Wireless networks ripe for abuse
By Dan Nakaso
Advertiser Staff Writer
John Loncar tapped the keys of an ancient Compaq computer he nicknamed "Gohan" and zeroed in on eight wireless networks sitting in condominiums or houses that surrounded him on a Makiki bluff.
Richard Ambo • The Honolulu Advertiser
Working off the hood of his car, still warm from the heat of its engine, Loncar quickly selected one wireless network somewhere within a 1,000-foot range and used it to access various Web sites.
SuperGeeks' guru John Loncar found about 50 wireless networks around Honolulu. Many of them, he said, still had the manufacturers' default passwords, making them easy targets for the unscrupulous.
All without the knowledge of the hapless wireless network customers.
James Kerr, president and CEO of the computer consulting firm SuperGeeks, sent Loncar out to spend a day last week pinpointing wireless networks around Honolulu to show how vulnerable they are.
The ease with which Loncar jumped onto one network after another illustrates how wireless systems, whether used in businesses or homes, are open to unauthorized use, damaged data or identity theft, a particular concern during the busy online Christmas shopping season.
Wireless systems use electromagnetic waves to move the same kinds of data that pour into computers hard-wired to phone lines and high-speed digital networks.
Loncar's few minutes of effort is legal and requires only an off-the-shelf wireless adapter.
"Just about anyone can do it," Kerr said. "John's doing all of that using a 5-year-old laptop with a $50 card in it. This problem may be going on, but you can't see it."
The real danger lies in getting access to the computer owners' hard drives. Unscrupulous hackers could then cause all kinds of problems, from stealing credit card information to deleting files to parking illegal information such as child pornography, Kerr said.
"The bad guys are always looking for anonymity," Kerr said. "An unprotected wireless network then is that anonymous access point."
Tim Kelley, a 56-year-old construction manager, opened up his brand new wireless Toshiba laptop on his Kailua lanai a couple of weeks ago and discovered just how easy it is to hack into someone else's wireless network.
More businesses and homeowners are installing wireless networks and freeing themselves from cables. But if security precautions aren't taken, networks can easily be breached by thieves out to get your personal information or use your Internet service. SuperGeeks' CEO Jim Kerr offers some security tips: • 1. Encrypt your wireless data. A wireless network creates a plume of data streaming invisibly around your home. That's what free access points at hotels, airports and libraries provide deliberately for customers. Anyone with a wireless adapter can access the cloud of data if it is not encrypted. To encrypt your data and lock others out, go to Network Properties in your network software and check the box for WEP (which is an acronym for wireless encryption protocol). Be sure to click on OK after making any changes. • 2. Choose a unique login and password for your router, the box with the antenna. To properly con- figure it, you need to go to the IP address field and change the factory defaults, which the bad guys know. By creating a unique login and password, you are preventing strangers from freely accessing the computers on your network and the data contained in the computer.
Kelley isn't much of a techie and doesn't even know how much memory his laptop has. But he suddenly found himself piggybacking on his neighbor's wireless network.
Using wireless networks safely
"If I can do it," Kelley said, "I have to think that someone could get into mine just as easily. You need security, that's for sure. You can be driving down the street and if someone's got a wireless router, you can tune in and access the Internet and e-mail and all of that stuff."
From Kahala to Punchbowl to downtown, at every place he stopped to look last week, Loncar found wireless networks — a total of about 50. Nearly all of the owners had failed to change the passwords on their network's router, the wireless box with the antenna, which would be enough to keep Loncar out.
Most of them still used the manufacturer's codes, which come with preset passwords. Some of the manufacturers, as Loncar found, even included the factory passwords when he accessed the routers.
Loncar propped his laptop into the crook of a banyan tree in a parking lot across from St. Andrew's Priory School for Girls and watched as a list of wireless networks appeared.
"One, two, three, four, five, six, seven, I have eight networks already," Loncar said.
He couldn't pinpoint the exact location of the networks, except to say they were somewhere within a 1,000-foot radius. But Loncar could identify the names the users had given their routers and networks. They had changed them to Underdog, Shimanet, Mr. Fox, Mike, Tom and Blaise, but many of them failed to create new passwords.
Still, even when users left their routers vulnerable, Loncar could not get into their computers' hard drives. Either the signal was too weak or the computers were off, Loncar said.
"I guess that's good," Loncar said. "Otherwise we could do all sorts of mischief."
When Kerr sees open networks, his instinct is to warn people.
"Your first impulse is to knock on their door and say, 'Hey, did you know your wireless network is unprotected?' "
Reach Dan Nakaso at dnakaso@honoluluadvertiser.com or 525-8085.
• • •
