Wireless Weakness

By John Carlin
Published: April 27, 2006

We drove through the neighborhood.  From the 70 homes in the subdivision, we found about 20 wireless signals…  Only six were protected…

It’s called War-driving.  Hackers driving around with sophisticated equipment that lets them read your invade your wireless system without ever entering your house.  Some of the more agressive hackers can do it without even entering your neighborhood. [watch our report here]

To prove how easy it is I joined up with our in-house computer gurus Matt Dooley and Ken Mangone, and photo journalist Ken Lucas, who also knows his way around a hard drive.  We loaded up in a marked Newschannel 10 vehicle.

John Carlin: “We’re gonna drive around and see what we see.  We’ve turned on our laptop here in the car, and already, Matt, we have how many signals?“

Wireless Security Tips:
Simple instructions for some common equipment found in our area.

Windows XP

D-Link

Netgear

Linksys
Matt Dooley/WSLS.com:“23 signals in all.“

John: “We’ve got 23 signals and we haven’t even left the Newschannel 10 parking lot.  That should tell you something right there.  Let’s go see what we get.“

As we drove from the parking lot the computer kept making a noise that is best written as “boing.“  Every time it “boinged” it meant we had found another wireless signal.  Some came from people’s homes some came from their “Blackberries” but most were unprotected.

WSLS.com Webmaster Matt Dooley handled the computer—a 4 year old lap top with a two year old wireless card.  Antiques by today’s standards—but it didn’t matter.

Dooley within a mile of the station: “We’ve picked up 32 signals so far.“

A free program downloaded from the internet showed us the brand of wireless signal we were receiving, and more importantly whether they were protected from hackers.  In the downtown area, more than half were not.  Surprising since we figured these were more likely to be businesses than people’s homes.  Businesses we reckoned, should know better.

We drove to a neighborhood in the Roanoke County suburbs.

Carlin: “Let’s go ahead and clear it and see how many we pick up here.“

Dooley: “Okay, already we’ve got 6.“

Carlin: “Just in this purely residential area?“

Dooley: “Right, and only two of them have protection.“

We drove through the neighborhood.  From the 70 homes in the subdivision, we found about 20 wireless signals…  Only six were protected.

With any of those unprotected signals, we could have stayed in the car and hacked into any unprotected computer—but that’s illegal. Realistically our antique equipment would have had a hard time if we weren’t parked within 75 feet of the house, but at a recent hackers convention they held a contest to see how far away a crook could pick up a signal.  Some were successful from miles away.

Rather than have people wonder why an SUV with a peacock on the side was parked in front of their house, we got permission to go into a home here, to show the owners how vulnerable they were.

Carlin: “Hey Tom, how ya doing? Good, I’ve got my crew here and we’re picking up a wireless signal outside your house, and we’d like to show you what we might be able to see on your computer.“

Tom Bohling tells us he keeps his computer secure.  He has the latest microsoft downloads and a firewall.

Yet, within 10 minutes we were surfing the web using his signal.

Dooley: “That’s his internet.“

Carlin: “Okay so we’re on his internet right now.“

Dooley: “Oh absolutely.“

Carlin: “So we can go anywhere in the world on Tom right now.“

Dooley: “Sure”

We wanted to show how easy it would be to go someplace that might cast Tom in a bad light.  So we we went to the Al Jazeera website in Iraq to prove our point.  A pedophile hacker could have visited child porn sites, or any number of other undesirable locations.  On line it would appear to be coming from Tom’s computer.

Tom Bohling: “That’s the last thing I want to have happen is have somebody to access through my computer to implicate me in matters that I am not involved in.“

Then a few minutes later, my crew, added themselves to Tom’s network, and within a few more minutes actually took over his computer!  At this point we could return to our office and use Tom’s machine whenever we wanted.  Given time, Dooley said he could have searched free internet sites until he found codes and passwords enough to hack into the computer’s hard drive.  Once there he could have accessed Tom’s personal information including bank and credit card accounts, and anything else related to his identity.  And he might never know.

Dooley: “Right, and if he never goes in and checks we could be a legitimate user on this network in his house forever if he never checks.“

Tom Bohling: “From anywhere in the world?“

Dooley: “From anywhere in the world.“

Carlin: “You thought you were safe because of what you did to your computer, but when you plugged in the wireless did you realize that you were adding a whole new level of security that you weren’t taking care of?“

Tom Bohling: “No.  I thought I was adding convenience to a secure computer system.“

Dooley and WSLS computer network coordinator Ken Mangone searched the security setting on the wireless - and sure enough it had never been enabled.  Just like most of Tom’s neighbors.

Carlin: So what would you say to somebody who thought they were just adding convenience?  Tom: I would take the time to go to your security settings and make sure you are encrypted which is secure and try to do it to the maximum extent that you can.