[ISN] Your Wi-Fi can tell people a lot about you

From: InfoSec News (alerts@private)
Date: Thu Mar 01 2007 - 23:03:53 PST


By Joris Evers
Staff Writer, CNET News.com
March 1, 2007

ARLINGTON, Va. -- Simply booting up a Wi-Fi-enabled laptop can tell 
people sniffing wireless network traffic a lot about your computer and 
about you.

Soon after a computer powers up, it starts looking for wireless networks 
and network services. Even if the wireless hardware is then shut-off, a 
snoop may already have caught interesting data. Much more information 
can be plucked out of the air if the computer is connected to an access 
point, in particular an access point without security.

"You're leaking all kinds of information that an attacker can use," 
David Maynor, chief technology officer at Errata Security, said Thursday 
in a presentation at the Black Hat DC event here. "If the government was 
taking this information from you, people would be up in arms. Yet you're 
leaking this voluntarily using your laptop at the airport."

There are many tools that let anyone listen in on wireless network 
traffic. These tools can capture information such as usernames and 
passwords for e-mail accounts and instant message tools as well as data 
entered into unsecured Web sites. At the annual Defcon hacker gathering, 
a "wall of sheep" always lists captured login credentials.

Errata Security has developed another network sniffer that looks for 
traffic using 25 protocols, including those for the popular instant 
message clients as well as DHCP, SMNP, DNS and HTTP. This means the 
sniffer will capture requests for network addresses, network management 
tools, Web sites queries, Web traffic and more.

"You don't realize how much you're making public, so I wrote a tool that 
tells you," said Robert Graham, Errata Security's chief executive. The 
tool will soon be released publicly on the Black Hat Web site. Anyone 
with a wireless card will be able to run it, Graham said. Errata 
Security also plans to release the source code on its Web site.

The Errata Security sniffer, dubbed Ferret, packs more punch than other 
network sniffers already available, such as Ethereal and Kismet, because 
it looks at so many different protocols, Graham said. Some at Black Hat 
called it "a network sniffer on steroids."

Snoops can use the sniffer tools to see all kinds of data from 
wireless-equipped computers, regardless of the operating system.

For example, as a Windows computer starts up it, it will emit the list 
of wireless networks the PC has connected to in the past, unless the 
user manually removed those entries from the preferred networks list in 
Windows. "The list can be used to determine where the laptop has been 
used," Graham said.

Apple Mac OS X computers will share information such as the version of 
the operating system through the Bonjour feature, Graham said. Bonjour 
is designed to let users create networks of nearby computers and 

Additionally, computers shortly after startup typically broadcasts the 
previous Internet Protocol address and details on networked drives or 
devices such as printers that it tries to connect to, Graham said.

"These are all bits of otherwise friendly information," Graham said. But 
in the hands of the wrong person, they could help attack the computer 
owner or network. Furthermore, the information could be useful for 
intelligence organizations, he said.

And that's just the data snoops can sniff out of the air when a laptop 
is starting up. If the computer is then connected to a wireless network, 
particularly the unsecured type at hotels, airports and coffee shops, 
much more can be gleaned. Hackers have also cracked basic Wi-Fi 
security, so secured networks can't provide a security guarantee.

In general, experts advise against using wireless networks to connect to 
sensitive Web sites such as online banking. However, it is risky to use 
any online service that requires a password. The Errata Security team 
sniffed one reporter's e-mail username and password at Black Hat and 
displayed it during a presentation.

People who have the option of using a Virtual Private Network when 
connected to a wireless network should use it to establish a more secure 
connection, experts suggest. Also, on home routers WPA, or Wi-Fi 
Protected Access, offers improved security over the cracked WEP, or 
Wired Equivalent Privacy.

"The best solution is to be aware of the danger," Graham said. "Everyone 
doesn't need to work from a coffee shop."

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Thu Mar 01 2007 - 23:21:09 PST