Being an approved, yet anonymous, hacker is a new experience. The mission is to reveal the ease with which it is possible to access the wireless networks which companies set up. With a reporter in tow we tackled the high-rent areas of Sydney's lower north shore.
Thursday: I've been given a laptop and a GPS and asked to set them up for "war-driving". I've been lazy (as usual) and left it to the last moment to prepare. The equipment manufacturers don't want to be named, so let's say it's a high-end laptop with a built-in wireless LAN card. There's only one battery so we're going to have problems with charging it up. A car-kit would have been handy. I have a play around and find that the laptop has a LAN diagnostic utility that will scan for access points, which means the manufacturer actually provides the hacking tools. Within minutes I'm ready to go. I plug in the GPS to get the latitude and longitude coordinates displayed as well. It takes a while to get working, it's a problem with the laptop drivers, but after a bit of playing around it's working.
Friday: It's a pleasant morning for "war-driving" - actually I'm planning for some "war-walking" so I can enjoy the sunshine. I want to keep this legal, so we will only be scanning for wireless access points, but not actually intercepting traffic, breaking the encryption keys or accessing the LAN itself. The point is to demonstrate that (a) it's easy to find wireless access points and (b) although it's easy to protect them with encryption, a lot of organisations don't.
I pack the laptop and GPS in a fairly ordinary looking laptop bag and at 8.35am we're off for a walk around the block. Over coffee, we check the laptop - we've already got two access points, neither is encrypted. We're right next door to a major IT company and it's probably one of its access points. We finish our coffee and from 9.00 to 9.10 we find another three. The battery dies so it's back to the office to chargeup.
At 11.05am we start out again - this time we're driving around. Within two minutes we pick up our first access-point. We drive from St Leonards into North Sydney. In less than an hour, and a 5km radius, we have scanned 43 access points and only seven were encrypted.
The access points belong to large and small companies and a good many are IT companies.
Are wireless LANs a security problem?
The point of the exercise isn't to pretend that wireless LANs are a problem. There are several ways to secure them, including using the built-in encryption (WEP) or running a virtual private network (such as IPSec). These are basic security measures, but too often ignored.
Wireless LANs are amplifying an age-old security problem - not configuring an IT system appropriately. While this also applies for the wired Internet, wireless LANs allow a malicious hacker to monitor a LAN from anywhere close by.
Another problem is that wireless LANs are so easy to buy and install that anyone can do it - even the accountants, HR and marketing guys - and they do, often without the knowledge of the IT department, who otherwise maintain a secure system with firewalls stopping Internet access. Once the wireless access point is connected, these protective measures can be bypassed.
What can administrators do?
Any wireless access point needs to be installed securely. System administrators should be regularly checking for any wireless access points installed without permission. As we've shown - it's too easy for you and them.