Wi-Fi

From Computing and Software Wiki

(Difference between revisions)
Jump to: navigation, search
(History)
Line 35: Line 35:
===Piggybacking===
===Piggybacking===
 +
Piggybacking refers to accessing a wireless internet connection by bringing a wireless device in range of another connection and using the service without the owners knowledge or permission. Piggybacking is completely outlawed in some jurisdictions, but allowed in others. It is not considered piggybacking if a bussiness offers a Wi-Fi hotspot for free or as a pay service.
 +
 +
Piggybacking ofter goes unnoticed since most people only use a fraction of their upstream bandwidth. Piggybacking may also be carried out unintentionally, as most access points are configured without encryption (WPA2) and operating systems can automatically connect to wireless networks. The danger in piggybacking exists in users logging into an insecure network where illicit activity is conducted (danger for network owner) or sensitive information is broadcast (danger for user).
===The Wi-Fi Scam, Home Security Scam and Bluetooth Scam===
===The Wi-Fi Scam, Home Security Scam and Bluetooth Scam===

Revision as of 04:16, 11 April 2009

Wi-Fi logo

Wi-Fi is a consortium that verifies 802.11b wireless network products interoperate, and a marketing term vendors use to sell their products.[1]

Wi-Fi is a subsection of the IEEE 802, a subcategory in the link layer of the TCP/IP Internet Protocol Suite. The Wi-Fi alliance is a trade group that owns the 'Wi-Fi' trademark, a symbol that certifies interoperability between wireless devices. Not every Internet product is Wi-Fi certified however, and there exists many devices that are able to interoperate wirelessly without the Wi-Fi logo. Some products have chosen to omit having Wi-Fi certification to avoid paying certification costs.

The use of Wi-Fi has boomed in recent years and is supported by a multitude of different devices. Laptops. game consoles, smartphones, printers and other peripherals usually have Wi-Fi certification.


Contents

History

A municipal wireless antenna. Such devices are integral in creating a mesh network of access points.

Wi-Fi was invented by Vic Hayes (dubbed 'the father of Wi-Fi') at the NCR Corporation/AT & T (later Lucent & Agere Systems), in 1991. Hayes had been designing IEEE standards for 802.11b, 802.11a and 802.11g and subsequent technology, initially meant for cashier systems. NCR initially released the technology under the name of 'WaveLAN' which operated in a range of 1Mbps-2 Mbps. [2] The Wi-Fi alliance was created soon after the technology.

The alliance is a consortium of separate, independent companies that promotes and develops IEEE 802.11 standards. The alliance also tests products to establish interoperability and certifies products that pass. The 'Wi-Fi' logo is allowed to be used by manufacturers who subscribe to the alliance and whose products pass testing. There exists sever unofficial "Wi-Fi" products that may work, but lack true certification.

The term "Wi-Fi" was coined by Interbrand Corporation in August 1999 when hired by the Alliance to change the name from 'IEEE 802.11b Direct Sequence.' Interbrand also created the official 'Wi-Fi' logo. It is often assumed that Wi-Fi stands for "Wireless Fidelity", however officially Wi-Fi is an abstract term and the Wi-Fi alliance is trying to downplay any association to "Hi-Fi" (High Fidelity).

Many cities globally, have announced plans for a city-wide Wi-Fi network. Many such project have since been cancelled due to unforseen difficulties however, a few (such as Sunnyvale, California) were successful. The city-wide networks were created by meshing several wireless antenna together and effectively creating a very large hotspot.

Uses

Advantages and Challenges

Security

The greatest security issue with Wi-Fi (and all other wireless networks) is the easy of connectivity compared to traditional wired networks like Ethernet. Wireless communication (bluetooth especially) is designed to be simple and easily connected to. To make an attack on a wired network, the attacker must physically connect to the internal network or break through an external firewall. External access however is usually disallowed by business networks in order to protect sensitive data. It is because firewall encryption could be broken that most business networks disallow external access. Getting wireless reception is considered an attack to most business networks.[3]

The nature most wireless networks is to allow external access in order to maintain an degree of usability. If attackers gain access to a wireless network they can harm the user in a variety of ways from monitoring others' activity to fabricating a DNS spoofing attack.

Preventative Measures

WEP (Wired Equivalent Privacy) keys uses a deprecated algorithm to secure Wireless networks. First introduced in 1997, WEP keys were intended to make wireless networks have comparable security to that of wired networks. A WEP key could be interpreted as a 26 digit password allowing access to a home network. There are several security flaws in the WEP keys currently being used and there exists readily available software (such as AirSnort or AirCrack) that can obtain a WEP key in minutes. WEP keys are now considered completely broken. The security flaws of WEP keys was first counteracted in 2002 with 'Wi-Fi Protected Access' (WPA) but the attack vector are now known. Now (as of 2004), full IEEE 802.11i (WPA2) encryption standards have been release and are still considered secure as of 2009.

Another security measure in effect involves suppressing the Access Points' SSID broadcast to only allow a predefined set of MAC addresses the ability to join the network. This security measure has since proven ineffective, since if an allowed MAC address is known (or found out) by an attacker then they could potentially change their own MAC address to spoof as an allowed machine.

DNS Spoofing and Kaminsky Attack

Piggybacking

Piggybacking refers to accessing a wireless internet connection by bringing a wireless device in range of another connection and using the service without the owners knowledge or permission. Piggybacking is completely outlawed in some jurisdictions, but allowed in others. It is not considered piggybacking if a bussiness offers a Wi-Fi hotspot for free or as a pay service.

Piggybacking ofter goes unnoticed since most people only use a fraction of their upstream bandwidth. Piggybacking may also be carried out unintentionally, as most access points are configured without encryption (WPA2) and operating systems can automatically connect to wireless networks. The danger in piggybacking exists in users logging into an insecure network where illicit activity is conducted (danger for network owner) or sensitive information is broadcast (danger for user).

The Wi-Fi Scam, Home Security Scam and Bluetooth Scam

'The Real Hustle' a UK television show is premised as an educational program demonstrating how people are getting ripped-off by confidence men around the world. The hustlers demonstrate how easy it is to gain access to a Wireless network through various scams.

In the Wi-Fi Scam, the hustlers hijack a wireless network then rename their own wireless network and route people to a dummy site that looks completely legitimate.

In the Home Security Scam, the hustlers walk through a residential neighborhood and enter home wireless networks by either hacking WEP keys or finding an unlocked network. The hustlers then monitor others online activity.

In the Bluetooth Scam, the hustlers scan a shopping mall for bluetooth signals from mobile phones. Once a signal is found and a connection is made, the hustlers call their premium rate line and rack up a bill for the cell phone owner.

There exists dozens of tutorials on the Internet on how to use Wi-Fi for illicit purposes, demonstrating just how vunerable a wireless network is.

Other 802 Standards and Amendments

See: IEEE 802 Wiki


References

  1. Comer, D. E. (2006). Wi-Fi. Internetworking with TCP/IP (Fifth ed., pp. 419-441). Upper Saddle River, NJ: Pearson Prentice Hall.
  2. "Wi-Fi History". Retrieved on 2009-04-07
  3. "Pros and Cons...". Retrieved on 2009-04-07

See Also

External Links

--Hamilr3 00:51, 10 April 2009 (EDT)

Personal tools