SAN JOSE, Calif. — To my untrained eyes, it was a bright and clear Silicon Valley day as we sat in the parking lot of a north San Jose high-tech company. But Amit Sinha, Motorola engineer and Wi-Fi detective, knew we were surrounded by invisible danger.
Sinha opened his laptop and launched a Wi-Fi detection program to demonstrate his point. Using equipment any 10-year-old could wrangle, Sinha generated a list of more than 250 Wi-Fi access points and associated devices inside the company’s building.
Well over half of the access points either had no encryption or an outdated version that the most basic of hackers could crack within minutes. From the comfort of our car, we could see the type of devices people were using inside — iPhones, laptops, printers — and the names of the networks they were connecting to.
With just a couple of clicks, Sinha could have been surfing around the company’s network and probing many of these devices. A less benevolent person could easily grab passwords, copy sensitive documents or plant viruses.
It only took about an hour with Sinha, a chief technologist for Motorola Enterprise Mobility Solutions, and his wireless detective kit to leave me horrified. Motorola has a financial interest here, of course; it is in the business of selling mobile security solutions. But Sinha and Motorola are not alone in pointing out the lack of public awareness about the gaping hole in wireless security.
Patrick Martin, a senior product manager in Symantec’s security response group, said he didn’t have data on the numbers or percentages of wireless access points that are vulnerable to hackers. But, he added: “Certainly it’s quite common. I’ve seen cases myself where my laptop can see wireless networks in the houses adjacent to me and there’s always at least one that’s insecure. “… Unfortunately, there are a lot of folks who just don’t understand that these vulnerabilities exist.”
I am, admittedly, like many of those folks when it comes to issues of security. Which is to say, I’m careless. I couldn’t even tell Sinha offhand what — if any — type of encryption I used on my Wi-Fi router at home.
Still, it’s astonishing to see that when it comes to wireless security, even a savvy high-tech region like Silicon Valley essentially has its pants down. And if you don’t think hackers everywhere know this, think again.
Whether it’s at work, at home or at the local coffee shop, these hackers know that for some reason, people don’t think twice about logging onto whatever Wi-Fi signal they can find and sharing all sorts of sensitive information. Both individuals and companies are careless with wireless security in ways they would never be with wired connections to networks.
“The problem for consumers is that wireless is promiscuous connectivity,” Sinha said.
And as our appetite for Wi-Fi grows, and new wireless devices flood the market, there seems to be little thought given to security.
“These threats are only very real if the users fail to configure their wireless access point securely,” said William Hau, a vice president at security firm McAfee. “A significant proportion of the vulnerabilities in the public arena can be attributed to insecure installations by the end users.”
Stay safe
For everyone
Don’t use the security setting known as Wired Equivalent Privacy, or WEP. Instead, be sure to use Wi-Fi Protected Access, or WPA2, the latest and greatest protocol.
Don’t just leave security settings on default. When installing Wi-Fi access points, check the settings and place them on the highest level.
For consumers
Don’t perform sensitive activities, such as banking or purchasing with a credit card, at public Wi-Fi hot spots.
If a box appears asking you to accept a security certificate while using Wi-Fi, don’t accept it. If hackers are trying to hijack your Wi-Fi connection, they need you to accept one of these to do so.
Make sure you have good firewall software on your laptop.
For businesses
Install wireless sensors around your building that scan your internal Wi-Fi access points and probe for intruders. All it takes is one employee plugging in a rogue Wi-Fi router and your network can be compromised.
If you have a lot of company laptops in the field, have strong security policies for using them. For instance, require employees to initiate a virtual private network connection with your office network before they start surfing.
Talk to us
> Give us your news tips.
> Send us a letter to the editor.
> More Herald contact information.
