How to prevent unauthorized people or vehicles from intercepting your wireless data
Lately, much ado has been made about the Google Street View vehicles doing more than photographing houses and businesses. Apparently, the Google vans have also been intercepting and storing wireless data from *unsecured* wireless routers, as they drive along the streets of our great nation.
Does this worry you? It should if you are one of the people operating an unsecured wireless router. Not because of what Google was doing with this openly transmitted data, but because if a Google van can read your unencrypted data, so can a neighbor's hacker kid, or somebody with bad intentions driving down your street, looking for wireless connections to piggyback on, or data to steal (a.k.a: War-driving).
Here is what the FCC determined about Google Street View vans intercepting wireless data as they dove down streets:
The FCC has been investigating, and recently fined Google $25,000 [details] for the incident. In its report, the FCC concludes, "For more than two years, Google's Street View cars collected names, addresses, telephone numbers, URLs, passwords, e-mail, text messages, medical records, video and audio files, and other information from Internet users in the United States."
In its findings, the FCC has concluded that Google's wireless data collection was not illegal because the information the company gleaned was not encrypted. The $25,000 fine against Google was actually for interfering with the investigation by stonewalling at searching employee records to find out why this happened and what was done with the purloined data. It turned out to be an experiment by what Google referred to as a rogue employee.
So, how can you make sure that something like this doesn't happen to your wireless connections? Secure your wireless routers, or hotspots! Here's how...
While I cannot give you instructions for your particular wireless router or hotspot, you can get them from the installation instructions that shipped with the device, or by going to the manufacturer's website and downloading a manual. However, I can tell you a few things to do to secure that device against casual drive-by, or next door snoopers.
First and foremost, no matter what brand or type of wireless router, modem/router, access point, or hotspot you employ, change the default administrator password to something not easily guessed, or found in a common dictionary. This won't stop unencrypted data from being intercepted but will definitely make it much harder for a hacker, or malicious script to take over control of critical router/hotspot functions. If your router's password can be guessed, the DNS [1] settings can be changed without your knowledge, to point to rogue DNS servers, which will re-route every Internet based request to hostile territory, for nefarious purposes [2].
The next item you should take care of is to apply the best level of wireless "encryption" [3] that your wireless device is capable of using. This is what will stop almost all War-drivers and nearby snoops from intercepting anything they can make sense of. Right now, WPA2 [4]is the strongest security available in home routers, using a 256 bit key code. Don't even think for one minute that applying the ancient WEP [5] security protocol is going to keep even script kiddies out of your router!
Wireless hackers would have to run a super heavy duty encryption cracking program, over a long period of time, to decipher 256 bit security keys. If somebody is willing to go to that much trouble and resides next door to, or within signal acquisition distance of your location, you'll need to apply the strongest encryption possible, plus some extra measures to lock out unknown devices.
Some of these additional measures include allowing only specified MAC addresses to connect (although these can be spoofed by hackers), or only as many IP addresses to be assigned as required by the wireless devices in your location [6]. For instance, if you have a wireless laptop and wireless hand-held smart device, with your desktop PC hard-wired with a network cable, you only need to assign three wireless IP addresses. There will be a section in the "web" configuration screens of your router that allow you to set how many IP addresses can be assigned to any devices requesting a connection. If you can limit the connections to only what you need for your own internal use, a snooper will not be able to obtain the IP address required to join your network.
There is a new feature showing up on N protocol wireless routers called WIPS [7] which establishes an additional layer of security between a wireless router and the devices known to it. In particular, WIPS detects and takes action against rogue access points, or man-in-the-middle router attacks.This is not an end-all protocol and can be cracked by determined hackers with plenty of time on their hands and gear to do the dirty deed.
Once again, many of the attacks aimed at wireless routers (including breaking WIPS, WEP and WPA) can be thwarted by changing the default login password to the router to a strong code, not easily guessed, or found in a common dictionary.
You can learn more about wireless security development on this Wiki-pedia page. Remember, it takes a combination of techniques to keep determined crackers out of your wireless network. Make it as difficult as possible for unauthorized devices to connect to your network. This way, both your data, including logins and passwords, and your connection itself will remain under your control, as pertains to the wireless network. Protecting your individual devices from attacks from the Internet, via exploits, trickery and social engineering tactics is another matter, beyond the scope of this article.
Stay safe and practice safe Hex!
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.