Tuesday, October 16, 2007

Wireless Internet: Our New Weak Spot

Hacking into computer accounts doesn't take creativity; it takes knowledge of a common weak spot and persistence to find out who has it. In Cliff Stoll's Cuckoo's Egg, the hacker could walk right into various military computer systems of the 1980's, simply because the system administrator didn't change the default passwords. It seems like resetting these passwords would be common sense, but those administrators lived in the days that the Internet was a small, trusting community. They didn't expect hackers.

The face of the Internet has changed over the last 20 years. Now the Internet serves millions of individuals and corporations. Many of today's websites apply lessons from the past, such as requiring that a user's password contain both letters and numerals, and that the password be changed periodically. But innovations bring new vulnerabilities, to which Internet users are newly naive. Today's site of frequent security holes is the wireless network.

The apartment complex where I live features an unreliable but complimentary set of wireless networks, one to each apartment. By default, these networks are unsecured: any computer with wireless capabilities can log on without a password. Most of us leave our wireless networks unsecured; that way, if our neighbors are having trouble with their own network they can borrow ours without having to come and ask us for the password. We're all friends and we trust each other. It would seem odd to password something that many of us share. But if somebody up to no good were to latch onto our wireless, then we'd have a problem.

One the latest trends among hackers is driving around, scouting out unsecured wireless networks to exploit. An unscrupulous wireless user who knows a few tricks can spy on information sent over an unencrypted wireless network in his range, stealing credit card numbers and the like. Furthermore, when he engages in illegal activity on the Internet, the address traces that activity to the network's owner, not to the usurper. By the time the police come after him, he's long gone. The Saint Petersburg Times has published an eye-opening article that describes the security risks of wireless and how to protect against them.

Many of these dangers can be avoided by the same wisdom that we learned from the mistakes of the 80's. Change the wireless network's ID and password from its defaults. Good old common sense, applied to new systems, still serves us well.

No comments: