Wireless Security – Choosing the best Wi-Fi Password

Running through some tests for an upcoming wireless security book and it really brings home the importance of choosing a good password for your Wi-Fi network.

Currently, the best security setting for your home or office Wi-Fi is WPA2. WPA2 Enterprise is the best if your organization supports it, but WPA2 Personal is great for home and small offices. Do not use WEP. It has been cracked a long time ago, and an attacker does not even have to crack it, the WEP key can be passed just like NTLM passwords.

The most common technique used for WPA/WPA2 hacking is a dictionary attack. The attacker captures a WPA password handshake and passes this through a program that will try numerous passwords from a word list. Here is the key, if the password is not in the word list, they hacker does not get into your system.

Using a lengthy complex password goes a long way in keeping your WPA2 network secure. A combination of upper/lower case letters, numbers and special characters is the best bet. Some prefer using a short sentence that means something to them, while replacing some of the letters with numbers and adding in a few extra characters.

For example: M0untainD3wI$G00d4u!

The nice thing about passwords like this is that it actually means something to you, so it will be much easier to remember.

I just ran one common word list attack against my WPA2 password. It tried over 1 million word combinations from the list with no dice. My network is still secure!

The more un-dictionary looking your password is, the better!

Google Street View WiFi Data Dump to be Settled out of Court

Connecticut and Google agree to settle out of court over WiFi data collected during Google’s Street View data collection. According to The Register:

In December, then Connecticut Attorney General Richard Blumenthal hit Google with a Civil Investigative Demand – the equivalent of a subpoena – insisting that the company turn over the Wi-Fi payload its Street View cars collected from insecure Wi-Fi networks in the state. And Google refused to do so. Today, new Connecticut Attorney General George Jepsen and Consumer Protection Commissioner Jerry Farrell announced that the state had reached an agreement with Google to settle the matter out of court.

When Google captured photo data for their “Street View” project, the collection cars also collected unsecured Wi-Fi data, including e-mail and confidential data:

Google stipulates, for purposes of settlement discussions, that the payload data collected contained URLs of requested Web pages, partial or complete e-mail communications or other information, including confidential and private information the network user was transmitting over the unsecured network while Google’s Street View car was within range.”

Wireless SSID (network names) and MAC addresses were also collected.  It really makes you wonder why Google did this. From earlier reports, they inadvertently used a program that collected this information. But according to The Register, Google posted a blog entry stating they collected Wi-Fi data all across the globe. This really doesn’t sound like an accident.

Because it was done while they were creating “Street View” for Google Maps, you could assume they now have the physical location of numerous Wi-Fi routers. One would have to ask why Google would want Wi-Fi router physical location data…  

Half of Home Routers Vulnerable to DNS Exploit

The Black Hat Security conference is going on now in Vegas. Scanning through the list of presentations, this one really stood out, “How to Hack Millions of Routers“. According to the description, “This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router’s internal-facing administrative interface.”

The DNS binding attack has been known for a while, but it looks like Craig has found a new spin on the attack. According to a Forbes article, an attacker places a malicious script on a web page. When the page is visited, it switches the webpage IP address visited with the IP address of your router. It then gives the script access to view the router contents, and to log in to it.

Which routers are susceptible to this attack? Oh, a few, and you probably recognize their names, “Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense.”

Also at the conference, Craig is going to release the tool that automates the attack, “A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim’s router in real-time, just as if the attacker were sitting on the victim’s LAN.”

That’s awful nice of him isn’t it?

All right, so what do we do? An article on Notebook.com recommends changing your router password to a very complex password, upgrade your routers firmware to the latest version, and to avoid questionable sites. I would also add that you should check for firmware updates frequently. As router companies scramble to patch this, yours may not be updated against the threat yet.

Wardrive shows Wireless Networks still Wide Open

A wardrive was performed at a recent computer security class in Texas. The results… stunning.

Wardriving usually consists of driving around in a vehicle searching for Wi-Fi Wireless networks using Aircrack-NG, Netstumbler, Kismet or another similar program. Information can be gleaned from available Wi-Fi networks including what type of security that they are using. It is the modern version of wardialing which was very popular in the 80’s and early 90’s where hackers would call blocks of numbers looking for a computer.

According to the graph, 13% of the Wi-Fi networks had no security at all.  And a whopping 45% were using WEP, which has been cracked a long time ago. Only 18% were using WPA2. So in effect, 58% of the detected networks would have been easy pickings for a hacker. They might as well have hung a big “Welcome!” sign on their network.

San Francisco did not fare much better:

 Here, 47% had either no security or easily defeated security. WPA is not 100% safe either, your safest route is the current WPA2.

I was actually shocked at the high percentage of unsecure Wi-Fi systems. With the dangers of Wi-Fi so well-known, it just doesn’t make sense. In fact for a product to even qualify for the Wi-Fi label, it must have WPA2 security. And that has been the standard since 2006!

You would think at this stage of the game, manufacturers would have taken the choice out of consumers hands and make the default security WPA2 out of the box.

Please check your Wi-Fi security settings to be sure that they are not set to “WEP” or worse yet, “None”. Also, if you have a wireless box that only supports WEP, it needs to be replaced with a newer, more secure version. When hackers scan your network from across the street, you want them to find a “No Admittance” sign!

(Photos courtesy of Sam Bowne. Sam has done amazing work in advancing the legitimacy of Ethical Hacking in mainstream academia. Check out his website at http://samsclass.info/)