Another exploit against TKIP

Another exploit has been demonstrated against TKIP (This was the first one). This could be used by a malicious attacker to inject packets into a data stream, i.e. perform a man-in-the-middle attack. This means someone could read your email start hijacking your session. The original paper about the new exploit is here. To make yourself secure, make sure that in your wireless settings on your AP (Access Point), you choose AES-CCMP (also just called AES) over TKIP. This may or may not be explicit in your settings, it may be a choice of WPA-2 instead of WPA. Beware that “mixed mode” uses both WPA-2 and WPA. I prefer to use only WPA-2 so you can be sure the devices you are connecting to your wireless router are using the stronger wireless protocol. And as always, make sure you are running the latest firmware!

Windows 7's SoftAP risk

Here's a nice feature that be a gotcha for Windows 7 WiFi users. Windows 7 has a new feature called "SoftAP". This works like the Internet Connection Sharing feature, but you share your wireless connection instead of your wired connection. When you're connected to a WiFi access point, your laptop becomes an access point itself, broadcasting itself so you can share your wireless internet connection with a friend, or your WiFi mobile device.  

Although it's good that Windows forces you to set WPA encryption for this feature, users have to be careful to set a strong password, and to disable this feature when not using it. Otherwise, it becomes easy for an attacker to use your wireless access to get into your internal corporate or home network.

From the corporate IT perspective, this means that every laptop is a potential rogue access point, and since SoftAP does IP address translation, an attacker's traffic would look like yours, making it hard to detect.

Home users won't use SoftAP much, since their devices will connect to their home wireless anyway. Someone going to an airport or hotel, on the other hand, where they paid for a single connection to the wireless network, would gladly use it so they can easily get several devices online at once sharing the same connection. If you use it, use a strong WPA password, and use WPA2 if possible, and turn off the SoftAP feature when finished.

Corporate IT departements may want to disable SoftAP entirely, using Group Policy settings. To detect SoftAP use on the network, companies may need to deploy wireless intrusion detection.

Errata Security has a good writeup about SoftAP and some thoughts about the risks.

8 Tips for Improving Your WiFi Signal

If you've ever taken a look at the signal strength of the WiFi signal on a wireless device in your home or office, you probably noticed that the signal strength will vary even if the device is stationary. This is usually the result of Radio Frequency Interference (RFI), which will also cause slowdowns in transmission speeds.

There are lots of different sources of RFI, including:

• Other wireless networks
• Other radio devices, like cordless phones or cell phones
• electrical equipment, including television sets, microwaves, radios, fan motors, or air conditioners

To get the best performance from your WiFi router, use these tips:

1. Make sure you install the latest firmware on your router.
2. Using the router's configuration tools, try different channels for your WiFi network, especially if there are other wi-fi networks in the neighborhood that are using the same channel as yours.
3. Try putting your router in different rooms in your home or office.Place your router as high off the ground as possible.
4. If you want your WiFi network to cover more than one floor, put the router on the uppermost floor.
5. Leave a distance of at least 2 feet between the tips of the router antenna and the ceiling or walls. Also, some types of construction, such as metal studs or wire backed plaster lathe, may behave like giant antennas and also cause RFI issues.
6. Place your router away from large metal objects, bodies of water (like fish tanks or bathrooms) or electrical equipment.

If none of these tips improve the performance of your network, you may also:

• Attach a larger antenna to your router
• Replace your router with a new model (be sure to keep the receipt, in case the new router doesn't improve things)

If you have any other tips or ideas about how to improve your router's performance, please post them here.

How safe is that Wi-Fi hotspot?

If you are looking for a non-technical overview of the perils of using open WiFi hotspots, you can't do better than this local ABC affiliate's news clip.

Experts say there are dangers to web surfing in Wi-Fi hotspots because wireless technology has become fertile ground for hackers and thieves...hackers can use open networks to lift usernames and passwords even on sites that appear to block out password information.

The anchorman concludes with some good security tips at the end of the video, as well. Since it's not too technical, and the TV news can't seem to resist hyping up the fear factor, this isn't really a very comprehensive segment, but how much can you do in 4:36?

I think it's a good sign to see the MSM shining the light on some of the more common issues regarding WiFi security, especially considering how little the average user knows about the perils of open Wifi.

D-Link Wireless Router Vulnerabilities

On Jan 15th, D-Link reported that vulnerabilities had been found in its wireless routers, and it has updated its firmware. The vulnerabilities were in the implementation of the Home Network Administration Protocol (HNAP), which could allow an unauthorized person to change the router settings. If you have a DLink router that supports HNAP, you should check right away to see if there is updated firmware for it. The updated firmware can be found here. More details on the vulnerability can be found here.

Dark Days for the iPhone

Apple's new iPhone OS 3.0 has some great new features. You might think some, like cut & paste, should have been there a while ago, but whatever. Better late than never. But the new OS, and the new iPhone 3GS is vulnerable: Hacker Says iPhone 3GS Encryption Is ‘Useless’ for Businesses since Apple's implementation is so easily circumvented. Even worse, the iPhone's Vulnerable to SMS Hack:

...this could also be used to "infect" the iPhone with malicious code without any user intervention. This means, the user doesn't need to click on any malicious link to get his phone infected. In a worst case scenario, the infected iPhone would scourge the user's contacts list and send spam messages to everyone in the list, thereby infecting more phones in the process.

To Apple's credit, Apple Releases a Fix for the iPhone SMS Vulnerability today, within 24 hours of the original announcement of the exploit.

Too bad that at Black Hat, a Mac OS X Rootkit Debuts, as the Mac becomes a more tempting target for hackers as it gains more market share.

The GhostNet: cybersecurity = national security

Malware and cyber attacks are no longer the province of alienated hackers and international crime syndicates. National governments are using the same tools to spy on dissidents and rival nations. Recent research by the CitizenLab :: Version 4.0 has unmasked a far-reaching

suspected cyber espionage network of over 1,295 infected hosts in 103 countries. This finding comes at the close of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions that consisted of fieldwork, technical scouting, and laboratory analysis.

Using freely available Windows malware and some customized command and control software, the developers of GhostNet (who at the very least speak Chinese) have managed to penetrate an incredible number of sensitive governmental and political groups. Not surprisingly, China denies playing a role in 'GhostNet' cyberspy ring and of course, it is very difficult to prove the exact origin of these attacks. Listen to an interview with the researchers on the podcast Unmasking ‘GhostNet’ | WBUR and NPR - On Point with Tom Ashbrook.