Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption 332
An anonymous reader writes "In the wake of concerns about FireSheep sniffing credentials from people using unencrypted public WiFi hotspots, a security researcher has proposed that the problem does not just lie with big websites like Facebook, but also with those who provide free wireless internet access. Chet Wisniewski, a researcher at security firm Sophos, proposes that all free WiFi hotspots should be encrypted — with the password 'free.' ''I propose standard adoption of WPA2 and a default password of "free." Whenever you wish to connect to complimentary WiFi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password. Just type "free". It's not hard. In fact, operating system vendors could even program your PC to automatically try the password "free" before prompting you for a password on the assumption that you might be selecting a free service.'"
Re:Before everyone says that's idiotic... (Score:5, Insightful)
So, technically, it would prevent someone from stealing your interwebs as long as you were already connected.
Unless of course the attacker sends fake de-authentication packets forcing a new handshake to occur...
WPA2 minimum passphrase length... (Score:5, Insightful)
... is 8 characters.
Re:I don't think so. (Score:2, Insightful)
No.
Re:Ridiculous And Totally Not Helpful (Score:5, Insightful)
Yep. And then we'll have a new version of Firesheep with WPA2 decryption. And then another version that'll ARP-spoof the gateway machine so every connected device then routes through your PC.
It'll end up being that a Firesheep user will just have a fast DHCP server and acting as a gateway for the WiFi so all traffic goes through your PC, forwarding packets to the real gateway.
No, the ONLY way to defeat Firesheep is to properly encrypt sessions. Otherwise we're just doing an arms race. The ARP spoofing and fake DHCP is basically endgame short of access points going and isolating users from each other. Which would then end up being someone sets up a fake access point that routes to the real one.
The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.
That says a lot about the 'researcher' (Score:5, Insightful)
Re:Before everyone says that's idiotic... (Score:2, Insightful)
Parent post raises an interesting point: Assuming you trust the security of the router itself, it's possible to have perfect inbound wireless security by giving your public key to the router, but it's impossible to have perfect outbound wireless security unless you have a pre-existing relationship with the router (i.e. you know its public key), or unless its key is signed back to a trusted root authority.
I propose that the pre-existing relationship case is a lost cause, since it would essentially require the hotel or coffee shop publish its router's key behind glass and have the manager periodically check for signs of tampering of the published key (* social engineering hack: "key change notice" on official looking letterhead taped to windows around the store). However, I'll also propose that trusted root signing authority case is also a lost cause because of the massive infrastructure costs required. Essentially only the big players could afford it, and it would require enterprise level security procedures in coffee shops run by high school dropouts. Plus, who would actually check the router certificate to see if it looks valid? It's not something you can check programmatically like comparing a website certificate's subject to the domain name.
Anyway, even if you somehow manage to secure the outbound wireless portion of the connection, that still leaves the router's private key or ISP connection as weak links. Random strangers won't be able to hijack your connection unless the key is easily cracked, but a determined hacker will still find a way to read everybody's data that passes over the router.
My conclusion: It's impossible to have true wifi security, so let's not kid ourselves. If you care about your privacy, you should use SSL or some form of VPN to a trusted location. In this case, no wifi security may be the best answer, because it'll help push the adoption of SSL websites. The sooner we stamp out plain-text protocols the better.
Here's how I'd do it. (Score:4, Insightful)
1. Bring laptop with extra WiFi dongle into a public area.
2. Connect to Free WiFi spot using internal nic.
3. Act as an Access Point on second nic with a cooler sounding SSID.
4. NAT traffic to first WiFi net and grab everything of interest.
5. ???
6. Profit!!!1!!ONE!
Re:Per-client encryption: WEP vs WPA (Score:3, Insightful)
Two guys, Diffie and Hellmann thought up a protocol that allows someone to listen to a "key exchange" without being able to determine the key that the two parties decide on.
One party decides on a base (g) and a modulus (p) and sends it to the other side. Our attacker will of course grab this info. Next each party will think up a number. Alice choses a, Bob choses b. Alice sends g^a mod p to Bob. Bob sends g^b mod p back to A. They key is then easy to calculate for Alice and bob. Alice does K = (g^b)^a = g^ab , while Bob does K = (g^a)^b = g^ab where the listening crook just has g^a and g^b and can't figure out a or b which are needed to find the key K in reasonable time.
Thus this protocol being known for almost 35 years allows easy encryption with a key that a eavesdropper cannot easily snoop..
Re:Before everyone says that's idiotic... (Score:5, Insightful)
... Encryption without trust is less than useless.
I am so tired of that statement. Encryption without trust is Encryption. It is way less than ideal, but way better than cleartext.
I don't particularly trust my local cafe'.
I really don't trust their ISP.
I especially don't trust the phone company.
I entirely don't trust the government.
I certainly don't trust facebook.
But I use the cafe' wireless who uses their ISP who uses the phone company who is tapped by the government when I use facebook. And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.
So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear.
Encryption without trust is not security, but it is encryption.
Re:Ridiculous And Totally Not Helpful (Score:3, Insightful)
Ugh. Replies about SSL's being expensive. Please.
SSL is overhead. Let's say that you're facebook, and let's say that the actual cost overhead is 1/1,000,000 of a penny per page served up.
