Are you the culprit, if your Wi-Fi is hacked ?
There has been lot of news and noise being made about Wi-Fi hacking. Given the sensational background, it is justified and there are a lot of suggestions on do’s and don’ts -mostly directed at end consumers. This makes me wonder, whose responsibility is security?
One answer is, Yes it is the responsibility of everyone involved. But look at the scenario here in India. Government is very keen on providing broadband availability to the masses. However the average person who uses the internet is not very computer literate and definitely not very security aware.
Most people know only the bare minimum utilities to get the job done and many rely on the service provider engineer to take care of everything. Take the Wifi router for example, most service providers plug the the router in the socket, power it on and walk away. That is what they did in my home. In many cases they disable the wireless encryption key for ease of use. How would an average user know what the security aspects are and protect against it?
It is interesting to see legal aspects of this as well. Assuming a Wi-Fi modem is hacked –
- Who is the culprit? Who should the law catch hold off?
- How would they establish that it was hacked?
- If the security is lax who takes the blame?
Ignorance in Indian law is not considered an excuse and given the highly skilled nature of security, would this still apply? I do not think these issues are addressed anywhere; but if you know please do send a note.
Finally needless to say do secure your Wi-Fi router. I would say follow the three steps depending on how concerned you are
1) Use WPA with strong encryption key,
2) Turn off the SSID broadcast,
3) Turn off the wireless router if you are not using it.
I would like to see your thoughts on this.
Good Article.
Security is very less explored field in India. Securing wireless access is a distant dream.
Reply to this
Praveen thanks. Awareness is the first step though.
Reply to this
As U have mentioned use WPA,I would further recommend using WPA2,but as a matter of fact I have personally used Aircrack and just that it a little more time to crack the passphrases used in WPA and WPA2.So no complete cure,in addition and IDS can be of some help.
Reply to this
certainly awareness is the first step.
when i observe a wifi open I advice the same three steps for wifi security to ma friends and neighbours..
Reply to this
Certainly not the end user as you have rightly pointed out that they aren't security savvy. A collective effort is required though. While it is important to educate end users it is extremely important to educate law enforcing agencies in handling issues. Law enforcing egancies and media have a big role to play here, by not jumpong to conclusions when a end users Wi-fi is misused. Law enforcing agencies should treat targeted end users as some one who can help resolve the case and not as a suspect(unless proven otherwise). Its easy to spoil some one's reputation for no fault of his/hers.
Reply to this