The War Driver Returns

I am back on the prowl. Stealthily I slide through the night, searching for unprotected wireless networks. I find one!

And then I find hundreds more. Who cares? War driving is so 2004. Wireless security has matured and moved on. When's the last time you heard of a wireless hack? If it happens, it sure doesn't get any publicity anymore.

But the news is chock-full of stolen laptops and other data breaches — take a look at our Data Security Breaches page.

Why sit out in a parking lot for hours "sniffing" wireless traffic when you can just walk in and grab the finance guy's laptop? Or surf your county's Web site for all kinds of personal data?

Also, increased awareness about the much-stronger WPA2 encryption spec and other precautions have cut down on all the fun — er, I mean, made us all safer.

For sure, there are plenty of targets out there. Two years ago, I went war driving on my route to work and found more than 100 wireless networks. This year, I found more than 400.

Back then, about 70% weren't encrypted; this year it was around 55%. So even though a higher percentage of networks are encrypted, there are now many more total unencrypted networks.

Is there really a wireless security problem?

So, why the lack of hacks? Is wireless security still a problem?

"I think the problem is relatively small and dropping," said Gartner Inc. analyst John Pescatore. He said a big part of the problem a couple of years ago was that companies weren't supporting wireless networking but users were doing it anyway, setting up rogue access points with no central security management or strategy.

Now, Pescatore said, companies are supporting wireless and following security precautions. For example, he said businesses are more aware that they need something "stronger than password authentication," so he is seeing more companies rely upon secondary authentication.

Fellow Gartner analyst Ken Dulaney agrees. "This has become less of an issue," he said, for two primary reasons. First, "WPA2 has given us very good security, and the devices themselves are better protected than in past years."

He said there are now multiple levels of security implemented and extending to the desktop itself — such as PC firewalls — instead of a reliance on perimeter security only. "People are beginning to realize that protecting the environment is not working," he said.

Farpoint Group analyst and Computerworld columnist Craig Mathias said in an e-mail response that the wireless security threat should be divided into curious, casual hackers and professional data thieves. As for the casual hacker, he said, "I think the war-driving days are over; there's no real sport left in that, and simple WPA or WPA2 security are quite effective here."

Mathias said the bigger threat is the professional data thieves, and they don't typically attack wirelessly. "Rather, they use physical theft, social engineering and exploiting known weaknesses to get what they want. The best way to counter this is to stop thinking about wireless security and start thinking about network security. This means end-to-end VPN-based encryption, encrypting sensitive data anywhere it is stored, and using strong two-factor authentication on every sensitive resource."

Any wireless hacks out there?

So, aren't there any big wireless hacks out there? "I don’t know of any \[recent\] significant wireless breaches," said consultant Jack Gold, of J. Gold Associates, via e-mail. He said most companies have gotten pretty good at security.

"Not only have they turned on the security on the AP, but they also generally run some sort of firewall and isolate each location from the rest of the network," he said. "So any 'wireless hackers' would generally have to break through the wireless security, \[and\] then also have to break through the firewalls to get beyond the local network. Not impossible, but this is a hard thing to do, and do you really want to be sitting in a car outside a shopping center trying to hack in for a long period of time? Probably not."

Dulaney also didn't know of any such wireless breaches.

Pescatore didn't know of any documented cases, but he has his suspicions. "I have to believe that in some cases there have been targeted wireless sniffing attacks or man-in-the-middle attacks," he said. He suspects this because he knows of breaches where the thief left no electronic trail, like there usually is in a wired intrusion.

He said the attackers could have been unusually proficient and covered their tracks, but the victim companies kept good network and firewall logs that contained no evidence at all. "That's when you realize, somebody sniffing wirelessly doesn't leave a trail," he said.

The computer trade press certainly believes a big wireless security threat still exists. The "Top 10 Tips for Wireless Security" story is a staple, regurgitated again and again in different forms, much like the "How to Lose 10 Pounds in a Week" or "Is He The Right One?" articles in other magazines.

In fact, Computerworld just trotted out another one last week. I e-mailed the columnist to ask if it was really a big problem and if he knew of any examples of wireless data theft. He seemed shocked at my ignorance. He said my query could almost be material for another column (look for one soon; these people aren't paid chicken feed!).

"Attackers love ignorance, and this is a great case of it," he said. "I am not insulting you. I am just saying that it is these misperceptions that give people a false sense of security and hackers a ... dream."

I thanked him for his reply and asked him to help me overcome my ignorance by answering my original questions as to how exactly a wireless hacker would go about stealing data from even an unsecured network at a private home or company and if he knew of any specific instances of such theft, beyond hearsay reports.

He didn't provide any specific techniques but said anyone with basic computer and networking knowledge could do it. He said he knew of wireless breaches but couldn't talk about them.

I asked several other people and no one knew exactly how to access even an unprotected wireless network and steal stuff. Even the Web wasn't much help — just a lot of vague references.

As near as I can tell, you would have to practically beg somebody to steal from you: don't encrypt, don't change default SSID, don't change default password, turn on sharing for your PC and turn off the firewall, make sure your bank account number and password are readily available, etc.

I guess there are people doing all that, but I wonder what they have to steal and who's putting much effort into finding them.

If even one default is changed, it appears you would have to resort to sniffers or frame generators or traffic injectors or something equally labor- and time-intensive.

So maybe there are master hackers out there with arcane methods of compromising wireless networks and installing bots, spyware, Trojans and what-have-you, and they cover their tracks and no one knows about them.

Yeah, right.

Please drop me a line if you know of any wireless breaches. Or if you know exactly how one would steal data from a home or company with a wireless network -- what tools you would use and how you would use them. Or if you have any thoughts on the subject at all. I would love to hear from you. Use the "Send Us Feedback" link below or send e-mail to david_ramel@computerworld.com.

See the complete Faces of Mobile IT special report.

Copyright © 2006 IDG Communications, Inc.

  
Shop Tech Products at Amazon