THE
IMPORTANCE OF WIFI SECURITY
or
HACKING WITH THE IPOD TOUCH
There are many articles currently published on the importance of keeping a wireless network secure. It seems that some people are hesitant to want to learn about how to set this up whenever they purchase a wireless router, possibly because they may feel overwhelmed at the computer jargon used or the difficulty in learning something new. Sometimes the manufacturers are to blame though, as some manuals are written to the perspective of an average computer user, not someone new to computers. I can see how this would be an issue, especially when you take a shiny new item out of the box and just want to get it working as soon as possible. The lack of taking preventive measures can hinder the performance and usability of a wireless router, as you will see. Like almost every Sunday I went over to my parent's house for dinner. After reading the paper I thought I'd see if any wireless networks were in the area, knowing my friendly neighbor was getting into computers when lived with my parents years ago. To my delight he had an unsecured wireless network available named "Dynex" (as most manufacturers have their brand name as the default name of the network):
Here are some important things: First, routers (wireless and wired) can be setup in various ways to control the type of traffic flowing through them. You can keep tabs on which computers can connect to them, set the length of time during the day that each connected computer can be used, set up a firewall, open up specific ports so that certain applications can use said ports, and so much more. Due to the many options available, this is the reason as to why routers do not have buttons, knobs, or any type of input on them. The user hooks the router to a computer, opens their web browser and types in a web address; typically http://192.168.1.1 and the user is presented with a window showing information about the router. Second, certain routers come from the factory without any password set on them. This is a both a curse and a blessing for wireless routers in that the user can jump right in and make the appropriate hardware connections to get started and hook up other computers to the Internet, but it also means that any outsider who knows what they’re doing can gain control of the router as well. Some routers are known to be password-protected right out of the box, but Belkin (and apparently Dynex routers, which have the same software control layout as Belkin) do not come password-protected. Fortunately for wired routers this instance does not occur unless someone else is physically at the computer(s) connected to the router. A while back ago I connected to a Linksys wireless router, but a pop-up appeared requesting a login and password. On my first try of using "admin" for the login and the password, I gained access to the router immediately. iPod Touch and iPhone users know that in order to connect the iPod to a wireless network, the user must go under the Settings button and click the first heading labeled "WiFi". At that point the user must turn WiFi on (if it is off to begin with). Any secured or unsecured wireless networks that are found that have an adequate signal strength will then be listed. I chose the network named Dynex as it was the strongest and unsecured of the two. Here's where the shenanigans began! To the right of the network name is a blue circle with an arrow. Clicking this arrow brings up details about the network, one important detail being the address of the router:
My neighbor's router was listed as http://192.168.2.1. Please note that there is no period at the end of the Internet address, just as there is no “yahoo dot com dot” or a “macinstruct dot com dot”. Going back to Safari on the iPod I typed in the address of the router and was presented with the main screen for the router controls. I had gained control of my neighbor's router!
The first thing I wanted to attempt was to change the SSID or name of the network. I clicked on the Channel and SSID link on the right hand side which brought up different options. After changing the name from “ Dynex” to “Unprotected Dynex” I clicked on the screen’s “Apple Changes” button, but when loading the page with the updated changes, I was no longer connected. Why? The network name listed on the iPod was “Dynex” which was now changed. Simply going back, having the iPod detect the same network with the new name, then activating it allowed me to reconnect to the Internet and back to the router. I only changed the name of the network rather than password-protecting it. |
(diagram 4) | (diagram 5) |
Changing the name barely scratches the surface. There’s a selection on the router named DHCP Client list, and this presents the user with a list of the computers connected to the router along with the IP (Internet Protocol) address of each computer.
The last entry in diagram 6 lists my iPod Touch which has the IP address 192.168.2.5 (also see diagram 2 where is lists "IP Address") and is listed as "unknown" in the Host Name column. If I click the LAN Settings link I can set a range of IP addresses that the router can connect to; either expanding it to allow more connections or narrowing it down to a single IP address so that only I would be the only user connected to the Internet, as shown below:
I could go under Client IP Filters and prevent other users from accessing the Internet, email, or other applications. Or to be funny I could set the access start and end times for 1⁄2 hour out of every day. The worst change I could make would be the password to the router.
It goes without saying that a password should be set specifically for the router to prevent unauthorized access to it. It's perfectly fine to have an open network to those who want free access to your Internet connection, but leaving your router unprotected is about as safe as leaving your car downtown with the doors unlocked and the keys in the ignition. If you're setting up a password-protected network you need to ensure that the password you set for the network is entirely different than the password you set on the router. This will make it more difficult and time-consuming for curious users in their attempt to gain access to your router. Even without physical access to the router but having remote control, a password can be set on the router allowing only the unauthorized user to make any changes to their Internet settings. If the user isn’t aware of having to password-protect the device, the same user would have no idea what to do without having to check the manual. Wired routers are not out of the clear either. My home network is set so that whenever my Mac boots up or is restarted, my wiress card is activated and the Internet connection is shared right away so that my iPod can connect to the Internet. The network is password protected so that nobody else can hitch a ride off of my internet connection, but my router is unprotected. When going into the network details on the iPod I saw that the router's IP address was significantly different than that of the router's actual IP address. Most network-savvy users know that the router's address is something along the lines of 192.168.1.1, whereas my router's address is 192.168.2.1, as viewed on my Mac's System Preferences screen. As you can see, the adddress is typical and can be easily guessed. Once I typed the router's real address I saw the main screen of my router and was able to manipulate the settings remotely via my iPod. Try entering 192.168.1.1 or 192.168.2.1 in the field where you type in a URL so you can access your router settings. Think about it... an unauthorized user can connect to a network with the name "linksys", then go in and change the name of the network to "Belkin". If someone in the same residence tries to connect to the network they'll see it as "Belkin" instead of "linksys". If they don't know the address of the router to log into it, they won't know if they're connecting to their own network or someone else's. What if that user were to set common names as blocked sites, so that when the router's owner tries to go to www.yahoo.com or www.google.com, the browser will show that the site has been blocked. There is light at the end of the tunnel for owners of unsecured wireless routers. All routers have a hardware switch on them that, when pressed, resets the router to the factory defaults. This removes any password set by the user, resets all permissions and restrictions, and generally removes any changes set by the user. In this instance, Belkin and Dynex routers will reset to having no password, but D-Link routers will have the login and password defaulted to "admin". The owner of the wireless router can simply unplug the power adapter from the router therefore hindering any Internet access, but this does not reset the router to factory defaults. Being the helpful person I managed to go back in and change the name of the network back to the original name of "Dynex", I alerted my neighbor about the security and risks, and no network settings were harmed in the making of this article. The screenshots above show those taken from the iPod Touch, but any computer that can get access to an unsecured wireless network can make the same changes. A user who gains access to an unsecured wireless network won't be able to open up emails right away or see your passwords for password-protected websites, but the access they do gain equates to them being one step closer to your private information. |