What is facebook's throughput? I have no idea.
http://techcrunch.com/2010/04/21/facebook-like-button/ [techcrunch.com]
So it's a lot. So much that even if SSL overhead is just one one millionth of a cent per page served up, it is clearly at least hundreds of dollars a month. From the article, I'd guess that it's at least thousands of dollars a month.
Clearly, that's chump change for facebook, but until now, that's all money they've saved. And that's if the overhead is 1/10^6th of a penny. If it's 10^5th we're talking 10's of thousands. If ssl costs 1/10,000 of a penny per page, we're talking 100's of thousands of dollars a month. That starts to add up.
Again, I have absolutely no freaking idea how much overhead it is, and I have no idea their volume. But at the volume they're doing, you can see where any measurable overhead would cost real money.
My guess is that they will throw money at the problem and it'll go away. But they won't be happy to do it.
Re:Ridiculous And Totally Not Helpful (Score:5, Insightful)
> Is it secure? Is it bollocks. MITM is perfectly possible. To the extent that in our arms-race-at-starbucks scenario where the hacker has done his ARP spoofind and DHCP,
> you just add an MITM proxy for SSL connections. Done, your self-signed certs are now useless.
You're right. And yet this "It's gotta be perfect or it's gotta be nothing at all!" attitude is IMHO what has held crypto back a lot more than necessary. Regardless of crypto and its setup, it's still just one part of a security chain...a chain, which even in the best of circumstances will NEVER achieve 100% security! So let's cut the scare-mongering and focus on not black or white, but lovely hues of security degrees. Something people already know (traffic lights):
Browser location bar is:
Red: unencrypted plain-text HTTP
Yellow: encrypted, unauthenticated HTTPS
Green: encrypted and authenticated HTTPS
Just a suggestion.
Re:Ridiculous And Totally Not Helpful (Score:1, Insightful)
Isn't that the whole point of the self-signed certification? That is does nothing to secure you the first time you visit, but once it's registered with your computer (first time you connected, hopefully from your own computer at home), you can then be sure that you are talking to the same entity the next time you punch in the same address.
All the MitM attacks against self-signed certs I have heard of has been regarding the first connection to a site. But perhaps there is a new attack that I am unaware of, I'm no computer wiz.
Re:I like this. (Score:1, Insightful)
Re:Before everyone says that's idiotic... (Score:1, Insightful)
It's much harder to MitM a DH key exchange in a radio transmission than in wires, and this is what the GP meant. Since you radio out your data, and the real connection will also radio back a response, so even if you forge a response the original sender will get two different responses. However, if you can saturate the spectrum in a way so that the real response doesn't reach the sender then you can create a true MitM. It is not enough to eavesdrop, you need to intercept.
Re:I like this. (Score:5, Insightful)
Basically the WiFi standards bunch screwed up. So I actually blame them for a lot of the problems. So many years and they still haven't got WiFi to the level of TLS/HTTPS.
So use TLS/HTTPS over wifi. Why should the Wifi standard solve a problem that's already been solved? Wifi only has to be as secure as a wired network, at which point we can use all the protocols we use to keep our systems secure on the public internet.
Re:I like this. (Score:4, Insightful)
So use TLS/HTTPS over wifi. Why should the Wifi standard solve a problem that's already been solved
Solved already? Really? The last I checked "zillions" of sites don't support https. Slashdot for instance.
Some people can tunnel or VPN everything to a trusted gateway, but how many cafe users can do that? So the problem is NOT solved.
I hope you can figure out for yourself the difference between someone sniffing/exploiting traffic at a cafe, and someone doing it at the ISP or peering level.
Wifi only has to be as secure as a wired network
Yes, but it's _far_ from as secure at the moment. So they have failed.
1) It's harder to "sniff" a wired network that a wireless one. You need a free port for the former and you need to do stuff like mac-flooding (which can be detected). Or you need super duper Tempest stuff.
2) It's easier to set up a wired network where devices plugged into one port cannot snoop traffic from devices in another port. You could do this by either using what Cisco calls "port security" (other vendors have their own terms for it), or do "per port VLANs".
I was in the "hotel internet" line for a while, and we configured our switches so that guests plugged into a port could only talk to our gateway server. So guests using the wired connections were protected from other guests. They might not be protected from the NSA/CIA/KGB/FBI once their traffic leaves our control, but that's arguably beyond our responsibility.
Whereas wireless connections didn't allow us to protect guests from each other (at least while making it easy for guests to still use the system).
I am well aware that wireless connections can be DoSed more easily than wired connections, so no matter how much crypto you have, it's still jammable, but that would be a different threat level. Guests could still plug in to the wired port, lose the convenience, but still do their stuff.
FWIW: if a guest plugs into a wired port and intentionally/unintentionally tries to mess with the system we can usually figure out where that guest is, call the guest up and usually resolve things, even if we are in a different continent.
Re:I tried it (Score:4, Insightful)
... educate people ...
I think I see a problem with your scheme ...
Struck out HTTPS (Score:3, Insightful)
someone sees the 'https' and thinks it's secure
Chrome does it right, with three different indicators in the URL bar: nothing for HTTP, a struck-out HTTPS for a self-signed certificate, or a plain HTTPS for a commercial certificate. But you still need an IPv4 address because downlevel clients won't send the SNI.