Caution! Wireless Networking: Preventing a Data Disaster
Clients who use 802.11 wireless networks aren’t the only wireless Internet users subject to eavesdropping and tampering. The number of available consumer wireless products is growing amazingly fast. As more products offer wireless connectivity, take care that you aren’t trading privacy for convenience.
Throughout this book, I’ve illustrated the security and privacy issues inherent with wireless computer networks. In fact, I’ve spent several chapters addressing the problems with Wi-Fi encryption, the number of ways crackers can attack your network, as well as technical problems that create security and safety issues for users.
Despite this, and even though there are plenty of reasons to be concerned about Wi-Fi networks, wireless computer networks do have some protections built in. However, the majority of other consumer wireless devices don’t have any sort of built-in security. Most of the time, security is an afterthought or simply ignored during the design phase.
Of all the available wireless products, three groups pose the biggest threat to your privacy and, in some cases, security. These are:
-
Wireless home controllers, including X10 devices
-
Cordless phones, including 2.4 GHz models
-
Wireless video cameras
Intercepting X10 device signals
X10 Inc. introduced the X10 standard for home controllers. Most X10 devices use the electrical wiring in a house as their network medium. Once they’re plugged into an outlet they can communicate with other X10 devices, sending and receiving instructions.
Many newer X10 devices, including remotes and cameras, are now wireless and usually use the same 2.4 GHz band as 802.11 devices. The majority of them have no security features whatsoever. Anyone can receive, transmit, or eavesdrop on the signals as long as they have some inexpensive equipment.
Usually, all an intruder or a snoop needs is a compatible X10 device, either a controller or a receiver. Let’s say that you’ve used X10 devices to set up an automated home control system. For ease of use, you’ve installed X10 wireless adapters for your controllers so that you can control your lights, doors, and appliances from anywhere in the house with your wireless X10 remote (see Figure 9-6).
If I know this, and I want to get into your house or just tamper with your automation, like repeatedly turning your lights off and on, all I have to do is purchase an X10-compatible wireless controller and figure out your house and device codes. Once I have those programmed, I can take control. If you have X10 locks on your doors, I can open them. If you have an X10 controller for your garage door opener, I can open that, too.
Figuring out the codes is trivial; each X10 device can be set to one of 16 house codes and 16 unit codes (see Figure 9-7). That means I would only have to try each of the 256 possible combinations until I get in. That would probably take less than 10 minutes.
X10 also offers wireless video cameras; at some point you’ve probably seen one of the millions of Internet ads for these devices. For a couple of years you could hardly launch your Web browser without a series of X10 pop-up ads confronting you. Most of these ads are gone now, but the cameras remain. By some estimates, X10 sold a couple million of these in the U.S.
Most of these cameras operate in the 2.4 GHz band, like Wi-Fi gear. The majority of these cameras have only three channels and absolutely no encryption or security at all. To intercept the signals from these cameras, all you need is an X10 receiver plugged into a TV (see Figure 9-8). Because there are only three channels from which to choose, it’s easy to find the signal, even if you have to change channels manually.
Cross-Reference | In Chapter 6 I discuss warspying, the term used to refer to intercepting wireless video signals. |
X10 devices are useful and home automation can be fun. You just need to be aware of the related risks and take a few steps to protect your home and your privacy. If you are using X10 or X10-compatible equipment marketed by companies like Radio Shack (Plug-N-Power), Sears, Stanley, and General Electric, consider the following precautions:
-
If possible, avoid using wireless controllers.
-
Don’t use X10 devices to control door locks, garage door, or other entrances to your home, even if they aren’t wireless they’re easy to tamper with.
-
Avoid X10 cameras. If you do use one, don’t point it at anything you don’t want the neighbors to see (shower-cam anyone?).
Peeping in on Wi-Fi video cameras
In addition to the X10 cameras, there are many different brands of wireless 2.4 GHz cameras available. I distinguish these from X10 and other wireless cameras in that they’re 802.11 compatible. Therefore, these are Wi-Fi cameras, where the remainder are merely 2.4 GHz cameras.
These cameras are usually network ready and compatible with one or more 802.11 standards (802.11a, 802.11b, or 802.11g). Each camera has its own IP address,and usually all that’s required to view the image is a compatible Web browser. Some have optional password protection, and even when this is an option, it’s not often used.
