[ISN] Wi-Fi 'hot spots' allow laptop, PDA user to be covertly tracked

From: InfoSec News (isnat_private)
Date: Mon Jun 03 2002 - 03:19:25 PDT

  • Next message: InfoSec News: "RE: [ISN] Thoughts on The White House Chicago Town Hall Meeting."

    Forwarded from: "eric wolbrom, CISSP" <ericat_private>
    Monday, May 27, 2002, 12:00 a.m. Pacific
    By Simson L. Garfinkel
    Special to The Seattle Times
    If you have one of those fancy new wireless Wi-Fi or 802.11(b) cards
    in your laptop or handheld computer, you probably know about the
    increasing number of "Wi-Fi hot spots" where you can get wireless
    Internet access - often without paying.
    What you may not know, experts warn, is that these hot spots can also
    use your wireless card to track your movements as you walk around.  
    Meanwhile, other people using the same hot spots can covertly monitor
    all of the information that you send over the air.
    "Your average person does not know that they are transmitting any sort
    of serial number or identification code," says Dana Spiegel, a
    volunteer with NYC Wireless.
    Yet every wireless card is created with a unique serial number called
    a "MAC address." This number, which is transmitted constantly whenever
    the wireless card is in use, can be used to track a person's movements
    as he or she carries a wireless-equipped laptop or personal digital
    assistant (PDA) with them throughout a city or within an office.
    Although there are no reports of businesses or individuals covertly
    tracking Wi-Fi users by their MAC addresses, Newbury Networks, a
    Massachusetts company, has developed a product that uses this
    capability to create a system for tracking users of handheld computers
    as they walk around museums and businesses. The system triangulates
    Wi-Fi users using their MAC address and their wireless signal, says
    Chuck Conley, director of marketing for the company.
    Museums can use it to display Web pages or maps on a handheld computer
    as a person moves from exhibit to exhibit.
    "It's accurate to within three meters," Conley says.
    The MAC address plays a vital role in wireless networks: Transmitted
    with every packet of information sent through the air, the MAC address
    specifies the radio that is sending the packet and the intended
    That's important because, unlike a wired network, every packet sent
    through the air might potentially be received by dozens, even
    hundreds, of computers. The network uses the MAC address to make sure
    that information is received only by the intended recipient.
    But there is nothing in principle that prevents one wireless radio
    from listening to packets that are intended for another. And this,
    experts say, is the cause of a second serious privacy concern with
    wireless networks: It is easy to eavesdrop on other people's
    communications, especially at open network access points that do not
    use encryption.
    "A lot of people are using these for home and business networks
    without realizing the distance with which the signal can be
    intercepted," says Avi Rubin, a researcher at AT&T Laboratories who
    specializes in wireless-security issues.
    Using special antennas, it is possible to eavesdrop upon a Wi-Fi
    signal that is originating thousands of feet away. Even without such
    equipment, Wi-Fi signals can be intercepted by other people in
    adjacent offices or across the street.
    Although Wi-Fi equipment on the market includes an encryption system
    called WEP (short for Wireline Equivalent Privacy), Rubin's research
    has shown that errors in the way the encryption was implemented cause
    it to be largely ineffective.
    Many people "believe that if they turn on the security features that
    come with it, like the encryption, that they are safe," Rubin says.
    But in fact, most networks using WEP can be cracked in a few hours.  
    What's more, WEP is not used at Wi-Fi "hot spots." If it were, people
    passing through wouldn't be able to access the networks.
    In New York, NYC Wireless has tried to tackle the privacy issue by
    advising people to use their own encryption. For example, Web pages
    that are downloaded using the https: instead of the http: protocol are
    safe from eavesdropping because they are encrypted with the SSL
    For individual users on a public network, it's best to work under the
    assumption that the network is completely insecure and perhaps even
    "hostile," says Spiegel. "That means using only secure channels for
    your communications, which is something that we always encourage our
    users to do."
    Yet another privacy problem with the Wi-Fi system is that
    sophisticated users can change their MAC addresses using special
    tools. A person interested in conducting a crime on the Internet could
    sniff your MAC address when you were at a public Internet cafe and
    then set a wireless card to use your MAC address after you left.
    "For the average Joe in the street, the likelihood of him being
    monitored by another average Joe in the street is not that great,"  
    says Richard Powers, editorial director of the Computer Security
    But many people who consider themselves to be "average" really aren't
    because of the information that they have access to through their
    Many people, Powers says, treat the information at work as
    confidential, but then they will bring it home and access it in a less
    secure environment. One of the most famous examples of this involves
    former CIA Director John Deutch, who took classified information out
    of the CIA and accessed it on an unsecured computer in his
    Massachusetts home.
    Deutch's actions were pardoned by President Clinton on the president's
    last day in office.
    "Deutch is not a bad guy, all things considered, but he made an
    incredible blunder," says Powers. Rubin, the AT&T scientist, uses a
    wireless network in his house, but "I do it knowing that it is
    available to somebody outside the house. So for very important
    business transactions, I tunnel through a machine back at work."
    As for buying things over the Web, he says, "I make sure that I'm
    using SSL."
    Simson L. Garfinkel is a technology journalist and author who
    specializes in computer security and privacy.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 03 2002 - 06:26:11 PDT