Forwarded from: "eric wolbrom, CISSP" <ericat_private> http://seattletimes.nwsource.com/html/businesstechnology/134462403_btboston2=7.html Monday, May 27, 2002, 12:00 a.m. Pacific By Simson L. Garfinkel Special to The Seattle Times If you have one of those fancy new wireless Wi-Fi or 802.11(b) cards in your laptop or handheld computer, you probably know about the increasing number of "Wi-Fi hot spots" where you can get wireless Internet access - often without paying. What you may not know, experts warn, is that these hot spots can also use your wireless card to track your movements as you walk around. Meanwhile, other people using the same hot spots can covertly monitor all of the information that you send over the air. "Your average person does not know that they are transmitting any sort of serial number or identification code," says Dana Spiegel, a volunteer with NYC Wireless. Yet every wireless card is created with a unique serial number called a "MAC address." This number, which is transmitted constantly whenever the wireless card is in use, can be used to track a person's movements as he or she carries a wireless-equipped laptop or personal digital assistant (PDA) with them throughout a city or within an office. Although there are no reports of businesses or individuals covertly tracking Wi-Fi users by their MAC addresses, Newbury Networks, a Massachusetts company, has developed a product that uses this capability to create a system for tracking users of handheld computers as they walk around museums and businesses. The system triangulates Wi-Fi users using their MAC address and their wireless signal, says Chuck Conley, director of marketing for the company. Museums can use it to display Web pages or maps on a handheld computer as a person moves from exhibit to exhibit. "It's accurate to within three meters," Conley says. The MAC address plays a vital role in wireless networks: Transmitted with every packet of information sent through the air, the MAC address specifies the radio that is sending the packet and the intended recipient. That's important because, unlike a wired network, every packet sent through the air might potentially be received by dozens, even hundreds, of computers. The network uses the MAC address to make sure that information is received only by the intended recipient. But there is nothing in principle that prevents one wireless radio from listening to packets that are intended for another. And this, experts say, is the cause of a second serious privacy concern with wireless networks: It is easy to eavesdrop on other people's communications, especially at open network access points that do not use encryption. "A lot of people are using these for home and business networks without realizing the distance with which the signal can be intercepted," says Avi Rubin, a researcher at AT&T Laboratories who specializes in wireless-security issues. Using special antennas, it is possible to eavesdrop upon a Wi-Fi signal that is originating thousands of feet away. Even without such equipment, Wi-Fi signals can be intercepted by other people in adjacent offices or across the street. Although Wi-Fi equipment on the market includes an encryption system called WEP (short for Wireline Equivalent Privacy), Rubin's research has shown that errors in the way the encryption was implemented cause it to be largely ineffective. Many people "believe that if they turn on the security features that come with it, like the encryption, that they are safe," Rubin says. But in fact, most networks using WEP can be cracked in a few hours. What's more, WEP is not used at Wi-Fi "hot spots." If it were, people passing through wouldn't be able to access the networks. In New York, NYC Wireless has tried to tackle the privacy issue by advising people to use their own encryption. For example, Web pages that are downloaded using the https: instead of the http: protocol are safe from eavesdropping because they are encrypted with the SSL protocol. For individual users on a public network, it's best to work under the assumption that the network is completely insecure and perhaps even "hostile," says Spiegel. "That means using only secure channels for your communications, which is something that we always encourage our users to do." Yet another privacy problem with the Wi-Fi system is that sophisticated users can change their MAC addresses using special tools. A person interested in conducting a crime on the Internet could sniff your MAC address when you were at a public Internet cafe and then set a wireless card to use your MAC address after you left. "For the average Joe in the street, the likelihood of him being monitored by another average Joe in the street is not that great," says Richard Powers, editorial director of the Computer Security Institute. But many people who consider themselves to be "average" really aren't because of the information that they have access to through their work. Many people, Powers says, treat the information at work as confidential, but then they will bring it home and access it in a less secure environment. One of the most famous examples of this involves former CIA Director John Deutch, who took classified information out of the CIA and accessed it on an unsecured computer in his Massachusetts home. Deutch's actions were pardoned by President Clinton on the president's last day in office. "Deutch is not a bad guy, all things considered, but he made an incredible blunder," says Powers. Rubin, the AT&T scientist, uses a wireless network in his house, but "I do it knowing that it is available to somebody outside the house. So for very important business transactions, I tunnel through a machine back at work." As for buying things over the Web, he says, "I make sure that I'm using SSL." Simson L. Garfinkel is a technology journalist and author who specializes in computer security and privacy. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 06:26:11 PDT