What is your Wi-Fi saying about you?

BGonaSTICK · 05-03-07, 11:09 AM

Simply booting up a Wi-Fi-enabled laptop can tell people sniffing wireless network traffic a lot about your computer and about you.

Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data. Much more information can be plucked out of the air if the computer is connected to an access point, in particular an access point without security.

"You're leaking all kinds of information that an attacker can use," David Maynor, chief technology officer at Errata Security, said on Thursday in a presentation at the Black Hat DC event. "If the government was taking this information from you, people would be up in arms. Yet you're leaking this voluntarily using your laptop at the airport."

There are many tools that let anyone listen in on wireless network traffic. These tools can capture information such as usernames and passwords for email accounts and instant-message tools as well as data entered into unsecured Web sites. At the annual Defcon hacker gathering, a 'wall of sheep' always lists captured login credentials.

Errata Security has developed another network sniffer that looks for traffic using 25 protocols, including those for the popular instant-message clients as well as DHCP, SMNP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more.

"You don't realise how much you're making public, so I wrote a tool that tells you," said Robert Graham, Errata Security's chief executive. The tool will soon be released publicly on the Black Hat Web site. Anyone with a wireless card will be able to run it, Graham said. Errata Security also plans to release the source code on its Web site.

The Errata Security sniffer, dubbed Ferret, packs more punch than other network sniffers already available, such as Ethereal and Kismet, because it looks at so many different protocols, Graham said. Some at Black Hat called it "a network sniffer on steroids".

Snoops can use the sniffer tools to see all kinds of data from wireless-equipped computers, regardless of the operating system.

For example, as a Windows computer starts up it, it will emit the list of wireless networks the PC has connected to in the past, unless the user manually removed those entries from the preferred networks list in Windows. "The list can be used to determine where the laptop has been used," Graham said.

Apple Mac OS X computers will share information such as the version of the operating system through the Bonjour feature, Graham said. Bonjour is designed to let users create networks of nearby computers and devices.

Additionally, computers shortly after startup typically broadcasts the previous Internet Protocol address and details on networked drives or devices such as printers that it tries to connect to, Graham said.

"These are all bits of otherwise friendly information," Graham said. But in the hands of the wrong person, they could help attack the computer owner or network. Furthermore, the information could be useful for intelligence organisations, he said.

And that's just the data snoops can sniff out of the air when a laptop is starting up. If the computer is then connected to a wireless network, particularly the unsecured type at hotels, airports and coffee shops, much more can be gleaned. Hackers have also cracked basic Wi-Fi security, so secured networks can't provide a security guarantee.

In general, experts advise against using wireless networks to connect to sensitive Web sites such as online banking. It is, however, risky to use any online service that requires a password. The Errata Security team sniffed one reporter's email username and password at Black Hat and displayed it during a presentation.

People who have the option of using a Virtual Private Network when connected to a wireless network should use it to establish a more secure connection, experts suggest. Also, on home routers WPA, or Wi-Fi Protected Access, offers improved security over the cracked WEP, or Wired Equivalent Privacy.

"The best solution is to be aware of the danger," Graham said. "Everyone doesn't need to work from a coffee shop."

Gav · 05-03-07, 03:46 PM

A friend of mine works for a security testing company, and they've just got their hands on the Immunity SILICA. Its a handheld device that penetrates wireless networks and runs exploits on any connected computer - downloading any data it finds. All at the click of a button. He came over my house and within 20 Minutes he had cracked the WEP encryption and download all of my documents. But, because hes nice he didn't write owned in big letters across my head.

Use WPA & buy a Mac.

Analoguesat · 05-03-07, 03:57 PM

Or live in the middle of nowhwere like I do - Ive had a wap running for over a year and its never had any encryption on it.

Anyone doing a data exploit on swmbo's laptop would get a whole host of family history guff and little else

BGonaSTICK · 05-03-07, 10:31 PM

Quote:

Originally Posted by Gav

...he didn't write owned in big letters across my head.

:roflmao:

Unknown user #1 · 06-03-07, 10:21 AM

There is an article (in Russian unfortunately) on how to break WEP and WPA protection. It took'em 3 seconds to get access to WEP-64 system, 7 second to WEP-128 and a couple of hours for WPA.

Analoguesat · 06-03-07, 11:42 AM

If a serious h*cker is after your data hes going to get it - these encryptions are to keep out the hobby guys and to stop the nerd next door from leeching your bandwidth downloading smutty movies - nothing more

Unknown user #1 · 06-03-07, 12:04 PM

Totally agree. There is a joke in Russian about the situation. I'll try to translate it but if it won't be any good, don't shoot me

Two cowboys are entering the bar.
One says: "See, this is The NeverBeaten Joe!"
The other asks: "So is he that good that no one can beat him?"
The first one answers: "Nah, simply no one ever bothered even to talk to him never mind the fight, that's all!"

So, the situation with WiFi is fairly similar. Private users' "protected" Wireless LAN can only survive for one simple reason - no one bothered to break it. Hackers spend their efforts on esier or 'fattier' (is that a word?) targets.

BGonaSTICK · 06-03-07, 01:08 PM

'Hackers' spend plenty of time driving around the residential districts picking up all manner of interesting and useful information from WiFi connections.

'They' are not all big-time master criminals out to score national secrets or millions of pounds. To many, it's just a hobby in itself.

Unknown user #1 · 06-03-07, 01:45 PM

Huh, where I live there 4 open networks and two WEP ones. Mine is the only one with WAP, unless some other guys are using hidden SSID (had no time to research that).
Judging by SSIDs (linksys, BT, netgear, etc) most people never configured their routers, so 'hacking' should be very easy.
Unless someone would really want to take a challenge, I am fairly safe

Dude111 · 25-03-12, 10:29 PM

I always unplug my modem (usually) when im not using it so if anyone is scanning,etc they are less likely to find it.....

One good thing about Wifi is THE SIGNAL DOESNT GO VERY FAR so anyone wanting to try to get on OR JUST SNIFF YOUR NETWORK might have to compromise themselves just to get a good enough signal to get anything off it..

05-03-07, 11:09 AM	#1 (permalink)
BGonaSTICK Dodgy Geezer Join Date: Nov 2005 Location: Brighton Posts: 9,718	What is your Wi-Fi saying about you? Simply booting up a Wi-Fi-enabled laptop can tell people sniffing wireless network traffic a lot about your computer and about you. Soon after a computer powers up, it starts looking for wireless networks and network services. Even if the wireless hardware is then shut-off, a snoop may already have caught interesting data. Much more information can be plucked out of the air if the computer is connected to an access point, in particular an access point without security. "You're leaking all kinds of information that an attacker can use," David Maynor, chief technology officer at Errata Security, said on Thursday in a presentation at the Black Hat DC event. "If the government was taking this information from you, people would be up in arms. Yet you're leaking this voluntarily using your laptop at the airport." There are many tools that let anyone listen in on wireless network traffic. These tools can capture information such as usernames and passwords for email accounts and instant-message tools as well as data entered into unsecured Web sites. At the annual Defcon hacker gathering, a 'wall of sheep' always lists captured login credentials. Errata Security has developed another network sniffer that looks for traffic using 25 protocols, including those for the popular instant-message clients as well as DHCP, SMNP, DNS and HTTP. This means the sniffer will capture requests for network addresses, network management tools, Web sites queries, Web traffic and more. "You don't realise how much you're making public, so I wrote a tool that tells you," said Robert Graham, Errata Security's chief executive. The tool will soon be released publicly on the Black Hat Web site. Anyone with a wireless card will be able to run it, Graham said. Errata Security also plans to release the source code on its Web site. The Errata Security sniffer, dubbed Ferret, packs more punch than other network sniffers already available, such as Ethereal and Kismet, because it looks at so many different protocols, Graham said. Some at Black Hat called it "a network sniffer on steroids". Snoops can use the sniffer tools to see all kinds of data from wireless-equipped computers, regardless of the operating system. For example, as a Windows computer starts up it, it will emit the list of wireless networks the PC has connected to in the past, unless the user manually removed those entries from the preferred networks list in Windows. "The list can be used to determine where the laptop has been used," Graham said. Apple Mac OS X computers will share information such as the version of the operating system through the Bonjour feature, Graham said. Bonjour is designed to let users create networks of nearby computers and devices. Additionally, computers shortly after startup typically broadcasts the previous Internet Protocol address and details on networked drives or devices such as printers that it tries to connect to, Graham said. "These are all bits of otherwise friendly information," Graham said. But in the hands of the wrong person, they could help attack the computer owner or network. Furthermore, the information could be useful for intelligence organisations, he said. And that's just the data snoops can sniff out of the air when a laptop is starting up. If the computer is then connected to a wireless network, particularly the unsecured type at hotels, airports and coffee shops, much more can be gleaned. Hackers have also cracked basic Wi-Fi security, so secured networks can't provide a security guarantee. In general, experts advise against using wireless networks to connect to sensitive Web sites such as online banking. It is, however, risky to use any online service that requires a password. The Errata Security team sniffed one reporter's email username and password at Black Hat and displayed it during a presentation. People who have the option of using a Virtual Private Network when connected to a wireless network should use it to establish a more secure connection, experts suggest. Also, on home routers WPA, or Wi-Fi Protected Access, offers improved security over the cracked WEP, or Wired Equivalent Privacy. "The best solution is to be aware of the danger," Graham said. "Everyone doesn't need to work from a coffee shop." __________________ Dreambox 7000, Skystar2 PCI, Skystar USB, Fibo 90cm on Moteck SG2100, Triax TD110 multi-LNB. Sky + ART cards. 45.0°E - 58.0°W

