Google Sniff-View Cars?

Probably one of the more interesting news stories this month is the revelation of Google admitting that it packet sniffed on unsecured public Wi-fi networks. Read news here.

It appears that Google Street View cars were driving around taking pictures of various locations, but were also kitted out with network sniffers that could connect to unsecured public wi-fi access points, monitor and record data transmissions across those networks. Naughty stuff Google.  This went on for a total of 3 years and accordingly to Google the activity was a “simple mistake”.  This continues to re-affirm beliefs that public Wi-fi networks are serious security risks for both individuals and companies. If one of the world’s largest IT monopolies can do this by accident, cough, what could a determined plan of attack achieve.

So how did they do it? The answer is, without rocket science. It’s easy enough to connect a laptop to an unsecured wi-fi network as no passwords are required. Once connected, you can run a network sniffer to see what’s going on. Why not try it yourself on your own network? Try Wireshark, or perhaps Cain and Abel if you want a little more security analysis.

For an intro to packet capture and analysis using Wireshark, spend a couple of minutes watching this video:

How secure is my wireless network? Four Tips to bump up security.

Do you think your wireless network is secure?

If the answer is yes. The BackTrack (BackTrack 4 – www.backtrack-linux.org) pentration testing OS would beg to differ.

BackTrack 4 manifests itself in an entirely customised distribution of Linux.  The underlying Linux distro is Ubuntu, but has been specifically enhanced, configured and packaged for the purposes of penetration testing.  Within the package you receive a wide variety of wireless cracking, network scanning and password breaking tools.

There are several options you can select for running BackTrack to start your activities. You can install it as an OS on your harddrive, you can install it and run it from a USB stick and you can even run the entire OS from CD. The latter option requires no installation at all. You simply select a machine, boot from the CD and then remove the CD when finished.  I chose the latter option for running my tests to see if it really worked.

I started by booting the OS and starting x windows. Most work is doen from the Konsole terminals.  In short there are 4 key utilities you can use to crack WEP and WPA keys. These are:

airmon-ng: Used to put your own wirless card into monitor mode.

airodump-ng : Used to collect wireless packets and save them to disk.

aireplay-ng: Used to implement a number of replay attacks on the Wireless Access Point(AP).  In our scenario this is useful to make the AP accept or generate more packets. Cracking wireless is generally about getting enough packets (100k-500k) to derive keys.

aircrack-ng: Used on the collected packets to find the keys.

Check out these videos for a step by step example.

Part 1:

Part 2:

Disclaimer: You should be aware that is illegal to hack into a wireless network that you do not own.  This example is for test and education purposes only.

Any determined attacker can usually find away to get access to your networks, but here are four tips to make it much more difficult:

  1. Use WPA encryption – its more difficult to crack than WEP.
  2. Restrict network access to known MAC addresses – MACs can be spoofed but it’s another hurdle to delay.
  3. Switch it off when you are not using it – If there is nothing in the air, there is nothing to analyse. The information an attacker requires to crack the keys is simply not there.
  4. Change the Key.. Regularly.