Sep 25
Thursday
Getting a Grip on Reality: Wide Open 802.11 Networks Around Us
As mentioned, in the majority of cases an attacker does not have to do anything to get what he or she desires. The safe door is open and the commodities are here to be taken. The Defcon 2002 wardriving contest showed that only 29.8 percent of 580 access points located by the contesters had WEP enabled. As much as 19.3 percent had default ESSID principles, and (not surprisingly) 18.6 percent of learned access points did not use WEP and had default ESSIDs. If you reckon that something has changed in view of the fact that then, you are mistaken. If here were any changes, these were the changes for the worse, because the Defcon 2003 wardrive demonstrated that only approximately 27 percent of networks in Las Vegas are protected by WEP. Because one of the teams employed a lateral approach and went to wardrive in Los Angeles instead, this number also includes some data for that city.
The Defcon wardrive observations were independently confirmed by one of the authors wardriving and walking around Las Vegas on his own.
Are things any better on the other side of the Atlantic? Not really. We speculated that only around 30 percent of access points in the United Kingdom would have WEP enabled. To make lawful this for research purpose, one of the authors embarked for a London Sightseeing Tour in the well-known open-top red double-decker bus armed with a “debianized” laptop running Kismet, Cisco Aironet LMC350 card, and 12 dBi omnidirectional antenna. During the two-hour tour (exactly the time that laptop’s batteries lasted), 364 wireless networks were learned, of which 118 had WEP enabled; 76 had default or company name and address ESSIDs. Even worse, some of the networks learned had visible public IP addresses of wireless hosts that were pingable from the Internet side. If you are a wireless network administrator in central London and are reading this now, please take note. Of course, in the administer of collecting this information, no traffic was logged to avoid any legal complications. The experiment was “pure” wardriving (or very “warbusing”) at its best. Not surprisingly, warwalking in central London with a Sharp Zaurus SL-5500 PDA, D-Link DCF-650W CF 802.11b card (wonderful large antenna, never mind the blocked stylus slot), and Kismet demonstrated the same data. A similar level of 802.11 WLAN insecurity was exposed in Bristol, Birmingham, Plymouth, Canterbury, Swansea, and Cardiff.