05-03-07, 03:46 PM	#2 (permalink)
Gav Senior Member Join Date: Feb 2007 Posts: 542	Re: What is your Wi-Fi saying about you? A friend of mine works for a security testing company, and they've just got their hands on the Immunity SILICA. Its a handheld device that penetrates wireless networks and runs exploits on any connected computer - downloading any data it finds. All at the click of a button. He came over my house and within 20 Minutes he had cracked the WEP encryption and download all of my documents. But, because hes nice he didn't write owned in big letters across my head. Use WPA & buy a Mac. __________________

05-03-07, 03:57 PM	#3 (permalink)
Analoguesat manic midlander retired mod Join Date: Jan 2006 Location: Scottish Borders Posts: 11,668	Re: What is your Wi-Fi saying about you? Or live in the middle of nowhwere like I do - Ive had a wap running for over a year and its never had any encryption on it. Anyone doing a data exploit on swmbo's laptop would get a whole host of family history guff and little else __________________ Basic forum rules for both satellite & cable: no keys no patches no offering or asking for card shares Anyone pm'ing me for details of card sharing or anything to do with hacking cable will be banned immediately Analogue forever!!

06-03-07, 10:21 AM	#5 (permalink)
Unknown user #1 Senior Member Join Date: Jan 2007 Posts: 536	Re: What is your Wi-Fi saying about you? There is an article (in Russian unfortunately) on how to break WEP and WPA protection. It took'em 3 seconds to get access to WEP-64 system, 7 second to WEP-128 and a couple of hours for WPA.

06-03-07, 11:42 AM	#6 (permalink)
Analoguesat manic midlander retired mod Join Date: Jan 2006 Location: Scottish Borders Posts: 11,668	Re: What is your Wi-Fi saying about you? If a serious hcker is after your data hes going to get it - these encryptions are to keep out the hobby guys and to stop the nerd next door from leeching your bandwidth downloading smutty movies - nothing more __________________ Basic forum rules for both satellite & cable: no keys no patches no offering or asking for card shares Anyone pm'ing me for details of card sharing or anything to do with hacking cable will be banned immediately Analogue forever!!*

06-03-07, 12:04 PM	#7 (permalink)
Unknown user #1 Senior Member Join Date: Jan 2007 Posts: 536	Re: What is your Wi-Fi saying about you? Totally agree. There is a joke in Russian about the situation. I'll try to translate it but if it won't be any good, don't shoot me Two cowboys are entering the bar. One says: "See, this is The NeverBeaten Joe!" The other asks: "So is he that good that no one can beat him?" The first one answers: "Nah, simply no one ever bothered even to talk to him never mind the fight, that's all!" So, the situation with WiFi is fairly similar. Private users' "protected" Wireless LAN can only survive for one simple reason - no one bothered to break it. Hackers spend their efforts on esier or 'fattier' (is that a word?) targets.

06-03-07, 01:08 PM	#8 (permalink)
BGonaSTICK Dodgy Geezer Join Date: Nov 2005 Location: Brighton Posts: 9,718	Re: What is your Wi-Fi saying about you? 'Hackers' spend plenty of time driving around the residential districts picking up all manner of interesting and useful information from WiFi connections. 'They' are not all big-time master criminals out to score national secrets or millions of pounds. To many, it's just a hobby in itself. __________________ Dreambox 7000, Skystar2 PCI, Skystar USB, Fibo 90cm on Moteck SG2100, Triax TD110 multi-LNB. Sky + ART cards. 45.0°E - 58.0°W

06-03-07, 01:45 PM	#9 (permalink)
Unknown user #1 Senior Member Join Date: Jan 2007 Posts: 536	Re: What is your Wi-Fi saying about you? Huh, where I live there 4 open networks and two WEP ones. Mine is the only one with WAP, unless some other guys are using hidden SSID (had no time to research that). Judging by SSIDs (linksys, BT, netgear, etc) most people never configured their routers, so 'hacking' should be very easy. Unless someone would really want to take a challenge, I am fairly safe

25-03-12, 10:29 PM	#10 (permalink)
Dude111 An Awesome Dude Join Date: Jan 2011 Posts: 256	I always unplug my modem (usually) when im not using it so if anyone is scanning,etc they are less likely to find it..... One good thing about Wifi is THE SIGNAL DOESNT GO VERY FAR so anyone wanting to try to get on OR JUST SNIFF YOUR NETWORK might have to compromise themselves just to get a good enough signal to get anything off it.. Last edited by Dude111; 25-03-12 at 10:33 PM.