Tuesday, December 28, 2004
Wild, Wild Wireless
By Andy Murray
Staff Writer
To tap into a homeowner's computer,
Harold Belbin simply maneuvers his vehicle into
the driveway and stops. That's when a $10
wireless antenna from Radio Shack and free
software Belbin downloaded off the Internet
begins searching for unprotected wireless
networks in the area.
In a matter of seconds, Belbin has found a
nearby network with the default name from the
manufacturer still etched into the system,
indicating optional security features have yet
to be switched on. Belbin doesn't log onto the
network, which would be illegal, but he could
and from there likely would have access to the
network's entire database of photos, credit
card numbers and medical information.
"If you're not afraid, you should be," said
Belbin, cofounder of the Visiting Geeks
consulting business in Merrimac.
Wireless networks -- the cord-cutting
technology that removes unsightly wires from
homes and frees up laptop users to go wherever
they want while remaining able to go online --
has left a wide open door into formerly secure
wired networks, Belbin said.
Belbin demonstrated how vulnerable most
networks are on a recent afternoon by driving
through Andover and counting how many networks
were locked and how many networks were open to
outside users. The technique, called
"war-driving," allows individuals to hack into
unprotected computers and peek at stored
information. On a 6-mile circuit between
Shawsheen Plaza and Merrimack College, Belbin
found 118 wireless networks, 60 percent of them
unprotected.
The owners, including residential dwellers
and businesspeople, are leaving private
records, correspondence, even pictures and home
movies vulnerable to high-tech criminals and
snoops, Belbin said. They also are relying on
the goodness of others not to use their network
as a staging point, either to surf the Internet
or do something more disruptive such as
download protected music files or launch a
destructive Internet virus.
"It's like driving around and finding 70
percent of cars unlocked with the key in the
ignition," said Belbin, who said state and
local law enforcement agencies often aren't
knowledgeable to investigate computer crimes
and federal agencies are often too strapped to
investigate all but the most serious
pornography or terrorism charges.
"For now, it's the Wild West out there. If
you don't protect yourself, no one else is
going to," Belbin said.
Belbin isn't the only one worried. The
research firm Gartner said in June it expected
wireless networks to be a major source of
security breaches by 2006, when 85 percent of
laptops and 60 percent of handheld devices are
expected to be wireless-enabled. Belbin, who
monitors wireless security bulletins and works
for owners who hire him to beef up their
security, says he has seen wireless network
attacks skyrocket over the past 12 months as
more and more homes and businesses have moved
to wireless systems.
"I would say it's 1,000 times worse than it
was a year ago," Belbin said.
Wireless networks are vulnerable because
they transmit data via radio waves that can be
picked up from as far as 500 feet if systems
are left unprotected. Because most users prefer
the ease and convenience of wireless systems,
many users choose or simply forget to switch on
wireless security features, Belbin said. The
oversight leaves a wide-open gate through most
networks' security fence, or firewall, Belbin
said.
Financial and health-related businesses tend
to have the most secure wireless networks,
Belbin said. Home-run businesses and residences
tend to have the worst. Gartner estimates fewer
than 10 percent of all businesses have wireless
security policies.
Broker/Manager Anne Webster of ERA Home &
Family Real Estate in Andover knows better than
some the need to protect customers' private
information. Two months ago, Webster's firm
installed wireless networking systems at the
company's offices in Andover, Groton and
Tewksbury. While Webster said the company was
"explicit" that it wanted the highest security
available to protect data such as customers'
addresses and telephone numbers, she noted some
employees have been able to log onto the
network from the office parking lot.
Webster says the system is still password
protected and not vulnerable, but she sees a
problem emerging if not all businesses pay to
have their wireless systems secured and
protected.
"It's definitely going to be a concern
because once you log onto the network, you can
get access to all the files," Webster said.
Even a private residence can have
information that is potentially embarrassing or
damaging were it to be stolen. Belbin said
pictures and credit card information are two of
the first targets for any criminal who has
invaded a wireless network.
Wireless users can protect themselves and
their businesses by installing wireless
security software that comes with their system
or can be purchased separately. Besides
authentication that prevents unregistered
computers from signing onto a wireless network,
encryption software also scrambles data
transmissions to outside viewers.
That may be enough for small businesses and
private residences. For larger business with
more important information, consultants also
can recommend commercial-grade security systems
with more robust features. Visiting Geeks also
recommends its own wireless "audit," which
assesses the strengths and weaknesses of a
residence or business' wireless network. The
audit, which costs $99 not including parts or
software, plugs security holes and configures
wireless networks so computers aren't slowing
each other down, Belbin said.
|