[LINK] Google 'wardriving' sparks wireless security alert

[thoughtmaybe.com]

Google 'wardriving' sparks wireless security alert
http://www.abc.net.au/news/stories/2010/07/17/2956539.htm

Internet users with home wireless networks have been urged to ensure their connections are secure as investigations into Google's data collection continue to make news.

The Australian Privacy Commissioner issued a report last week ruling Google broke the law by capturing data from insecure wireless networks and an Australian Federal Police probe is still underway.

Nic Suzor, a law lecturer at the Queensland University of Technology, says the law that covers accessing wireless connections is not always clear cut.

Dr Suzor says it is always against the law to intercept communications, but questions remain over the legality of downloading data on an open wireless connection.

He says Australian laws do not cover using a neighbour's wireless network to connect to the internet without their permission.

"On one hand, you are doing something which does cost them a certain amount of money. If you're downloading a lot of material they may have to pay extra for your access," he said.

"But lots of people are willing to share their access too. Often in apartment buildings, people aren't concerned about letting people in range access their internet."

Dr Suzor warned there can be risks to having a completely open wireless network.

"Anything that people do over your internet connection looks like it's coming from your house," he said.

"If they do something illegal that raises the attention of the Australia Federal Police, [state] police or even copyright owners - for example if people are connecting to your unsecured network and downloading music and movies - that becomes attached to your IP address, and that's traceable through your internet service provider to your account."


'Wardriving'
The discovery that Google was intercepting wireless data made headlines around the world. But curious "wardrivers" say home networks have long been vulnerable.

The term wardriving was coined by American security expert Peter Shipley about 10 years ago, and refers to the practice of driving around looking for wireless networks.

Mr Shipley was the first to do this with dedicated software and a GPS. He released the information he discovered about San Francisco's wireless networks on his website, saying he wanted people to realise security was an issue.

For other wardrivers, the increasing popularity of home wireless networks was an opportunity to get online access without paying for it.

Not long after the wardriving trend swept the world, British information architect Matt Jones developed a code known as "warchalking", which asked wardrivers to draw symbols in chalk on walls or footpaths to indicate that networks were nearby.

Mr Jones "envisioned the marks as a modern version of the hobo sign language used by low-tech kings of the road to alert each other to shelter, food and potential trouble", according to technology magazine Wired.

Even as warchalking was covered widely in the media, few wireless enthusiasts took up the practice.

Commentators say wardriving too has declined in popularity in recent years, as wireless zones designed for public use became more widespread.

Brisbane software engineer Adam Swift says he went on a "wardrive" several years ago with a friend, "for the hell of it".

"He just happened to have a laptop, we said 'hey we're bored, let's go around and have a look at what's available,'" he said.

"I think ostensibly what people say is that they are doing it for interest's sake, just to say, 'look what's available here, this person's got this piece of hardware.'

"But that's just the surface of it... I suspect there are members of the [wardriving] community who actually go into each of those networks and see what is available."


Security
Mr Swift says users are mistaken if they believe their internet is secure because they have the most basic level of encryption set up.

He says between 20 and 30 per cent of wireless networks are not secured at all, and many others have security that is easily sidestepped.

"WEP can be cracked in a minute," he said.

"Anyone who knows the smallest amount about it knows there are tools you can download off the internet and guides.

"You don't have to know anything about encryption at all [to break WEP encryption]."

He says basic encryption can appear as a challenge, depending on the motivations of each wardriver.

"People get a kick out of being where they're not supposed to be and how far they go with that depends entirely on what class of hacker they fall into," he said.

"If you're a so-called 'white hat' you probably claim you're doing it for the benefit of the community, or you're doing it just for interest's sake and you would never dare touch anything that would get you in trouble.

"Or you're a black hat and you're doing it for malicious purposes, trying to steal people's bank account details, trying to destroy their computers and such."

Dr Suzor says when it comes to accessing wireless connections without permission, it is not as simple as saying it is always good or always bad.

"If you're not keen to have people using your access, you should definitely secure it," he said.

"The biggest problem that people are unaware of is that out of the box most wireless networks are not secure at all. They're broadcasting every communication over the network in plain text to anyone who wants to listen.

"The easiest way to fix this to go onto your wireless router and change your security settings to encrypt all of that data using what's known as WPA or WPA2, which is a relatively secure encryption mechanism to secure your network."

He says encrypting network traffic accomplishes two things: it prevents people from downloading data that counts against that user's quota, as well as stopping them from eavesdropping on the user's activity.

"In Australia most of us live on data-cap plans, so we're fairly careful about how much quota we use when we're downloading on the internet," he said.

"More important is the potential for interception. If your wireless connection is not encrypted, then all of your communications online are passing through in a format that can be picked up by anyone else: the websites you visit, the phone calls you make online, and everything else you do online can be read by anyone in the range of your network."