http://www.bangaloremirror.com/index.aspx?page=article§id=1&contentid=200912232009122302030019231da5603 By Debi Prasad Sarangi Bangalore Mirror December 23, 2009 Airlines, beware! With the Bangalore International Airport leaving the wi-fi hotspots unsecured at the airport, a hacker can break into the servers containing your databases and tamper with sensitive information pertaining to flight schedules and passenger details. Not only that. The e-mail ID of a passeger surfing the net while waiting for his flight can be hacked to send a terror mail, and he could end up under the scanner of security agencies while the real culprit remains undetected. Shockingly, the wi-fi access points in a sensitive area like BIA are still vulnerable to hacking, even after the danger facing open and weak wi-fi networks was exposed by Bangalore Mirror three months ago (‘Wi-fi Way to Terror’, Sept 2). To gauge the threat level facing wi-fi networks that service the international airport, Bangalore Mirror decided to check out the loopholes with the help of the team from www.indiacyberarmy.in (ICA). During the process of 'war driving', we found that nearly 90 per cent of all wi-fi networks are based on WEP (wired equivalent privacy) encryption and can be easily hacked into. "This time, our entire operation lasted 15 minutes and the results were appalling. All we did was to check their security level, and all of them were quite weak, which means anyone with a reasonable knowledge of computers and the internet can easily penetrate the network. "Just as importantly, almost all the wireless routers (internet access points) belonging toalmost all airlines operating through BIA were open," the moderator of the ICA team said. However, he chose not to elaborate on the weak networks due to security concerns. The Sept 2 Bangalore Mirror story had highlighted the fact that there are more than 40,000 vulnerable wi-fi access points in the city, and a majority of them are unsecured as they are based on a weak WEP encryption code. Not only that, we had sent two e-mails to the DG&IGP Ajai Kumar Singh by hacking into two wi-fi networks during the exercise. However, responding to our queries, the airport authorities stated that all security arrangements are in place to tackle cyber-related 'problems'. But they seem to have ignored the Nov 14 guidelines issued by the Ministry of Communication and Department of Telecommunication (GoI), which direct all service providers to implement an online centralised authentication procedure for their subscribers by January 14, 2010. "I wonder how this type of situation is still prevailing in sensitive establishments like airports. It is clear that the implementation of the centralised authentication procedure is not done over there (BIA). The internet service provider (ISP) concerned is to be held responsible for such negligence. Undoubtedly, the authority on whose premises these things are happening is responsible too," said Naresh Ajwani, secretary of the Internet Service Providers Association of India (ISPAI). According to him, of the 72 operational ISPs in the country 40-45 are members of ISPAI. However, referring to the guidelines issued by Ministry of Communication and Department of Telecommunication (GoI), the BIAL authorities said,"BIAL is aware of the authenticated internet access mechanism and has meticulously implemented the mechanism since the opening of airport on May 24, 2008." How to secure your wi-fi Wi-fi networks are growing in popularity, but both service providers and users seem ignorant of the problems related to unsecured wi-fi. Such 'hit and run' attacks can not only frame an innocent user, they also pose a technological challenge for law enforcement in India. 1) Change default administrators, user names and passwords 2) Enable WPA/WPA2 (Wi-fi Protected Access) encryption instead of WEP 3) Use strong pass phrase for WPA / WPA2 4) Change the default SSID (Service Set Identifier) 5) Disable SSID broadcast 6) Enable MAC Filtering for Access Control (a secured hardware address to avoid such hacking) 7) Make sure that you switch off your access points when not in use ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Thu Dec 24 2009 - 02:39:20 PST
This archive was generated by hypermail 2.2.0 : Thu Dec 24 2009 - 02:45:58 PST