Experiment: Neighbourhood Wireless Security

Everyone loves wireless, now-a-days we have wireless keyboards, mice, controllers, remotes, headsets, phones, networks and much much more. What people don’t usually realize is that a lot of these wireless devices can be hijacked or intercepted by malicious users who may have happen to drive or walk by your wireless devices and your device may be hijacked right then and there without you noticing that had happened.

The most common target for these wireless hijackings are wireless networks because they are everywhere and the attacker can access to a lot of information that may be useful for him or her. Some people may just do it for fun for the hell of it. Once an attacker gains access to a wireless network, he or she may do a lot of damage such as monitor the traffic flow of your computer’s network transactions. There are free and legal tools available that just do that. A very popular open source tool called Wireshark was created to listen to traffic on a network its host is connected to and is popular among malicious users and network experts alike. Other malicious uses may be just to drain you of your bandwidth. Since the late 2000s, a lot of Canadian Internet Service Providers (ISP) have been capping users on how much bandwidth they are allowed to use per month. When your bandwidth cap is drained, the user is charged extra for the overusage. There’s no limit to the damage an attacker may incur on your network and systems that reside on the network that has been compromised.

Wireless networks are very easy to sniff and it is actually completely legal since you’re not trespassing on people’s property. So out of curiosity, I set out to find out how many people would take the effort to create a secure wireless network. The methodology is that I turn on a piece of software, in this case I used KisMac, and have it take over my wireless radio to listen on all wireless routers broadcasting their networks. This technique is called wardriving and I achieved this by taking the bus and leaving my laptop on and have it listen in on the wireless network broadcasts in my neighbourhood. I collected a total of 311 networks in about a 5 km stretch of suburban neighbourhood north of Toronto.

Out of 311 networks that I scanned, I found out that:

  • 29 networks were left open for anyone to access
  • 127 networks used WEP encryption
  • 114 networks used WPA encryption
  • 41 networks used WPA2 encryption

Number of networks sorted by encryption method used.

This means there’s a whopping 9.3% of networks that are totally unprotected and is riped for pickings for a lot of hackers. Now, you might ask, well, how about the 90.7% who actually protected their networks. Doesn’t that mean that a lot of people have good wireless network security and this experiment is pretty much a futile exercise on your part? Nope. Not at all. Even though 90.7% of wireless networks I scanned were protected, 40.8% uses a very old encryption method called Wired Equivalent Privacy. While only the other 49.9% uses the newer encryption methods. Even so, only 13.2% uses the most secure encryption method.

Wired Equivalent Privacy (WEP) is a very old encryption method that was used when wireless networks started popping up during the late 1990s (before it became a popular household item). It was intended to provide the same confidentiality as wired connections. However, it was soon found out that WEP protected networks could be easily cracked and gain access to. This is why the networking industry has replaced WEP with a newer encryption method in 2003 called Wi-Fi Protected Access (WPA). Even with the introduction of WPA in 2003, it was soon superceded by WPA2 which is an upgrade to the WPA encryption method. All routers sold after 2006 must have WPA2 capability.

So now you might ask, why is there so many WEP networks still around? It is because of lack of education and just sheer laziness of people to set up their networks to use WPA2. There is however, a reason why there are networks that don’t run in WPA though. This is because there are a large array of devices that do not have proper WPA2 support since they were only mandatory in 2006. The majority of network owners don’t understand the risks behind WEP. They tend to think, “well, the network equipment manufacturer’s default choice of encryption is WEP, so it must be good right?” This is further from the truth. In fact, if there’s a willing attacker, he or she can crack WEP encryption within an hour or two. Worst case scenario is that they can be cracked in a few minutes. Running a WEP network is almost like running a network without any protection at all.

Even WPA is vulnerable to attacks, there are known ways to crack WPA passwords since the encryption of WPA was a workaround to solve the deficiencies of WEP. It tries to maintain as much backwards compatibility. Due to this compatibility, it makes it easier for attackers to crack the encryption. However, WPA is still much more secure than WEP since it is a lot more complex and takes a lot longer than WEP to crack. On the other hand, WPA2 uses a more advanced encryption method that is used industry wide in other applications called Advanced Encryption Standard (AES). So far, it’s impractical to crack an AES encrypted network. It’ll take months or even years to do so.

So if you’re like 50.1% of the networks surveyed who either have no protection or very weak protection, it is highly recommended that you should switch the encryption method on your home networking equipment. If all possible, switch your network to WPA2. It might solve your “why is my bandwidth usage so high all of a sudden?” or “where’s all my files?” conundrum. A secured network is a happy network. It makes everyone happy. By now, people shouldn’t even run opened or weak networks because it’s just ill-advised and a lot of equipment already have the safety features to safe guard people’s data and yet people don’t take advantage of them. 9.3% unprotected is very high and I was surprised. So next time if you stumble upon an open or WEP protected network and you know the owner of said network, you should tell them to secure their network properly before something bad happens to their systems!

One thought on “Experiment: Neighbourhood Wireless Security

  1. Larke12

    This is a great article! I will use this for my research paper. I hope it counts towards a reference, some great data was found by your search.


Leave a Reply

Your email address will not be published. Required fields are marked *