If your neighbor has Wi-Fi, maybe you do, too
By Jonathan Sidener
UNION-TRIBUNE STAFF WRITER
February 23, 2004
One of Paul Teeter's neighbors unwittingly broadcasts an unsecured wireless Wi-Fi home network signal that reaches Teeter's house.
Teeter could cancel his Internet account and hitchhike on the neighbor's service. In fact, the resident of San Diego's College Area could probably have access to the neighbor's computer files and personal information.
Sales of wireless networks are surging. Intel estimates that there were 40 million wireless, or Wi-Fi, users worldwide in 2003. Falling prices – it can cost less than $100 to go wireless – are in part what's drawing 15,000 new users every day.
Tales of unprotected networks are growing nearly as fast. Teeter had similar experiences with neighbors' Wi-Fi networks when he lived in Mission Valley, and before that in the San Francisco Bay Area.
Ken Wilson, owner of San Diego Karaoke & DJ, has similar stories to tell. Wilson says he can almost always find an open Wi-Fi signal when he works San Diego clubs.
He discovered widely available wireless access accidentally, but now seeks it out when a patron has a music trivia question he can answer by logging onto the Internet.
"I have since checked for connections at every show, and am astonished at how many open, unsecured connections I find," Wilson said.
"This comes in handy for me when someone wants to know the date a particular song was released or who actually wrote it. I can have the answer in seconds by borrowing a wireless Internet connection."
Unsecured "hot spots," as wireless access points are known, have created a new ethical quandary for the Wi-Fi users: If one's laptop stumbles across a private Wi-Fi signal in a public place, is it acceptable to borrow some bandwidth?
Randy Cohen, ethics columnist for The New York Times, recently tackled the issue and came to the same conclusion as Wilson:
A bit of Web surfing or checking e-mail seems acceptable, but downloading music or other large files is wrong because it harms the performance of someone else's network.
"I differentiate strongly between borrowing an Internet connection, which is unsecured and freely available, and hacking," Wilson said.
He said he isn't circumventing security, or in any way intruding on a protected system, so he doesn't view it as hacking.
"I borrow the connection courteously and do not hog bandwidth or do anything illegal."
Information technology experts may know how to make a wireless network secure, but most home computer users do not. Many are surprised to find they're network administrators who have to know what settings are needed.
Setting up security features adds an extra layer of complexity, one that many new wireless users aren't willing to take on.
"The focus in the industry is more on functionality than on security," said Lee Barken, a co-founder of the San Diego Wireless Users Group and author of "How Secure is Your Wireless Network?" (Prentice Hall, 2003).
"All consumer devices ship with the security turned off" because it's easier for users to set up the network that way, he said.
"The industry wants to make it so you plug it in and it works. They want to reduce calls to the support staff," so they leave the security features turned off.
Wi-Fi signals can travel up to 300 feet, sometimes more, in any direction. In a crowded condo or apartment complex, an unsecured network offers a tempting target to many neighbors.
There are a number of reasons why it's important to secure a Wi-Fi network, the experts say.
Cable and DSL subscribers pay a premium for their fast Internet connections. If the teenager next door is piggybacking on a connection to download large music files or even larger pirated movies, the subscriber's download speed will deteriorate.
If the guy driving down the street with a laptop is a malicious hacker, he can use the Wi-Fi connection as an open window into the network owner's computer where personal information, such as Social Security and credit card numbers, can reside.
Liability issues
There are also potential legal liabilities in letting strangers surf the Internet via your unprotected Wi-Fi network.
Investigators from the recording and movie industries and from law enforcement record IP addresses – a unique number Internet providers assign to an online computer – to find criminals and copyright violators.
If the kid next door is pirating music, it's the subscriber name that's going to end up on a lawsuit or search warrant.
Last November, Canadian police caught a pedophile driving through a residential neighborhood using unsecured Wi-Fi networks to download child pornography. Owners of those computers could have been unwittingly dragged into an embarrassing child-pornography investigation.
Like home and office networks, public Wi-Fi hot spots are also growing quickly. Tech research firm Gartner Inc. estimates there were 71,000 hot spots by the end of last year. This year, they expect the number to nearly double to 132,000.
In a busy hot spot, anyone with a laptop could be a hacker "sniffing" the airwaves for a computer without a firewall, Barken said.
Barken said there are some prudent steps home users of wireless networks should take:
Change the default passwords that come with the Wi-Fi hardware. For example, all Linksys systems come with the default network name of "Linksys." The default passwords of all major Wi-Fi manufacturers are well-known, making the networks easy prey for hackers.
Change the default network administrator password.
Use MAC address filtering. Each node on a network has a unique MAC, or media access control, number, so each Wi-Fi enabled computer on a network has its own MAC number. MAC filtering limits your network to the computers you specify.
Enable Wi-Fi's encryption security. In older Wi-Fi hardware this will be called WEP, or wired equivalent privacy. In some newer Wi-Fi hardware, WEP has been replaced by WPA, which stands for Wi-Fi protected access.
Make sure your computer has a software firewall if you use public hot spots.
WEP and WPA
Until recently, Wi-Fi systems depended on WEP to provide security. But early on, experts found flaws in WEP that made it useless against a moderately skilled hacker.
Because of those weaknesses, several complicated steps are needed to make a WEP system secure. Last year, Wi-Fi manufacturers replaced WEP with the more secure WPA.
Many of the products on store shelves now include WPA, which is easier to configure than its predecessor, according to manufacturers.
Much of the older Wi-Fi hardware can be upgraded to WPA. The original Centrino chips from Intel, for example, can all be upgraded. An Intel spokesman recommends that owners of Centrino-based products with WEP contact the manufacturer of their computers for assistance in the upgrade.
"You don't have to make your system impenetrable," Barken said. "If you and I are hiking through the woods and we see a bear, I don't have to be faster than the bear when we run away. I just have to be faster than you.
"There are so many open access points that a hacker isn't going to break into a semi-secure system. He's just going to go down the street to an unsecured network."
--------------------------------------------------------------------------------
Jonathan Sidener: (619) 293-1239; jonathan.sidener@uniontrib.com
