Low Hanging Fruit

Posted on May 25, 2012
Filed Under Security | Leave a Comment

Have you ever picked an Apple or a Peach?  Did you climb the tree to find just that perfect one? Or more likely just grab one that was hanging low?

If you have a wireless network at home…ask yourself…am I the low hanging fruit?

Are you providing free Wi-Fi?

This is about protecting your network…and why you should.  Certainly you do not want some outsider reading your emails and files on your computer…or perusing your photographs.

Rest easy, I won’t be talking about that aspect. And frankly that has nothing to do with protecting your network access directly.

This is about someone using your wireless network to access the internet..and why you should care.

Here is a short example.  Pretend you live in an apartment complex and have a wireless network.  Your neighbor has for whatever reason elected to not have internet.  So when he turns on his laptop up pops your network as being available…and assuming that you have not attempted to secure it with a password he can readily connect and surf away. You might not even care…you wont even notice.

A couple of things you might care about… any computer on your network that accesses the internet “appears” to come from your Internet Protocol address (I.P.).  That is the address most websites and mail servers record when you visit a site or send an email.

Secondly.. most internet providers now use a tiered payment structure.  Basically that means that after you use the internet over a specific amount…they charge you extra.

So if your neighbor is only checking their email or normal day to day web surfing you will never know and it won’t really cause you any problems. Put that into the “harmless” category.

But if they watch a lot of Netflix, YouTube, Hulu or other video services…it could cause you to exceed your monthly bandwidth. You get some small amount tacked on your bill. For example AT&T caps DSL usage at 150 gb. If you exceed that they charge you $10 for every 50 gb.

You might notice that.

What if your neighbor is not so innocent.  What if he decides to share some illegal movies or songs via one of the common file sharing sites. What if he shares some child pornography?

The legal system kicks in….warrants are served..if needed…and the Internet provider identifies YOU because it came from your internet address.  This is not fiction, it has happened, and it will happen again.

After your computers are seized and hopefully no traces of said files are found…a bright person..”might” and I stress that word, determine that your wireless network is not secure and the possibility that you are not guilty.

Much simpler to secure it don’t you think?

There are three types of wireless networks in regards to security.

1. No security. – “Open”: The ultimate in low hanging fruit.

2. WEP (Short for Wired Equivalent Privacy): Better than “open” … barely.

3. WPA /WPA2 (Wi-Fi Protected Access): The best.

Using WEP/WPA2  will stop 99% of unauthorized people from using your network.

However you should ALWAYS use WPA/WPA2. Not just because its best..but to move you higher up in the tree.

You want to make it difficult to access your network.

When you are bored Google “Cracking WEP”. You will find quickly that programs are available, for free to crack your password on your network.  In best case..in less than 30 seconds. It won’t matter if you follow good password practices such as using letters,number,punctuation etc. The WEP method is defective. Some of these programs are listed below.
I have recorded a short video of cracking a test routers WEP key..see link below.

Sadly many older wireless routers may not support the newer WPA method. Worse some wireless routers use WEP by default. Newer routers tend to use WPA by default.

Remember use WPA. If you cant use WPA use the WEP method….but realize that wont stop a determined individual. It will stop most people.

The security of a WPA/WPA2 network provides you with far greater privacy. Only because it takes longer to “crack”.  It could take years to crack. However in some cases only  days and in some cases hours. That is primarily due to poor password choices.

How many of you have a wireless network named linksys, or netgear or 2wirexxx or motorola or belkin?

All brands or routers are affected. This doesn’t mean the router is bad, the security protocol is weak or defective.

Most routers come with a “default” name and the home user just puts in a passphrase. The WPA protocol uses that name and password and some significant number crunching to encrypt your network.  That means the name is part of the key.  And its simply amazing how many home DSL wireless networks simply use their phone number for the passphrase… LOW FRUIT.

You should never use the default SSID (Network name) and a phone number. Change your network name to something else, preferably a LONG name.

And in this case DO use a complex password. Not just numbers, and not your kids name.

This will indeed stop most people. Unless someone has a reason to target your network…its simply not worth the effort to crack especially if someone else has a easier to access network. Let them be the low fruit for the picking.

There is ONE serious exception to the WPA methods. Some routers have a feature called Wi-Fi Protected Setup WPS.  This is not really a security protocol but a semi secure method to allowing a connection.  Its a simpler way of configuring your computer to connect to a WPA network.  For example, your router may have a WPS button. Basically in simplified form… A pin code can be entered and the router then tells your computer what passphase to use. This PIN is much shorter than the passphrase, and is usually printed on the router itself.

What if I told you that there is software…freely available …to send all possible combinations of that code to your router…and at some point your router is simply going to tell me the passphrase?

And because of a fundamental flaw..in the WPS system…it really is two smaller sections of the PIN to crack.  That means it can guess rapidly the first half thus eliminating a huge section of possible codes to try. LOW HANGING FRUIT.

This completely bypasses the WPA2 cracking difficulty.

Router manufactures can’t fix this because the protocol is defective, however they have modified the routers so it may take longer to go thru the possible combinations….a day or two….instead of 5-10 hours…

In simple words. Always use WPA2 encryption and if your router supports the WPS simplified setup, find out where to disable that function.

If you can not disable it; Get another router. You really do not want to be the fruit thats picked.

Tools used to crack networks.

This list is not exhaustive and they are readily available via a google search.
Some are available via linux repositories.

Reaver  Easily crack the WPS pin and gets the passphrase.
Aircrack-ng: A suite of tools used among other things to capture data from Wi-Fi networks, Easily crack WEP encrypted networks.
Pyrit: A python text based GUI used to scan for networks, crack networks. It utilizes among other things the Aircrack suite and reaver (both of which are command line tools).
Backtrack: A complete penetration distribution, overkill for just cracking Wi-Fi, but includes the aircrack-ng suite of tools.

There are other tools using dictionaries, rainbow keys not listed here.

Click here to see a demonstration of cracking a WEP key using the Wifite tool. 2:16 in duration.
(Note that I am cracking a test router of my own.)

If that video does not convince you to never use or count on WEP to protect your network enjoy getting picked…

Print Friendly, PDF & Email
Share on Facebook


Leave a Reply

  • Older Stuff