Wednesday, December 14, 2005

A new blogger for wifiExeter!

It's been a little while since the last post was made to wifiExeter, and I'm going to be helping Will out with the blog and making it a great resource for Wi-Fi access in Exeter.

So, what's the deal?

I've always been interested in wireless communications, from walkie-talkies, CB's to radio broadcast and of course 802.11x. Only recently I've acquired a PSP (PlayStation Portable), which upon further investigation appears to be a great tool for quickly finding access points.

Are open access points for everyones use?

One sticking point however is the questionable case for using an open unencrypted access point.

Often, unencrypted access points are made publically accessible - it is ascertaining the intention of the configuration which is risky. It could be configured as such out of genorosity, or incompetance with network security.

By all means, I work in computer retail and I understand that a lot of people cut corners with wireless networking security. Personally, I'd only use an unencrypted open access point in any situation to read news because of security issues - any traffic could potentially be sniffed and/or manipulated by another person on the network.

An evil minded access point owner could use the ignorance of a network user to collect personal information and login details. It is with some effort possible also to inject replacement content into network connections - ethically this could be advertising, unethically it could be a trojan or spyware.

Nonetheless, it is fascinating to observe the distribution of such a new technology - and Exeter indeed has many access points, with a variety of security.

Talking Security
  • WEP or WPA-PSK Encrypted Networks
    Legally, hacking or attempting to access a WPA or WEP secured network without permission is hacking and almost certainly has legal and moral implications.

    The tools are out there, WEP is trivial to hack - but WPA seems to be the more secure solution.

  • Open Access Point: Fee Taking
    BTOpenzone, MyCloud and itbox pub entertainment machines all offer a way of accessing the internet for a paid fee generally involving a short term subscription or top-up method.

    Quite often the user enables wireless networking, connects to the access point and all attempts to access the internet forward to a default page until payment is taken.

    They are the sure-fire way of legally accessing the internet (however one issue is possible - someone could easily clone an access point and use it to harvest credit card details).

  • Open Access Point: Direct Connection To Internet (Non Encrypted)
    The most interesting wireless networks of all are open directly to the public and gateway directly to the internet. By even connecting to them you could potentially be stepping into a legal grey area if doing so without permission.

    Theoretically, assuming such laws did not apply you could possibly ascertain whether the access point is set up hastily or with giving intent. It would make sense to apply this test to your own networks.

    The main indicators (with an unencrypted network) are:
    1. Upon connection, are other computers available on the network visible in "My Network Places" or equivalent?

    2. Is the computer / device that provided the IP Address browsable via the web browser, and also - does this device appear to use a default username and password?

    If either of those two are applicable, the network is a free for all - whether it be intentional or not - but if it isn't your network, you're probably breaking the law.
Is anyone giving away a free lunch intentionally?

The most interesting point is - does anyone intentionally run a publically accessible wireless gateway intentionally? By all means it would be a great idea for a café to offer free internet access to customers via wireless networking - it'd be a great way to appear modern and entice customers in, but of course you could always have them hanging around too long with their cold cappucino, or even worse having people not even on the premises taking advantage of the gratis access.

Alternatively, you could have an open minded individual who is simply generous with thier resources. I'd certainly consider opening up an access point for free use as long as I could firewall away the evils of the internet effectively. The main point of note is - if you see an open access point that does gateway onto the internet, it's almost always an incompetant installers fault, and unless it's incredibly obvious (advertised in your face) that it's a free for all, tread extremely carefully.

Back to Exeter's Wireless Users

The prevalance of networks was quite astounding upon first inspection. I had sat on the A bus from Alphington into the City Centre, and found a large amount of access points dotted all along the route with various quality and encryption. As the bus was moving and I was uncertain of the legality of using the networks beyond querying their presence, I had opted for just browsing for network names.

My findings were:
  • There were a handful of Wanadoo customers with excellently configured (WPA-PSK) routers.

  • myCloud pay-as-you-go connections had very strong signals indeed.

  • Many access points were set up with just WEP encryption, which of course is illegal to attempt to connect to, but easily hackable.

  • Some access points were open, often with very default looking names like NETGEAR.

  • Some networks refused to send a name and these also had a variety of encryption methods.
  • The City Centre is a hotpot of hotspots.
On my first trip up it was pretty exhilirating seeing all the networks - but shocking to see the mess of network security. It's great to see technology reach maturity quickly, but the responsibility is a major issue. All this from a PSP with an apparant wireless reach of 50m omnidirectional!

Hope you've enjoyed my first post!


No comments: