The all-pervasive Internet has not only changed the way business is done all over the world, it has dramatically changed the lives of people as well. Today, everyone needs the Internet. It has become indispensable in our daily life.
With laptops fast replacing the ubiquitous desktops, people prefer wireless connectivity untethered by cables.
With a plethora of broadband services available in the country, WiFi is a preferred technology for high-speed accessibility to the Internet. The connections are readily available on laptops, cellphones and other mobile computing devices. Today, one can come across Wi-Fi ‘hot spots’ in hotels, educational campuses, multiplexes, malls and even hospitals. But the lure of staying connected anywhere and everywhere makes people ignore its security aspects.
The truth is, WiFi networks are vulnerable and frequently exploited by cyber criminals. In fact, WiFi networks are a preferred target for hackers and terrorists alike. Security experts are highly concerned about the ability of hackers and terrorists to easily penetrate an organization’s network or an individual’s computer to view or modify e-mail, web pages or other documents.
Hacking has become common and is no longer the realm of experts. Anybody with a simple knowledge of computers can do it, mainly because of the do-it-yourself kits available on the Internet. We frequently hear how hackers steal personal information from individuals as well as organizations. Last year’s Mumbai blast was announced to the media via an e-mail sent by hacking a Wi-Fi network of a common citizen.
To raise awareness of the dangers of unsecured Wi-Fi networks, infySEC, a Chennai-based company specialising in providing cyber security services, recently conducted a “wardrive” — searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer or PDA.
The results were alarming. The wardrive found that a whopping 67% of Chennai’s WiFi networks are unsecured, 15% are partly
secured and only 18% are fully secured. At the core of most Wi-Fi networks is an access point or router. At the time of configuring the router, the manufacturers allow users to enter their network address and account
information using a set of web tools. These Web tools are protected with a username and password to enable the users to use their accounts. However, the default “logins” are simple in most cases and very well known to hackers on the Internet.
Astonishingly, it is not individuals but also companies that do little to protect their networks. For example, the wardrive found that the access points of some leading MNCs along Chennai’s IT corridor were open to inbound connections and highly susceptible to cyber attacks. These points can be used to gain
access to vital confidential information.
“Since, WiFi is a comparatively new technology for the end users…the baseline security measures are normally overlooked,” says Vinod Senthil, an information security consultant who was a member of the team that conducted the wardrive. “As a result many access points are set with ‘open’ connection mode with no encryption or left with default login credentials. From a security standpoint, we strongly recommend coming up with a ‘wireless compliance’, a new base line security standard for wireless,” he added.
InfySEC has used Google Maps to mark out the areas and identify unsecured networks that have a large number of vulnerable access points, making it easier for the Cyber Crime Cell Police to follow-up with the respective Internet Service Providers (ISPs).
“We will send letters to the ISPs explaining the dangers of unsecured networks and request them to take appropriate actions to strengthen their network and protect their valuable data,” says R Veeraperumal, Assistant Commissioner of Police, Cyber Crime Cell, Chennai. “We ideally hope to return to surveyed areas within a month to see if they’ve fixed the problem.”
In general, for any system to be secure, policies and processes have to be rigidly
applied. With the widespread use of Internet through WiFi, security experts envisage more threats from hackers. Going by the age-old wisdom, “prevention is better than cure,” it’s always better to safeguard your data and prevent attacks from unknown corners in the first place, than having to experience the stress of unwanted litigation and lost data.
“Unlike a wired medium, which has a defined single physical path that can be safeguarded it is difficult to physically restrict the wireless medium. Moreover the wireless protocol stack is not so mature and has a few vulnerabilities,” says Senthil. He further urges users to remain inquisitive all the time and switch off their WiFi network card when not in use. In a situation where even leading corporates fail to protect their networks, little can be said about the individual home users.
“It is the duty of the ISPs to generate the awareness about the potential threats to the customers and duly educate them on the security aspects of the WiFi networks”, says Veeraperumal.
Securing evidence in a cyber crime has been a big headache for police. Since most of the servers are situated abroad, it becomes difficult for the police to trace the original source and get archived details.
In this time and age, it is important to win the cyber space and many of us can make a simple start by securing our networks.
Neophyte basics
Many users may not be able to make their WiFi networks fully secure as it involves some technical assistance. However, there are some basic things that a neophyte can do to keep hackers at bay. Here are some recommended by infySec:
* Change default administrator passwords/usernames
* Use a strong password; Frequently change your password; Turn off the network during extended periods of non-use; Switch off your WiFi card when not in use;
* Install firewalls; Monitor your network for intruders
* Visit www.infysec.com to download free tools to protect your computers and data.
— mds@pristinecorp.com
