This is an interesting write-up* on the vulnerabilities of residential
wi-fi.

Dr D.C.Misra

September 19, 2007

________________________________________________________________________

*Code red! Hackers now hit the road for mischief



Network Leakages At Residences Offer WarDrivers Easy Hotspots



Shelley Singh NEW DELHI




EVER done WarDriving? This isn't about driving into a war zone.
Rather, it's circling the city with a WiFi laptop sniffing out
wireless networks to gain illicit internet access. You may have got a
WiFi access point at home, but someone else could be happily surfing or
making free calls on your internet connection.



And chances are that a WarDriver hacking a bank may get away with it,
leaving the WiFi owner the suspect. Thousands of clueless people,
including those in tony apartments with wireless internet, have leaky
networks—allowing anyone on the road easy access to the Web.



Driving around in Bangalore, Hyderabad, Mumbai, Delhi and other cities
with a WiFi laptop will throw up many `hotspots', though
officially there may be none. That's thanks to the many unsecured
residential WiFi access points, which send signals beyond the apartment
walls. These in effect allow pranksters and hackers to piggyback on
others' wireless internet network.



Twenty-six-year-old Delhi IT professional Sumit Grover often goes
WarDriving when off from work. He routinely comes across home networks
that anyone can use. "The actual users don't even know that
someone else is on their network, surfing the Net for free,'' says
Mr Grover. Downloading heavy files may impact the unsecured person's
speed of internet access, but a routine email check won't slow the
home network. And the intrusion could go unnoticed with most
`victims' suffering no loss, unless a hacker is on the job.



Incidentally, WarDriving was named after the term wardialing from the
1983 film WarGames, which involved searching for computer systems with
software that dialled numbers randomly to see which ones were connected
to a computer or fax machine.

Some expert speak

HERE'S some expert speak to help check those villains riding on your
WiFi. "WiFi has multiple levels of encryption (digital
passwords)—from no encryption to 64-bit to 128-bit encryption. For
secure internet access, users need to make use of the security features.
Home networks can be broken into by hackers, as users may not be that
aware or concerned about an infringement," says Bangalore-based
Tejas Networks' marketing head Siva Ramamoorthy.



There are no official figures available but experts reckon that about
10-15% of India's 2.5-million-odd broadband users have wireless
networks at home. And this market is growing at 20-25% a year.



Many of these unsecured networks (where encryption is poor or
non-existent) can be misused with owners caught unawares. A home WiFi
access hub with built-in security features are available for Rs 3,000 to
Rs 6,000 with vendors like Linksys, D-Link, NetGear among the leading
players. Some unbranded access hubs are available at cheaper
rates—for about Rs 1,000—but these often don't lack security
features.



Says Cisco India's national business development manager for
wireless Paramjit Puri, "I believe that one out of every 10
broadband homes in India have WiFi. Home networks may not be as secure
as enterprise networks, leading to spillage. Also, home users may not
have the resources to put ghost checks or random checks to detect any
misuse."



Agrees Tulip IT Services director Deepinder Bedi: "Laptops come with
built-in WiFi.

Access points are easy to get. Most people at home use basic security
which can be broken into, compromising documents and leading to identity
thefts. The problem is often not with the equipment, which manufacturers
claim, has improved over the last 12-18 months, but with the lack of
awareness about securing the home wireless network. A more trusty method
would be to use data cards and USB modems, suggests Tata Teleservices
COO (Delhi-NCR region) Debashis Sur. "A lock code ensures 100%
privacy while providing a wider access,'' says Mr Sur.



For those opting for WiFi, better encryption and random checks could
help keep hackers and freeloaders at bay. Occasionally engaging friendly
WarDrivers to check for wireless leakages may also be a good idea.



(Source: The Econmic Times, New Delhi, September 19, 2007, Wednesday, pp
1&23,
http://epaper.timesofindia.com/daily/skins/ET/navigator.asp?login=drdcmi\
sra, accessed: September 19, 2007)





[Non-text portions of this message have been removed]