Tuesday, September 16, 2008

Secure your Wifi Network Security

Wifi Networks Unsecured - Act now or regret later!

I have blogged heaps of time such as
"Zlob" trojan OR DNSChanger - Same thing, DNSChanger Hack, Wireless Security, Welcome To Untrusted Computing, Wireless Security Settings and many other posts on Wireless Security but people don’t seem to seriously care about Wi-Fi security impact yet. Inspite of often repeated posts, warnings and security news people are still not thinking about it. What they fail to understand is that by doing so, they can become unwitting accessory to cyber crime.

Instead of scouring for anonymous proxies to stay faceless on the internet, cyber criminals are increasingly targeting unsecured Wi-FI networks to get the job done. A combination of war driving tools such as NetStumbler along with a listing of default router usernames and passwords is all it takes to freely connect to unsecured Wi-FI networks. Especially since most Wi-Fi routers use default security settings that come pre-installed by the vendor rather than it having being configured by the end user.

SOHO routers log every connection and DHCP lease but these logs are flushed once the router is rebooted. If an attacker has access to the administrative console of the router (thanks to the default password), once their nefarious actives have been carried out, a simple restart of the router will erase all tracks.

The extent to which an unsecured Wi-Fi connection can be abused is purely left to imagination of the attacker. Putting on my Dr.Evil hat, here are couple of wicked acts a Wi-Fi hacker could commit and get away undetected using an unsecured network.
  • Download child pornography
  • Download copyrighted movies and music via P2P
  • Download Warez and abuse your bandwidth
  • Send bomb hoaxes, terror or threatening emails.
  • Send spam (sexual aids, pharmacy or money laundering scams)

Any of the above acts could lead to law enforcement authorities knocking on your door. This is not mere speculation and many unsuspecting people have fallen victim. To quote a high profile example, in the recent serial bomb blasts in India, terror emails that took responsibility for the blasts were sent from unsecured Wi-Fi connections. And it was the unfortunate owners of the unsecured Wi-Fi connection that were subjected to police questioning and house arrest.

In addition to using an unsecured Wi-Fi network for malicious purposes, an attacker can also use it to steal personal information for identity theft. For example:

  • Infiltrate and break into internal machines
  • Modify DNS settings on the router to point to a rouge server.
  • Sniff Wi-Fi traffic for usernames and passwords

The above discussed scenarios are neither speculation nor an exhaustive listing of different ways for abusing unsecured Wi-Fi networks. These scenarios are being enacted by criminals everyday around the world.

Now why would want to be an unwitting host to criminal activities emanating from your IP address or make yourself vulnerable to identity theft? Be a responsible Netizen and please secure your Wi-Fi connection now!

No comments: