Forgot your password?
typodupeerror
Encryption Privacy Security Wireless Networking IT

Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption 332

Posted by timothy
from the has-some-drawbacks dept.
An anonymous reader writes "In the wake of concerns about FireSheep sniffing credentials from people using unencrypted public WiFi hotspots, a security researcher has proposed that the problem does not just lie with big websites like Facebook, but also with those who provide free wireless internet access. Chet Wisniewski, a researcher at security firm Sophos, proposes that all free WiFi hotspots should be encrypted — with the password 'free.' ''I propose standard adoption of WPA2 and a default password of "free." Whenever you wish to connect to complimentary WiFi, you select "Courtyard Marriott" or "Starbucks" like you always have, but you are then prompted for a password. Just type "free". It's not hard. In fact, operating system vendors could even program your PC to automatically try the password "free" before prompting you for a password on the assumption that you might be selecting a free service.'"
This discussion has been archived. No new comments can be posted.

Sophos Researcher Suggests Password 'Free' to Spur Wi-Fi Encryption

Comments Filter:
  • by Mabbo (1337229) on Wednesday November 10, 2010 @01:35AM (#34183272)
    ... just keep in mind that with WPA, the initial password is just used for connecting to the network, after which a session password is shared (right? pretty sure I'm right about that). So, technically, it would prevent someone from stealing your interwebs as long as you were already connected. Now, the guy who got to Starbucks before you and started sniffing before you did, he definitely has your personal information now, and this is a stupid idea.
    • by phantomcircuit (938963) on Wednesday November 10, 2010 @01:38AM (#34183286) Homepage

      So, technically, it would prevent someone from stealing your interwebs as long as you were already connected.

      Unless of course the attacker sends fake de-authentication packets forcing a new handshake to occur...

    • Re: (Score:3, Interesting)

      Security's not my area, so maybe this question is nonsense, but why does each wireless router not have its own unique public/private key pair installed at the factory (that could later be changed by the owner) so that the session key could be generated by the client, sent to the server encrypted by the public key, and now only the router can decrypt the session key?

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Parent post raises an interesting point: Assuming you trust the security of the router itself, it's possible to have perfect inbound wireless security by giving your public key to the router, but it's impossible to have perfect outbound wireless security unless you have a pre-existing relationship with the router (i.e. you know its public key), or unless its key is signed back to a trusted root authority.

        I propose that the pre-existing relationship case is a lost cause, since it would essentially require th

    • Re: (Score:2, Interesting)

      by yakovlev (210738)
      In other words, the designers of WPA2 screwed up by not using something like Diffie-Hellman to negotiate a private connection before the initial password even changed hands?

      I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.
      • by Anonymous Coward on Wednesday November 10, 2010 @02:45AM (#34183560)

        In other words, the designers of WPA2 screwed up by not using something like Diffie-Hellman to negotiate a private connection before the initial password even changed hands?

        I realize this would be subject to man-in-the-middle, but that would seem to be detectable as you would get two different responses when you tried to do the initial negotiation, after which the OS should report "something's screwy with this network" and refuse to connect.

        WPA designers punt the problem of establishing initial session encryption key to EAPOL. Designers of EAP applications can use whatever authentication protocol and crypto bindings between layers that they want.

        DH is pointless in the case you point out because it would be trivial to operate as you point out a middle man to circumvent. For a "This is screwy" response to be possible it would require some prior knowledge to establish a trust relationship between systems. Encryption without trust is less than useless.

        • by kwerle (39371) <kurt@CircleW.org> on Wednesday November 10, 2010 @03:15AM (#34183664) Homepage Journal

          ... Encryption without trust is less than useless.

          I am so tired of that statement. Encryption without trust is Encryption. It is way less than ideal, but way better than cleartext.

          I don't particularly trust my local cafe'.
          I really don't trust their ISP.
          I especially don't trust the phone company.
          I entirely don't trust the government.
          I certainly don't trust facebook.

          But I use the cafe' wireless who uses their ISP who uses the phone company who is tapped by the government when I use facebook. And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.

          So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear.

          Encryption without trust is not security, but it is encryption.

          • Re: (Score:2, Troll)

            by Nursie (632944)

            "And if the wifi were encrypted, I would not also have to worry about my fellow cafe' sniffers.

            So is that first hop encryption a complete solution? Nope. Anyone between the wireless router and facebook can still listen in. But it'd sure be a hellofa lot better than in the clear."

            Except it's not, because there are attacks that allow you to see the data if you capture the handshake, regardless of whether the traffic once you've set up the session is encrypted or not. And there are ways to force the handshake

          • It would seem that you are tired of it before you have even understood it. Encryption without trust does not provide privacy - just the appearance of privacy, which is worse than useless.

            Your example is wrong because without trust encrypting that first hop doesn't even stop other people on the router listening in - it just makes you think that it does. So it is not even the first in a complete solution.

    • There are so many ways this suggestion is wrong, it is not even funny.

      TFA says WPA2 negotiates unique encryption keys with every computer that connects to it. This means you and I cannot spy on one another's traffic even when sharing access on the same access point. That's true, but anyone who can listen to the exchange and know the shared key will be able to learn the key. Plus, there is a very neat man in the middle attack.

      Suppose that I am an evil sheep herder near a Starbuck cafe. Nothing prevents

  • by phantomcircuit (938963) on Wednesday November 10, 2010 @01:36AM (#34183278) Homepage

    Maybe he hasn't noticed that wireshark can decrypt WPA2 traffic so long as the network is being sniffed when the client originally connects.

    • by tlhIngan (30335) <<slashdot> <at> <worf.net>> on Wednesday November 10, 2010 @01:58AM (#34183364)

      Maybe he hasn't noticed that wireshark can decrypt WPA2 traffic so long as the network is being sniffed when the client originally connects.

      Yep. And then we'll have a new version of Firesheep with WPA2 decryption. And then another version that'll ARP-spoof the gateway machine so every connected device then routes through your PC.

      It'll end up being that a Firesheep user will just have a fast DHCP server and acting as a gateway for the WiFi so all traffic goes through your PC, forwarding packets to the real gateway.

      No, the ONLY way to defeat Firesheep is to properly encrypt sessions. Otherwise we're just doing an arms race. The ARP spoofing and fake DHCP is basically endgame short of access points going and isolating users from each other. Which would then end up being someone sets up a fake access point that routes to the real one.

      The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.

      • by adolf (21054) <flodadolf@gmail.com> on Wednesday November 10, 2010 @02:40AM (#34183544) Journal

        The endgame is, Firesheep can always win. Or anyone with a packet sniffer. Unless the site goes completely SSL.

        Indeed, this is the most obvious end result.

        And now, for the most ridiculous question ever: Why isn't this being done? It isn't 1995 anymore: SSL is (at worst) easy and well-understood for these purposes.

        Why does this continue to be an uphill battle?

        • by ADRA (37398)

          It sucks for load balancers unless you're offloading the SSL to the load balancer itself, then you have issues with embedded server URL's needing to be rewritten to not only use the load balancer IP's but also all HTTP:// references into HTTPS:// references, which in turn may blow up some random poorly written apps that depend on specific file sizes... plus all the overhead of possibly decompressing a compressed result, scanning for the offending URI and re-compressing the fixed the results, etc...

          This is a

        • Re: (Score:3, Insightful)

          by kwerle (39371)

          Ugh. Replies about SSL's being expensive. Please.

          SSL is overhead. Let's say that you're facebook, and let's say that the actual cost overhead is 1/1,000,000 of a penny per page served up.

          What is facebook's throughput? I have no idea.
          http://techcrunch.com/2010/04/21/facebook-like-button/ [techcrunch.com]

          So it's a lot. So much that even if SSL overhead is just one one millionth of a cent per page served up, it is clearly at least hundreds of dollars a month. From the article, I'd guess that it's at least thousands of do

          • by Nursie (632944)

            So what if we had an authenticated wireless system (similar to SSL or SSH) using signed certificates? It pushes the processor requirements in a WAP up a little, but isolates users from each other.

            I think there are ways to do this sort of thing but at present they're complex and enterprisey...

          • by Fzz (153115)
            What we really need is for tcpcrypt [tcpcrypt.org] to be widely deployed. That would make the cost negligible.
    • by TheLink (130905)

      Yeah I've suggested this before him, but at least I got that part right[1] :).

      http://slashdot.org/comments.pl?sid=1578784&cid=31437480 [slashdot.org]

      http://it.slashdot.org/comments.pl?sid=457132&cid=22455074 [slashdot.org]

      It's quite sad "Sophos Researcher" doesn't seem to know how broken WiFi security is.

      [1] Somewhat right anyway - seems like the "secure" mode I mentioned in those posts might not be that secure: http://wifinetnews.com/archives/2010/07/researchers_hints_8021x_wpa2_flaw.html [wifinetnews.com]

      Blame the WiFi standards bunch, they can

  • I don't like the sound of "standard default password." That's just asking for all sorts of trouble. How about changing the SSID to something like, "Starbux Network Password: freenet" This way the password is available without having to post signs, etc., and you don't have to worry about involving default passwords of any sort. However, this is still a band-aid over the real problem. Facebook and the like should just get on the ball and enforce TLS.
    • Re: (Score:3, Interesting)

      by gnapster (1401889)
      Unencrypted access points already use a standard password: the empty password [gnu.org]. How is this any different?
      • by julesh (229690)

        Unencrypted access points already use a standard password

        No, they don't. Unencrypted access points don't use a password at all. The password in WPA et al is used to generate a key; unencrypted networks don't have a key.

        • by gnapster (1401889)

          Whoops! Got me there! It isn't that they all use the same blank password, they actually don't use a password at all! Unencrypted networks don't have a key, nor do they (generally) have a password.

          Whatever... My point was that there is no difference between a passwordless network and one that has a standard (empty) password which you never need to enter. Furthermore, as far as authentication is concerned, there is no difference between an open, passwordless network and a WPA2-encrypted network with a

  • by atomicstrawberry (955148) on Wednesday November 10, 2010 @01:40AM (#34183292)

    ... is 8 characters.

  • 'Free' or 'free'? (Score:4, Informative)

    by snsh (968808) on Wednesday November 10, 2010 @01:56AM (#34183356)
    capitals matter. and don't WPA2 phrases have to be at least 8 characters?
  • I find it sad... (Score:2, Informative)

    by metrix007 (200091)

    That a security research doesn't know better than this. Encryption with a PSK is useless as far as sidejacking is concerned. There is no decent client to client encryption unless you use WPA/2 Enterprise.

    To suggest otherwise is bullshit, and he should be blaming the websites who are the problem.

  • by flyingfsck (986395) on Wednesday November 10, 2010 @02:22AM (#34183476)
    Uhmm, maybe Sophos should invest in security training of their staff before they start selling supposed security products.
    • by Anonymous Coward on Wednesday November 10, 2010 @03:53AM (#34183796)

      Uhmm, maybe Sophos should invest in security training of their staff before they start selling supposed security products.

      He's neither a researcher (someone who works in the virus labs) nor an engineer (someone involved in development of our endpoint or management products). He's in sales. Nothing to see here people, move along.

      Posting anonymously because I work there.

  • The logical extension of this is that for paid wifi, we can always use the password "paid" right?

    • by cbope (130292)

      Exactly. This was the first thought in my mind when reading the article... businesses that sell (or rent) wifi access are not exactly going to be thrilled to give out the password "free" and then turn around and ask for money for said access. Not exactly a good way to start a business transaction... sounds too much like bait-and-switch. "the password is "free", but please enter your credit card details..."

