Wireless security shaping up, but still leaky

Three years on, does wireless security make the grade?

Many wireless users are learning how not to let their confidential information seep out – at least in Wellington. But the situation is far from perfect.

Three years ago, Computerworld staffers Paul Brislen and Juha Saarinen took a stroll down Auckland’s Queen Street and discovered a number of wireless networks, some belonging to well-known companies, suffered from insecure access.

Recently, I repeated the exercise on Wellington’s main drag — Lambton Quay/Willis Street and The Terrace. Dozens of wireless networks were visible to my laptop and NetStumbler software, although commercial wireless users still seem to be thinner on the ground in Wellington than in the great Business Capital to the north. Only about two-thirds of networks seemed to be secured by encryption. Moreover, some unguarded connections also betray signs of lack of attention to changing default settings — an oversight that could render them even more vulnerable.

For example, one leaky network, on the fringes of the CBD, comes over with the designation “usr9106”. This is simply the name of the wireless modem, a US Robotics model. When default designations like this are not changed, it often indicates there could be carelessness in other areas, say vendors and security specialists. Passwords may also still feature out-of-the-box defaults.

And, while on this subject, there is a connection in Lambton Quay which is simply called “default”. Well, at least the company’s not advertising its name around the vicinity.

Most networks I could connect to immediately asked for a logon; others obstinately refused to connect — perhaps a more powerful wireless card was called for. But, a few could be used with impunity. In a couple of cases, I could surf the internet and receive email on someone else’s account.

I did not, I must emphasise, poke into any files belonging to any of these organisations. I merely established whether or not the network was protected using either secure encryption or a login.

One vulnerable network, near The Terrace, which appeared sporadically at one of the testing points, is known by the intriguing name, blisshouse. Google and White Pages searches turned up no entity of that name, so I don’t know who to warn. But, whoever you are, tighten-up or you’ll find yourself, at best, having some of your bandwidth stolen, while a more nefarious explorer could be minded to do a proper cracking job.

I hovered around the the major banks that bunch at the top of the Quay and sat on the steps, and later in the foyer, of Wellington’s tallest office building, the Majestic Centre. Nothing was visible at ground level except the ubiquitous CafeNet and Telecom hotspots. Going any higher might have attracted too much attention.

But it was good to see how many hotels and apartment buildings around town are now providing wireless coverage for their guests or tenants; but not so good to see that much of it is unprotected by encryption. However, the connections were nice and speedy, judging from the results of the casual stroll around their walls that I took. Must chat someone up for a login (only kidding).

Congratulations CafeNet and Telecom (albeit to a lesser extent) on the extent of your coverage. You couldn’t make it reach more than half of the living room of my Terrace apartment could you? Coffee-table laptop use is very bad for the back.

Bell is a Computerworld reporter

Join the newsletter!

Error: Please check your email address.

Tags Security ID

More about GoogleUS Robotics

Show Comments
[]