All you need to know to intercept the video feed from one of these cameras is its IP address. Any cracker can use a network packet sniffer to discover this. Then all the cracker has to do is input the IP address into a Web browser and watch the video(see Figure 9-9).
Cross-Reference | To read more about sniffing refer to Chapter 4. |
Some cameras offer WEP encryption as an option, but this offers limited security because WEP is easily broken. Because Wi-Fi cameras generate a lot of traffic, they can actually make it easier for a cracker to collect enough data packets to crack the encryption in a shorter amount of time.
Cross-Reference | In Chapter 10, I discuss WEP encryption and how it’s defeated in detail. |
Wi-Fi cameras are somewhat more secure than X10 and other non-802.11 cameras. They’re harder for casual wardrivers or warspyers to detect and not as simple to view. If you decide to use one, you can take steps to protect your privacy. These include:
-
Don’t point it at anything you wouldn’t want the whole world to see. Be aware, some of these cameras can be controlled from a Web browser and have remote pan-and-tilt features. Therefore, a cracker could change the viewing area.
-
If it’s available, enable WEP encryption.
-
If the camera offers any other security features such as SSID or MAC filtering, use them.
Eavesdropping on cordless phones
Cordless phones are a fixture in a majority of U.S. homes. Most of us use them without a second thought and assume that they afford us the same degree of privacy as ordinary phones with a cord attached. Unfortunately, they don’t, and many people aren’t aware of this.
Like other wireless devices, cordless phones and base stations are transceivers (transmitter-receivers) or two-way radios. When you use your cordless phone, the signal just doesn’t travel between your handset and its base station; it radiates in all directions until it fades, bounces, or some obstruction blocks it. It’s possible to intercept the signal from some cordless phones using a radio frequency scanner. Older phones, operating at 900 MHz and below, are particularly susceptible to eavesdropping.
Note | In the United States, eavesdropping on any telephone conversation is illegal. Even police agencies have strict guidelines that they must adhere to regarding wiretaps. |
Note | Most cordless phones that operate at 900 MHz and below are still analog, use no encryption, and are not secure. |
When the Federal Communications Commission (FCC) opened the 2.4 GHz and 5.0 GHz frequency bands in 1998, manufacturers began producing 2.4 GHz phones. Because of the higher frequencies, fewer scanners are available that can receive the signal. Note I said fewer, not none. Phones that operate in these frequencies are digital and often have some sort of proprietary encryption.
Cross-Reference | In Chapter 10, I discuss encryption types and their uses. |
In an attempt to achieve security, the U.S. government outlawed the sale of scan- ners that can receive these high-frequency signals. Legislation is an ineffective stopgap for poorly designed security, however, as there are still plenty of these scanners available.
In 1995, cordless phone manufacturers began using Digital Spread Spectrum (DSS) technology to secure their phones. DSS spreads the signal from a conversation across several radio channels, making it much harder to intercept, let alone decrypt.
Being aware of the security concerns surrounding wireless phones is the first step toward greater privacy. Some other steps you can take to protect yourself are:
-
If you have an analog cordless phone, replace it with a new digital model
-
Consider one of the newer 2.4 GHz, or 5.8 GHz digital phones (but be aware that they may conflict with the signal from your WLAN)
-
Be sure that your phone has some sort of encryption and has DSS technology
These steps alone should make your conversations reasonably secure from anybody other than a police or government agency. These officials have resources at their disposal that will allow them to listen to your calls if they really want to.
If you’re concerned about this, you live in a country with an oppressive government, or you work overseas and have to protect your company’s intellectual property, then you should also consider taking the following steps:
-
Avoid using a cordless phone. Overseas, some governments don’t allow encryption in consumer devices or force manufacturers to design in back- doors that allow them to eavesdrop.
-
Consider using an encrypted landline phone. Many companies and government facilities have these available. This is much stronger encryption than exists in cordless phones.
-
Pay attention to your surroundings and note who could be listening. Not all eavesdropping is electronic.
-
When discussing sensitive information, be sure that the party on the other end of the conversation isn’t using an insecure phone, such as an analog cordless.
Be aware that even if you’re using a cordless phone with encryption and DSS, the security exists only between your handset and the base station. Once the call reaches the phone lines, it’s no longer secure, and anyone with the skills and resources can tap the signal (legally or illegally). This is true even if the second party in the conversation has a digital cordless phone.
Truly secure phones aren’t cordless and encrypt the signal from one end to the other, similar to what a virtual private network (VPN) does for network communications.
Категории