  • Free (Score:4, Funny)

    by Alsee (515537) on Wednesday November 10, 2010 @03:03AM (#34183626) Homepage

    That's amazing! I've got the same password on my luggage!

    -

  • by dannycim (442761) on Wednesday November 10, 2010 @03:03AM (#34183628)

    1. Bring laptop with extra WiFi dongle into a public area.
    2. Connect to Free WiFi spot using internal nic.
    3. Act as an Access Point on second nic with a cooler sounding SSID.
    4. NAT traffic to first WiFi net and grab everything of interest.
    5. ???
    6. Profit!!!1!!ONE!

    • by ADRA (37398)

      You could always do that even if every 'open' access point was encrypted. If you want to start mandating legal licensing of access points than I think you're going to find some resistance from this crowd. If else, how can you assure that anything I'm connected to is legitimately what I think it is? That, or we start creating a registry of 'official' access points in the wild, and start issuing certificates like SSL currently works. Both require bureaucracy, and expense, and both are pretty much the only sol

  • Now anyone who travels abroad frequently will have to learn the local equivalent of 'free' in every location. Horrible for people who airport-hop internationally :)

    (It's bad enough to try to figure out Google's language settings)

  • will still get you arrested for illegal breach into a seemingly closed system. The attempt (even if performed by the system) is still your legal responsibility. The only possible caveat being that this workaround somehow becomes part of the next wireless standard, in which case its assumed that you are offering your services for all to consume. Having an automatic attempt to connect using 'free' as a colloquial solution to WPA2's flaws are the wrong approach.

  • How the heck do you even know you are connecting to starbucks hotspot and not my credential-grabbing Linux laptop? If you need security, you need it all the way to your destination, as in https://www.facebook.com/ [facebook.com]. If SSL doesn't scale, let's develop a lightweight replacement that may be susceptible to pattern analysis or stream corruption but not theft of data transmitted in regular use. Even HTTP digest authentication would do more good than known password sent to an unknown wireless service for many site

  • I suggest the keyword "Sophos" to mark advertisements for snake oil sold as computer expertise disguised as interesting article submissions.

  • It's computationally heavy.

    A friend got Skype on his smartphone. WPA2 works. Skype works. Skype over WPA2 doesn't work - hiccups, pauses - the ~400MHz CPU is too weak to perform voice encoding and WPA2 encryption together. WEP is fine though.

  • by yuhong (1378501) <yuhongbao_386NO@SPAMhotmail.com> on Wednesday November 10, 2010 @04:50AM (#34184002) Homepage

    Christopher Byrd has a simple modification to EAP-TLS that disables client certificate validation to provide more secure open wi-fi:
    http://riosec.com/open-secure-wireless [riosec.com]
    This would require modifying only the Authenticator and the Supplicant, and it would be a simple modification to both.

    • by yuhong (1378501)

      And some Supplicants would be able to connect unmodified by using a dummy certificate.

  • An attacker doesn't need to sniff anything. Why bother? Just fire up your own hotspot, name it "Courtyard Marriott" or "Starbucks", and trawl away.

    Think about it every time you connect to a free public hotspot.

    • by ledow (319597)

      My old laptop had an RTL Mini-PCI chip in it that let it serve as a wireless access point even under Windows. You just run the utility, switched to AP mode and filled in the details. You could even then forward it onto another wireless network using a wireless dongle, or do fancy things along the lines of "range-extending" an existing network.

      Setting up a hotspot for friends on a 3G dongle took about 5 minutes, and I would't have to have anything "suspicious" looking on my desktop to be inside the cafe an

  • It's better to just accept any password.

  • "Free"...Damn,.... I am going to have to change my neighbours w/lan password again otherwise everyone will be uisng it.

16.5 feet in the Twilight Zone = 1 Rod Serling

Working...