Sumo Consulting^2.0

Last Thursday, CNN.com ran a story on a security threat to wireless users called an Evil Twin. Essentially, all an attacker does is give her AP an identical SSID as the legitimate AP, drop it within proximity of wireless users, and wait for people to connect.

The end user has no idea that they are connecting to the wrong AP, and the attacker is able to conduct any number of attacks on the user including a man in the middle attack or simple packet capture.

Being seduced by an Evil Twin can be deterred by using WEP or WPA security, though there is still no guarantee that you are secure. WEP's been pretty well compromised and it's well accepted that WPA's days are also numbered.

Ultimately, the solution doesn't lie on the network layer, but on the data layer. If you really want to secure yourself, use something like ReefEdge's Dolphin. This software's an all in one wireless router/firewall with VPN capabilities. Place Dolphin on a machine between your wireless router and the rest of your network and it will regulate and secure access. From their site:

The Dolphin software transforms dedicated x86 hardware into a secure wireless gateway. Dolphin is ideal for a home environment or for IT professionals interested in exploring wireless network security. Dolphin supports secure authentication, IPSec security, and session roaming across subnets. Users authenticate with the wireless LAN using SSL and Dolphin enforces security policies based on type of user. Dolphin even supports encrypted access for trusted users via IPSec.

Cool stuff huh? With Dolphin, you can forget about WEP or WPA. The pipe to your network is regulated by a free enterprise strength security appliance that you can assemble yourself! Very cool stuff!

Note: As of this posting, the techzone.reefedge.com domain doesn't seem to be responding. Oh well, try try again.

• Comments (0)

Last night I attended a meeting of the Socal Free Net (formerly the San Diego Wireless Users Group) and heard about some very interesting and exciting projects they are doing in the communities of San Diego. They've been installing free wifi hotspots in (primarily low income) communities around San Diego.

Someone donates the equipment and the bandwidth and the folks of Socal Free Net provide the labor to setup the hotspots. When they get an opportunity to put up a hotspot - these guys get on rooftops, mount antennas, form rooftop-to-rooftop links between nodes, and stretch the signal to as much of the community as they can. It's really great stuff, free and open internet for anyone within range. It's a worthwhile project and I may join them at their next install this weekend.

These projects are very ambitious and promise to offer free internet to alot of people who may not otherwise be able to afford it. However, all this talk of free and open internet has me thinking - are these projects doomed to repeat the same mistakes that plagued the early internet?

In the early days of what is now the internet, everyone on the network was trusted to a certain extent. In the beginning, protocols were open, alot of stuff was sent in cleartext, and there were few failsafes preventing malicious activity such as Denial of Service attacks. As more users came onto the internet, worms started appearing, DoS attacks started taking advantage of weaknesses in underlying protocols, and the internet because a nastier place. Things have changes since those early days, and today the internet is a far different place.

So what does this have to do with the Socal Free Net projects? The spirit of these projects is to allow free and open access to everyone in the community. No-one is restricted. If you can physically get within range of the network, you can use the network. Also, due to the inherent difficulties in teaching an entire community how to enable WEP/WPA security, it's not enabled on these access points. Cleartext is visible in the air, and it's up to the individual user of the network to take whatever measured they see fit to secure themselves.

I see many similarities between these wifi hotspots and the mistakes (if you want to call them that) made in the early days of the internet. Eventually someone's going to figure out that they can sniff their neighbor's network traffic. Eventually someone's going to figure out that hardly anyone encrypts their POP account password when they check their email. And eventually someone is going to realize that a person's POP login is often the same as the one they use for online banking, forums, and the recipe of the week club website.

So, you say, what's the difference between this and any other wired network today? Alot of wired community networks have this same problem! Here's the difference: You don't have to live in the community to participate on this network. If you want to listen to traffic on a wired network, you generally have to either physically plug into it or compromise a box on the local subnet or at a router. With these networks, all you have to do is drive over within range of the network.

So let's skip forward a few years. June 2008 (why not?). There are now open networks in communities all over town. All over lots of towns. Some software programmer somewhere has just released net wireless application, and she built it to take advantage of the abundance of open wifi hotspots found in her local city. The software runs on a wifi enabled laptop or Pocket PC and constantly looks for open networks. When it finds them it starts gathering packets sent across the network. The software picks out POP passwords and logs them to a file, it picks out HTTP form posts and logs them to a file, it might even pick out data patterns, whole email messages or HTTP request/replies and logs them to a file.

Thousands of script kiddies get ahold of this software. People with bad intentions get ahold of this software. They load it up on their Pocket PC and just drop it into their pocket/purse/backpack, going about their day like they normally would. At the end of the day/week/month they take a look at their bounty. Files and files chuck full of personal data, full of passwords, full of account information.

Maybe this already exists.

Sure, if you're reading this blog you probably already have your own access point with VPN over AES encrypted WPA and work/live inside a Faraday cage. but what about these community networks? For that matter what about your neighbor 2 houses over who thought their access point was "plug and play"?

Are we headed down the same road all over again? It's easy to say the responsibility of security resides with the end user, but with these community networks, can we really expect the average end user to know how to configure themselves to communicate over wifi securely? Is it even offered to them?

I'm not really sure what the answers to these problems are, but those are my thoughts of the day about wifi, and it's about time I posted *something* to my blog.

• Comments (4)