage further and tries to use that knowledge to log on to systems without authorisation, it is not clear that such activities fall foul of the law.

Those in the know say network administrators should use scanning tools to identify the weaknesses in their own systems. Then they should use a commonly available system called IPsec to scramble everything that passes across the airwaves.

IPsec is much harder to crack than Wep, so even with the key to a network, the intruder would still be faced with a stream of apparent gibberish which was seriously difficult to decode.

See also:

17 Oct 01 | Sci/Tech
Hackers take to the air
04 Oct 01 | Sci/Tech
Wireless net strides mountains
17 Jan 01 | Sci/Tech
Driving data to new highs
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more Sci/Tech stories are at the foot of the page.

E-mail this story to a friend

Links to more Sci/Tech stories