Sony PSP will ruin wireless LAN security in the home

Sony PSP will ruin wireless LAN security in the home

Summary: Just when we thought that we were beginning to make progress in the area of wireless LAN security with WPA and 802.11i ratification, Sony comes out with their new PSP (Play Station Portable) that will force homes to remain wide open to hackers.

SHARE:
TOPICS: Networking
33

Just when we thought that we were beginning to make progress in the area of wireless LAN security with WPA and 802.11i ratification, Sony comes out with their new PSP (Play Station Portable) that will force homes to remain wide open to hackers.  It's bad enough for a company to neglect patching older products, but it's absolutely inexcusable that the new 2005 Sony PSP will be unleashed upon the masses with defective Wi-Fi equipment.  Since WEP was found to be completely broken five years ago, the Wi-Fi Alliance in 2003 mandated that all Wi-Fi products comply with the new WPA standard and use the new TKIP encryption algorithm yet Sony somehow feels exempt from this responsibility. 

Although Sony isn't the only company this year to release a new consumer product that only supports WEP encryption, they are going to be one of the biggest culprits because of the number of PSPs that will be sold.  Because of their leadership status, they have a duty to build products that don't endanger their customers cyber safety.  The Sony PSP will be an extremely popular device that will introduce the notebook-less masses to Wi-Fi networking and they're all going to want to use the PSP on their home wireless LAN.  Unfortunately, PSP owners would have to lower their wireless security settings to support the PSP and endanger every computer connected to their home network.

Sony needs to rectify the situation as soon as possible by retrofitting all new PSPs off the factory floor with WPA capability and offer a free upgrade to the PSPs that are already out in the wild.  Until they do so, I'm going to keep pointing to Sony as one of the biggest impediments to good wireless LAN security.  Any company that endangers their customers computers or home networks with such blatant neglect should either patch the problem immediately or be liable for any damages that their customers suffer.

Topic: Networking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

33 comments
Log in or register to join the discussion
  • I had heard this before.

    The larger concern here would be theft from or virus migration to a corp. network or government network. It begs the question though, how easy is it to hack/infect the PSP? Anybody crack one yet? It seems like it would need a major hole in order to work as an anywhere multiplayer game device. Put linux on it and look like your playing games in the waiting room while stealing company files. Or the airport lobby while putting a trogan in somebodys laptop, you would look more inocent than if you were pounding away at a laptop. Tiny ram and tiny prossesor though. It would be slow going for the hacker. Like using a PDA for the attack
    jasontheodd
    • It's the network you should worry about

      Attacking a PSP (although possible) is not the point. The point is that using the PSP opens up your entire network and the attached computers to direct attack. There is no need to compromise the PSP first because the PSP itself compromises the network. That is a very realistic fear.
      george_ou
      • It is your connection to the outside world

        WEP is easy to break. If the PSP forces people to use WEP over WPA or the next best standard than it opens all of those networks. Again I do not think any standard is unbreakable, but just that the harder it is the more others will look at other networks.

        Speaking from my own experience I often use my neighbors wireless connection to any illegal activites. Therefore I always want to make my network as secure as possible, so some one else can not use my network or get access to my less secure computers.
        donf_z
  • Ignorance is rampant

    Even worse than only using WEP, there is an overabundance of ignorati out there who are recommending to people that they should change their WAP/Router settings to "Open" when people have problems connecting. Some are even saying that this setting is just as secure as WEP encryption and that the channel is still encrypted!

    Just google "psp 80410d09 open" and check out the responses to end-users' queries that recommend disabling even this low level encryption! Some even say "open is actually better (security) than shared" keys!!! Yeesh!
    dclhacker
    • You better check your facts

      http://securityfocus.com/infocus/1824

      "The 802.11 standard defines two types of authentication, 'open system authentication' (which you can think of as 'no authentication') and 'shared key authentication' (which you can think of as 'the most misguided authentication mechanism ever devised')."


