Wi-Fi Vulnerabilities Exposed
May 21, 2009
What can Wi-Fi eavesdroppers see on unsecured networks? The sites you visit, the files you transfer, and your e-mail, for starters. See what's at risk and learn how to protect yourself.
When I discuss Wi-Fi security, I try to show an example of what a Wi-Fi eavesdropper or hacker could see from an unencrypted wireless network. This way you can imagine what someone from the parking lot or nearby can see of the data traveling between you and the access point (AP). The underlying reason is to help you understand why you need to encrypt your wireless connections. I usually stick with examples on how e-mail messages and login details can be sniffed. But I thought I'd show you more.
In this article, we'll look at several different online and network services or communication types that are vulnerable to sniffing or capturing by eavesdroppers. Along the way, I'll also give tips on how you could secure them, over and above encrypting the entire link.
What we'll discuss mainly applies when you are using public Wi-Fi hotspots or wired Internet ports you plug into. Though you can have the same types of vulnerabilities when using private networks, enabling WPA or WPA2 encryption scrambles all the communication from Wi-Fi eavesdroppers. So make sure your Wi-Fi network is using this encryption.
First, we'll look at the simplest service, http connections. In other words, the communication between a Web browser and Web servers on the Internet when you're browsing the Web. Eavesdroppers can see what Websites you are visiting. The addresses are always mentioned in the network packets. However, this is a crude method to snoop. They just see the URLs along with the raw html, php, or other Web code. Figure 1 shows what the Web page (of my site) pictured in Figure 2 might look like in a network analyzer.
However, if an eavesdropper wanted to go a step further, they could use a sniffer that captures the network packets and resembles the files or code. This way they could actually see the Web pages you're visiting. Figure 3 shows an example, based on the page previously shown in Figure 2. Remember, they have the same data you've accessed store on their computer. They can export or save individual files (images, pages, documents) to their computer.
Remember, data from any secured Web connection is scrambled and they can't see it. For example, when you access your banking, PayPal, and most other important accounts online, the connection between your computer and their server is usually totally secure. This is the case when the site uses SSL encryption, indicated by a https address rather than the usual http. In addition, Web browsers display a yellow pad lock in the lower right corner or around the address bar on top, when the connection is secure.
You shouldn't have to worry about non-secured sites when on your private network, since you should be using WPA or WPA2 encryption. However, when on public networks, if you want connections to non-secured sites protected, you can use a VPN. I'll list some VPN providers later.
Files being transferred over the network
Any files you transfer between computers on an unsecured network or files you open from network locations can be captured by eavesdroppers. They could review the raw packets to see the contents of clear-text files. Again, they could also use a special sniffer to export and save the file(s). This includes database files, documents, zip files, images, audio files, everything.
Figure 4 shows an example of what the plain text file pictured in Figure 5 would look like in an analyzer.
Using WPA/WPA2 encryption on your private Wi-Fi network solves this problem. For public or unsecured networks, you shouldn't be sharing files. You should actually disable file and printer sharing in the network connection properties in Windows XP or select the public network type in Vista.
Email login credentials and messages
In previous articles of mine, such as How To Secure Your E-mail, I've used the email example with Outlook. Check it out if you haven't yet.
Don't forget about web-based email. Like described earlier about non-secured sites, accessing web-based email without SSL encryption means your messages can be captured. Some email sites always offer secured access, while others can be optional or non-existent. Currently, the default for Gmail is no encryption. Figure 6 shows an example of what an eavesdropper can sniff when you send an email from your Gmail account, using an unsecured connection.
To find out if your Web-based e-mail provider offers encrypted access, throw a S after the HTTP. For example, instead of http://mail.google.com, it would be https://mail.google.com/. Securing POP3 accounts that use a client, such as Outlook, is a bit more involved. Refer to my article on securing email for more information.
Using WPA/WPA2 encryption on your private Wi-Fi network protects unsecured email from eavesdroppers. If you can't or don't want to secure your email when using public networks, you could use a VPN to encrypt your communications.
FTP login credentials and transferred files
If you upload or download files to or from a FTP server, on a unprotected network, sniffers can capture the file(s). Plus just like with the e-mail server, the login credentials are also sent in clear-text (see Figure 7) for the eavesdropper to see.
Unfortunately, it is not possible to secure or encrypt FTP connections. However, using FTP on your private network is fine when using Wi-Fi encryption. Unless you use a VPN, you should not use FTP connections while on public networks. If you are the server administrator, you might look into other secure methods, such as SFTP.
Instant messaging conversations
Most instant messaging and chat programs, including ICQ and IRC, send and receive in clear-text. So if you are on a public network, eavesdroppers can see the conversations with your loved-ones, friends, or business associates. Figure 8 shows an example of an Yahoo Messenger IM and Figure 9 shows what it looks like in a sniffer. Again, to prevent this on unsecured networks, you can use a VPN.
Telnet login credentials
Don't forget about Telnet; it also sends and receives in clear-text. Again, don't connect to servers or computers via Telnet on unencrypted networks, unless using a VPN. You should really look into using SSH instead, which is secure.
Keeping it secure
We've discovered several Internet and network services that are vulnerable to sniffing on unprotected and public networks. Anyone within range could possibly see websites you are visiting and the files you are downloading or transferring. Email messages, files transferred using FTP, and Telnet sessions are also vulnerable, along with their login credentials. Finally, we saw that instant messaging conversations can also be captured.
I'll leave you with some tips on how to keep these types of services secure:
- Enable WPA or WPA2 encryption on your network: Then you won't have to worry about the issues we've discussed, when on your own network.
- Independently secure services: Try to use encryption for the services that can be optionally secured, such as your email. Use alternatives when possible, such as SSH instead of Telnet and send files via secured email instead of FTP. Plus make sure access to sensitive online accounts is via HTTPS/SSL.
- Use a VPN when on a public network: This encrypts all your Internet communications from local Wi-Fi eavesdroppers on public and unsecured networks. AnchorFree offers free web-based SSL VPN service. Paid service is available from WiTopia and HotSpotVPN.
- Don't use same password for everything: If your credentials for a particular service are comprised, you want to make sure the hacker can't get into your other services or accounts. There are password management utilities out there that can help you securely manage all your passwords.
Eric Geier is an author of many computing and networking books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007). Article courtesy of Datamation.