Many popular hacking tools are freely available via search engines. Photo: Louie Douvis
With almost 50 per cent of Australia’s internet subscribers using mobile or wireless broadband, serious concerns are being raised about the security of wireless systems and the ease of hacking.
Many residential networks are left vulnerable, because users don’t alter system passwords from their default setting or at times don’t even apply a password at all.
Mark Gregory, a senior lecturer in computer engineering at RMIT, believes it isn’t just residential users that leave themselves vulnerable â€“ businesses and some corporations do as well.
“About 20 per cent of wi-fi networks are left unsecure or have poor security. The most a user can do is make sure the password is strong, but even then ‘password security’ is a fallacy.”
Many networks are insufficiently protected with older technology. Wired Equivalent Privacy (WEP), which was developed in 1999, is now outdated and was replaced in 2003 by wi-fi Protected Access (WPA).
Dr Gregory says the weakness of most home wireless networks lies with the modem manufacturer â€“ repeated password failure does not lock down most modems, allowing hackers to continue to attempt to break in until they are successful.
“If a system timed out after a number of password failures, that would be enough to deter most would-be hackers,” Dr Gregory says. “A wireless modem should at least be able to prevent brute force attacks. Unfortunately manufacturers have been a bit lax.”
The serious nature of hacking was recently highlighted by Queensland Police, whose fraud squad began a wardriving initiative to help identify unsecure residential wireless internet networks.
Wardriving is the act of searching for wi-fi wireless networks from a car using a laptop.
“It’s a positive community support program, and the effort should be supported,” Dr Gregory says. “The issue should be taken seriously, and this response should be carried out in all states.”
With wi-fi signals reaching up to 100 metres, a potential hacker could be anywhere. ‘Nick’ (not real name), a computer enthusiast who admits he is not an expert, found it simple to illegally access wi-fi.
“A neighbour of mine didn’t have a password on their wi-fi,” says Nick. “Another didn’t change their network name or password from the default name of the router.
“You can just chuck it through a program dedicated to generating the password for that particular router. It might take some time, but it works. That’s more cracking than hacking, and it’s simple.”
Nick says there are plenty of forums on the internet dedicated to hacking and cracking, and that no wi-fi network will be completely safe.
“With a bit of an understanding of networking, a couple of programs to capture and analyse what’s going into and out of the networks, the right wireless adapter, a Linux operating system, and some patience, you can have whatever network you want,” he says. “There’s no such thing as a bulletproof wi-fi network; if someone is devoted enough they’ll get in.”
While many hackers could see it as an innocent challenge, others could be using their illegal wi-fi access to commit fraud or serious offences, such as using child pornography.
“These sound maleficent in nature, but it’s like a puzzle to those with a deep interest in the subject,” says Nick. “It’s a challenge, like a Rubik’s cube, and you’ll find that most hackers break in for those reasons alone.”
Many popular and specialised hacking tools are easily accessible through internet search engines. Programs such as wi-fi Hacker and NetStumbler are commonly used, and numerous tools and guides can be found on websites such as wardrive.net.
Many of these applications are easy to use. Some, such as iWep Pro, will run on a jailbroken iPhone. It can provide passwords for wi-fi networks within minutes.
A Spanish application developer, “Mike Wazowski” (not real name), says he developed the application to provide users with a tool to test the vulnerabilities of their own routers.
“The app will only unlock a network if it’s kept on the default password configuration,” Wazowski says. “I don’t know why so many people don’t change the password on their modem. I haven’t changed my own, so if you ask me, I’m just lazy.”
Wazowski confirms that iWep Pro users have reported good results in Australia, providing passwords for BigPond, Thomson and Speedtouch wi-fi modems.