      You better check your facts.
      george_ou
  • *LOL* OMFG...are you people serious?

    First off...this shouldn't affect corporate America in the slightest. If your IT staff is opening up your network so that employees can play their hand held game units...you have bigger problems.

    As for the home network...are you guys serious?
    Where do you live that you truly have to worry about someone "hacking" your network AND having the knowledge to even break the basic WEP encryptian? It seems you are suffering from a little paranoia since the average wi-fi signal can barely extend through the house...let alone through the thicker walls to the outside world any decent distance. Hell, I live in an apartment building and when I am downstairs DIRECTLY below my wi-fi router I just barely...and I mean BARELY get a signal. Also, you can adjust the signal strength on most wi-fi boxes so that it doesn't leave your building.

    That, coupled with the fact that very few "average" people could ever break 128-bit WEP encryptian, I think your "really serious fears" (as someone else posted) are a little outrageous.

    Also, as for the stuff about hacking your PSP and loading linux on it so you can hack systems at the airport and stuff. Okay, seriously...public systems already don't use encryptain on their routers. It would be a tech support nightmare to try and explain and walk everyone through logging on. If you are in a public place, consider the signal fair game and protect yourself in other ways. Ever hear of a software firewall like ZoneAlarm, Sygate, Norton Firewall, McAfee Firewall?

    Man...I'm out of the IT profession for a couple of years and people are losing their minds. Good thing I'm going into psychology. You guys keep up with your paranoid delusions...all it does is increase my future client base! *LOL*
    ExploreMN
    • WEP 128 takes 3 minutes to break

      First of all, I never mentioned corporations. Read the title again. Second, WEP 128 takes 3 minutes break with the new active attack tools. Most people that have been following my blogs on wireless LAN security finally get it now and they're running WPA-TKIP encryption.

      http://blogs.zdnet.com/Ou/?p=48
      george_ou
      • Here's the thing George...

        You say "It can be hacked in 3 minutes" and you reference your own blogs where you say it can be hacked in minutes...but you know something, I have a scientific mind and I am very analytical, sceptical, and base conclusions on empirical evidence. You referenced these so-called "active attack tools" - okay...name one of the tools. Where can I get it? Don't give me some wussy song and dance about how you don't want to make it easy for criminals to do it or any of that garbage. If you are so strongly into WPA-TKIP, then you should do whatever you can to expose the flaws in WEP instead of just giving me lip service. I can hire a hooker for that.

        So...basically, I am saying put your money where your mouth it...put up or shut up...etc...etc...
        ExploreMN
        • As I suspected...

          Every other message he responds to in a matter of hours...but this one giving him a challenge to respond to...no response.

          Good Game George! Keep writing your paranoid blogs!
          ExploreMN
        • Did you bother to read the link?

          I've been writing tons of stuff to expose the problems with WEP. This blog rides on much of that work and provides the links to previous works.

          If you want evidence, why didn't you bother to read the link? If you read that previous blog, it talks about how the FBI used off the shelf free utilities to actively crack a WEP network (which doesn't have a lot of traffic). This was not using some top secret technique that only the NSA knows about; this is using simple tools that are freely available on the net.

          You want more?
          http://blogs.zdnet.com/Ou/?p=41
          http://blogs.zdnet.com/Ou/index.php?p=20

          You want other sources?
          http://www.securityfocus.com/infocus/1814
          http://securityfocus.com/infocus/1824

          If you had actually bothered to read the links in this blog, and their links, you would have found the above links.

          By the way, there is always Google.
          If you search for "George Ou" wireless security, you'll find the following.
          http://www.google.com/search?hl=en&q=%22George+Ou%22+wireless+security
          george_ou
          • I sure did...

            The blog links were essentially opinion and unsubstantiated facts. I didn't notice any links to these "wonder tools" in any of them. Perhaps I didn't look close enough.

