by Brice Petruzzelli on January 5, 2012
Yes, you read that correctly. It’s been recently discovered that a hacker with free tools can get your WPA2 within a few hours. Millions of wireless routers may be vulnerable, including those from Belkin, Buffalo, D-Link, Cisco’s Linksys and Netgear.
How it works: Many routers come with a feature called WPS – Wifi Protected Setup – which is enabled by default. Most people simply ignore the feature. It uses a pin number to make it easy for devices to join a network. Instead of typing in a WPA key, you type in 8 numbers that are on the back of the router.
A flaw in the design of some routers is that after a number of attempts, the router starts transmitting a message indicating whether the first four digits are correct. Also, unlike some devices, the router doesn’t “lock down” after a number of attempts.
For example, say your WPA2 password is “1likemym@c” and your encryption is WPA2 Enterprise. The strength of your password doesn’t matter. When the pin is guessed correctly though brute force, the router GIVES YOU THE WPA PASSWORD.
Here’s a video of the attack (only 1 minute long): wpscrack vs. TP-Link TL-WR1043ND – Demo
What we’d do about it: The truth is, most people don’t have to worry. The odds that someone will spend hours trying to crack your WPA2 code so they can watch you surf the web is pretty small. If you have a router with WPA2 and are concerned, you can disable the WPS feature through your router’s administrator interface.
by Rafi Kronzon on September 14, 2011
Google just announced that you will soon be able to opt-out of their wifi data collection. What are they collecting? Why? What should you do?
What are they Collecting?
As you may know, to get all those “street views” you see on Google Maps or Google Earth, Google drives around little cars that take pictures of everything (see picture above). Turns out, these little cars also collect information on any home and business wifi networks they can pick up. Initially, Google claimed they only collected the location, type, and a few other details of your wifi network. Turns out they actually collected actual traffic (meaning things you send back and forth) as they drove by. Oops.
Why?
Google uses all this wifi information to help the workings of their Google Maps application. For example, if you want to see where you using Google Maps, the application may use the wifi database, combined with the wifi signals you are picking up at the moment to tell you exactly where you are on a map. This is an alternative to GPS (which not all phones have), and using cell tower information (which isn’t always available).
Why Google collected network traffic while building this database? Your guess as as good as ours, as we can’t imagine the use they would have for that data.
What should you do?
Google has said they will stop keeping network traffic, and won’t have any identifiable information about wifi networks in the future. This was not enough for regulators, so Google announced they will allow you to “opt-out” of them keeping any information about your wifi network. Should you bother? We don’t think it’s worth the effort. Unless you’re paranoid and think that Google is the enemy, why would you care Google has some information about your wireless network?
