Last week a friend of mine asked me to assess his AP’s security. I was shocked to find out his AP was just wide opened! The reason is a little embarrassing for him: the AP’s software (a NetGear) has a form that asks and stores a password for wireless security, and a group of radio buttons with the default choice: no security. A user interface trap for my 65 years old friend.
So I’ve decided to assess the neighborhood where I’ve been taking my summer holidays - being careful not to access any illegal information. Here are the results:
Uau! I’ve 38 APs near me?!? This is madness, people don’t live here, these are weekend and holiday condoms!!! But wait, there’s more: only 50% of these are reasonably covered, the rest are wide open (ok, mostly FON Free Internet, a cool business model, nevertheless a risk if someone commits a crime using your hotspot?) or poorly defended WEP. WEP?! I wouldn’t expect so many of these running out there.
If I could get a neighbor to authorize an assessment I’d choose to attack the poorly defended WEP. Here’s what I would do:
- Get a security distro already loaded with aircrack-ng – for instance, backtrack;
- Follow the Simple WEP Crack Tutorial; my attack on my own AP took no more than 30s – provided I’ve forced an ARP query… probably the major obstacle on aircrack, as I am told.
You can also get you luck with dictionary attacks on WPA, or the next gen of security attacks, but that’s not the point. The point is: geeks like me – and you people that are reading this article – , although not safe from security attacks, are aware of these security risks and mitigations. The rest of non techies are calmly waiting to get their traffic and internet identity abused. But now that I’m thinking about it, they are sleeping like babies, I’m the one wake up at 01h30 in the morning worried about security… :)