'Evil twin' could pose Wi-Fi threat

TalkBack 4 of 10:

Next »

« Previous

• Thread View
• Flat View

The broadband vendors explain nothing about security to their customers.

At least not where I live.

One of my clients asked me to look at his computers at home because he just got broadband (with a wireless access point) installed by the cable company.

When I got to his house, I fired up my laptop in his driveway and connected to his access point. I called him on my cell phone and told him to come outside so I could show him something. By the time he got outside, I had gotten admin access to his access point and had locked it by MAC address to my laptop only. He couldn't believe that I was using the internet connection that he was paying for! He really couldn't believe it when I told him that he could no longer access it from his computers, but I could sit there using it all day long in his driveway! He went inside and tried using one of his computers, of course he couldn't get online.

He was mad, but at the right people. The cable company. They installed the entire setup, using an out-of-the-box configuration on the access point. Anyone in range could connect. I call this the 'Starbuck's Setup'.

WEP (Worthless Encryption Protocol) was enabled, but the problem here was not packet sniffing. It was unauthorized access. Another problem was the access point password. 'password' was my first attempt, and gave me the telnet prompt from the access point. I was in! Free to change any setting I wanted to, including the password.

He watched me spend all of two minutes locking his access point to his two computers (and not mine anymore) by MAC address, and asked why the 'tech' from the cable company didn't do that. I couldn't answer that.

After I finished doing the other work I was called for, he asked me to quote running network cables in his house. He could see the real solution.

I took him for a drive through his neighborhood, with APHunter and AirFart running on my Linux laptop. I told him each line in the screen was a separate access point that we could access. He was shocked that there was never less than five systems on the screen, and sometimes as many as ten! Just for fun, I drove into town, to his bank, which had four access points running, all allowing network access! I think I scared him.

The wonders of plug-and-play!

Posted by: Hugh Jass   Posted on: 01/22/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
• Open Standards Technologies Provide the Ingredients for Delivering Security Across the Papa Gino's Enterprise Dell Papa Gino's Holdings Corporation founded by the entrepreneur operates one ... Download Now
• Building the Virtualized Enterprise with VMware Infrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now