It looks like all those documentaries regarding the increasing popularity and insecured wireless networks will now be rendered out-of-date. Ah, the thrill and speeding advance of technology...
There has been plenty of programmes advicing people to upgrade from the "flawed" WEP security to WPA but even WPA can now be hacked just as quickly in about a minute. Apparently Japanese researchers have now found a way to break the WPA protected networks just as quick as WEP using a similar kind of attack by targetting small encrypted ARP packets. The fully detailed 12 page academic journal paper can be found in PDF if you're interested.
Not only that, Russian software vendor ElcomSoft claim they can also crack WPA2 in the same amount of time by making use of today's modern powerful graphic cards from Nvidia and ATi to brute force the key (i.e. try all passwords possible).
However, this seem to only apply to the TKIP flavour of WPA encryptions. The advice is to switch over to the AES version of the key to make it harder to crack if you networking hardware supports it.
So why should you care about someone getting access to your wireless internet connection? Well they can...
- Get free internet access.
- Steal information from your computers.
- Engage in criminal activity and point suspicion at you.
I'm not an expert in network security but after doing some reading I've found that all these articles about the insecurities of wireless networks fail to highlight how the hacking process isn't as easy as it looks on the likes of Youtube where kids are showing off.
Firstly, for someone to break into the network, they must be within good range so they must either be sitting outside a house in a vehicle or, live inside a block of apartments.
Secondly, not only do you need a simple piece of software, you must also have the right kind of hardware to be able to start the data packet injection attacks and you must be patient for someone within the network to start connecting.
Even then, if someone manages to break into your wireless network and all they did was rely on a piece of software written by hackers, the most they can do is probably view what sites you're looking at and eavesdrop on your messenger conversations. They probably won't know how to break accounts that makes use of another secure connection such as SSL used on some email account sites and all shopping sites.
Furthermore, if the target computers have security software installed (which they should), they will still have to get pass that barrier before they can steal any files. In fact, if you have any important files they should be encrypted in the first place anyway.
So to summarise, to break into a wireless network...
- The attacker must have the proper software and hardware.
- The attacker must be within range to have a good signal.
- The attacker must be patient to wait for the network to be in use.
After that, for any of the real hacking feats to be achieved.
- The attacker must break through any security software installed on target computers.
- The attacker must know how to break other secure connections such as SSL.
And what are the chances of "script kiddies" (i.e. people who can only use tools written by hackers) doing everything in the second list? Pretty low.
In the worst scenario they'll...
- Get free internet access.
- See what websites you're browsing.
- Eavesdrop on your messaging conversations.
It may look very easy to break into wireless networks but in reality, it's not quite that way and there are still many barriers hackers must face even after breaking into your wireless network. However as usual, nothing stops a determined person and it's up to the user to take the necessary pre-cautions.