Some time ago when installing a home wireless network I made the mistake of leaving it unsecured. Trying to get three computers to talk to the network with impatient children snapping at my heels the entire time was, at the time, something of a challenge and I was too lazy to research the subject. Then I received a ‘heavy user’ warning from my ISP.
I knew it wasn’t my own home network that was burning up the bandwidth so it had to be someone nearby tapping in and helping themselves. My mistake, I shouldn’t have left an open network.
Biting the bullet, I researched (read a page) on how to secure a network and implemented the WEP (Wireless Equivalent Protection) security protocol – a 26 Hexadecimal (Hex) character (0-9 and A-F) encyption method.
Encryption – is it difficult?
Encryption sounds much more complicated than it actually is – much like getting two Bluetooth enabled mobile phones to pair up and share information, a key known only to the two devices is entered into both the computer(s) and the wireless (WiFi) modem – if they match, bingo, you can access the Internet.
WEP wasn’t safe but who would bother me?
Since I was already ‘on the case’ I dug into the whole Wireless encryption subject and was frankly shocked at what I discovered – WEP just wasn’t safe. Still, I was just some anonymous person – who would go to the trouble of trying to crack my WEP key, right?
It didn’t take long for me to find out! Just two days after encrypting my wireless network using WEP I received a strange phone call. The anonymous person on the other end asked me if my ISP was Tiscali. I replied in the affirmative thinking it was my ISP calling and waited on a response. None was forthcoming but in the background I could hear someone furiously tapping on a keyboard. It took me only a few seconds to realise what was happening, at which point I hung up and immediately got to work upgrading the WEP encryption to WPA (Wi-Fi Protected Access).
So what was going on that caused me to slam down the telephone and immediately switch my Wi Fi encryption to the more secure WPA?
The purpose of the phone call and the furious tapping on the keyboard I could hear in the background was what’s called a packet flood and capture. Remember I said I’d dug into Wireless security a bit deeper than simply finding out about WEP? Well, I came across an interesting story about how the FBI could crack a WEP key – any WEP key – in under three minutes using freely available software (current advances can crack a WEP key in 20 seconds).
The steps are straightforward enough if you have a packet sniffer – computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams travel back and forth over the network, the sniffer captures each packet and eventually decodes and analyzes its content. Used in conjunction with other software your WEP key gets spat out allows free and full access to your internet connection and quite possibly all of the data on your computer.
BT (British Telecom), one of the UK’s largest broadband providers, ships out what it calls the “BT Home Hub” and unbelievably, it cannot support WPA, only WEP. Kudos to BT.com for trying to introduce mandatory security to their broadband modems but shame on them for restricting it to WEP only.