WiFi Security Presentation

Next month, I’m speaking at a conference of trainers for the National Network to End Domestic Violence. One of my sessions will be about WiFi wireless security geared towards protecting someone’s privacy from potential abusers. I’ve included an outline below which I hope will educational to all but I’m also open to comments about what else I could include.

Frequently a Wireless(WiFi) Router comes as part of the package from Comcast, Time Warner or Verizon FIOS even If you don’t specifically request it. The Wireless router is your connection to the internet and needs to be secure.

· Default Password
The default password for your router is publically available and should be changed to something only you know. This year we’re discovering more malware trying to gain control of your router by trying default passwords. How to access the wireless router control panel should be in your documentation. Typically, it will be as easy as typing in an address like http://192.168.1.1/.

· WEP/WP2 Encryption
The data that goes over the air from your laptop to the router is accessible to anyone else with a software. This data can be jumbled up with encryption so it’s not easy to understand. Typically, this encryption will be called WEP or WP2 and is standard on most wireless routers and the card in your laptop. Your Wireless control panel will allow you to create a simple key that is required by any laptop using your wireless network.

· Extended Range of Wireless devices
Simple WiFi network typically has a range around 100 feet so you might think someone needs to be close to your computer to access your wireless data. New high powered antenna’s and even home grown hacks can be used to extend the range of a wifi network.

· Beware of Free WiFi Networks
It’s often tempting to use what looks like a free WiFi network. You might be in the airport, Starbucks or local book store which has free networking. Make sure you know the name of the network you’re connecting to. Someone with another laptop could configure their machine to appear as if it’s a free network when instead you’d be communicating through their computer while they capture your name and passwords.

I’m sure there’s more I can say so feel free to comment. I’ll also be speaking about Bluetooth security so I’ll be looking for tips on Bluetooth security as well.

Malware Attacking Your Router

WinPatrol was one of the first to detect malware based on “behavior” of program and continues to follow that model. One behavior we’ve seen a lot of lately is very scary.

Instead of installing malware that continues to run like a key logger or trojan, malicious programs are increasingly attacking the network router which is common with any internet connected home and/or office. An unwanted program can quickly make a change to your router settings that will immediately open all your computers to the world. The bad guys won’t have to install a key logger, they’ll be able to record every byte that goes across your network. It’s happening now to thousands of routers which are still using their default name and password.

Do you know if the password has been changed since your router was purchased?
Do you know how to access your router to change the password?

I’ve run across a number of users who follow all the recommendations to configure their networks for WEP or WPA2 encryption but they never bother to change their default name/password. They’ll even take the time to rename their default SSID but still don’t change the name/password from the factory setting.

It probably won’t surprise you that the factory passwords don’t change much and are widely available. The WinPatrol research group dissected some recent malware threats and could see the routers they were attacking.

• Linksys, uses the name and password, “admin”. Older units use a blank user name.
  
• Belkin, uses blank password for default access
  
• Netgear, user name is “admin” and the default password is “password”. Big improvement over their old default “1234”
  
• ActionTec, Some unit don't even require an admin login. New devices use "admin" and "password". (updated)

You get the idea. The program recently submitted to our research team had a list of 28 different routers complete with address, name and password clear for anyone to read with the proper tools.

As a security professional I’m reading more and more about vulnerabilities being found in wireless and non-wireless routers. There’s only so much we all can do but the first thing should be to change the default password.

If you don’t know how to access your router, just use your favorite search engine and type in your router name and “change default password”.