            However, thank you for providing some solid evidence to support your case in the form of the securityfocus.com links.

            George, when you write these messages I think you assume that people take your word at face value. Especially since you keep referencing your own blogs within blogs. However, for anyone who is even remotely analytical, they know and understand that when reviewing things you must always assume the writer is lying, hiding facts, etc until given solid proof.

            For example, 3 years from now when WPA is hacked (don't ever say never since people thought WEP would never be cracked too) instead of just writing the "OMG, WPA is so easy to crack with these tools and you should now use WSSE instead of WPA" (I just made up WSSE as an acronym for Wireless Super Strong Encryptian...which doesn't exist) try backing it up in your first writing with fact. Like "As proof, here is a tool that can do it on most networks in less than 5 minutes with an 8 Ghz Pentium VII processor. <link>" and THEN reference THAT blog in later postings.

            Otherwise there will always be a jerk like me to come along and point out the flaw in opinion-only based arguments.
            ExploreMN
          • Jerks will always come

            The format of a blog and the web in general is link based. If you don't bother to follow the links and when you clearly don?t understand the state WEP cryptanalysis, then you're the one that looks like the "jerk" who likes to shoot off half cocked. The securityfocus links WERE linked in my linked blog. The reason I don't put all the links in this blog is because I would have to re-explain what the links are. Since that was explained earlier by the previous blog, it would be redundant to explain it again.

            As for speculation on the future of WPA, we need to clarify that WPA is a broad standard that can use TKIP encryption or AES encryption. While TKIP encryption might be broken in the next few years, it has already held up for 3 years while the original WEP was broken within a year of its initial release. I don?t know who you?re speaking of when you say ?people though WEP could never be cracked too?, I think you meant to say ?people like me thought WEP could never be cracked?. AES on the other hand has rock solid pedigree. Its predecessor DES has never been successfully crypto-analyzed in 3 decades. All you?re doing by lumping WPA and WEP together in the same boat is spread FUD based on ignorance.
            george_ou
          • Yeah...

            And to think...about 100 years ago people believed our behavior was controlled by animal spirits that traveled through hollow tubes in our bodies...

            Maybe you are right...WPA is the ultimate and I am an ignorant fool...
            ExploreMN
    • Security

      #1 if you doubt how easy it's to break a wep network just check this out: http://www.netstumbler.org/showthread.php?t=11878&page=1&pp=15
      #2 reducing the power of your wifi signal will only make it harder for YOU to use, not some one who wants to hack it.
      #3 firewall only (might) protect some one from acessing your PC, but make any difference when you are broadcasting all your data into the airwaves, and anyone arround can pick it up. Thats why you need to encript you wifi.
      #4 if your are going into psychology, is as a pacient and not as a student, see! Because George is helping people just like me to be more aware of dangerous out there...
      BUGabundo
    • PSP Wireless Security

      As someone who has done a lot of field research in WEP cracking I can say that I agree with the article that points out Sony's negligence. I have a neighbor that tried hacking into my WEP enabled system and I had to increase my home network security settings to prevent access. WEP CAN be cracked in very short order and I don't want anyone on my network but me. I am not too concerned about file hacking and the like but I PAY for my wireless service and don't want people mooching free net access from me. I can pay for it, they can pay for it too.
      hardwired
      • JOSEPH

        THANK YOU
        JOSEPH GAUSE
    • Yes

      I Agree
      Adrian5566
    • Yes

      I Agree with # 6
      Adrian5566
  • First Things FIRST dood

    first get the masses to change their default passwords on their wep routers from "admin" and "admin"

    THEN worry about the SERIOUS security problems presented by a little gaming machine.

    sometimes i wonder if zdnet people live in the real world where real people are the REAL problem in security...

    valis
    http://www.helpdeskhell.com
    Valis Keogh
    • thats so true!

      you can get wireless internet across nearly half the residensial part of Kalamazoo just by knowing admin admin.
      zijiang