For the love of God, please secure your wireless networks

For the love of God, please secure your wireless networks

Summary: A routine tech support call from a family member uncovered a neighborhood infested with unsecured WLANs.

SHARE:
TOPICS: Networking, Security
90

"Ring Ring."

It's early Sunday afternoon, my wife picks up the phone. A few minutes later, she walks into my office. From the tone of her voice, I can tell that she's been speaking to my Mother-in-Law, Sandy, and that something technical in nature, up in the place I used to call home, back in good ol' Northern New Jersey has gone awry.

Sandy's experiences with her PC have been fodder for a lot of interesting articles over the years. Interesting not because what Sandy encounters is particulary unusual, but because what she encounters are the kinds of obstacles that us technical, PC-savvy types see as simply minor annoyances but end up being total showstoppers for a novice end-user. 

"She needs to talk to you. Her printer isn't working."

I looked back at my wife, while cupping a freshly-pulled espresso lungo. "She should call Epson tech support."

"The Epson people said it was a Windows problem."

I scowled, with my best grumpy-cat face. "Rachel, what the hell, do I look like I work for Microsoft or something?"

Oh wait.

"Okay, put her on the phone."

Unsecured networks in an undisclosed neighborhood in Northern New Jersey. (Jason Perlow)
Unsecured networks in an undisclosed neighborhood in Northern New Jersey. (Jason Perlow)

One of the best tools for doing technical support remotely is a free program called TeamViewer. I use it to support my parents, who live locally in Florida, and also for my Mother-in-Law, who lives in New Jersey. It's multi-platform, so it runs on Windows, Mac as well as Linux.

Similar to screen sharing and remote access apps like GotoMeeting, GoToMyPC or WebEx, it's a free program when used strictly for personal, non-commerical use. I have it installed on every machine for every friend or family member I have to occasionaly help out with support issues on.

I remoted into my Mother-In-Law's PC, and noticed she was wirelessly connected to "Linksys". Well, that's odd. So I went into the router config -- which was set to the default "root/admin" combo typical of Linksys SOHO routers, and noticed it was an unsecured network.

"What the heck? I don't remember setting the router this way."

And maybe I was tired, or maybe I simply forgot, but it eluded me for about ten minutes that what I had logged into was a WRT-54G, an older, but extremely popular model of Linksys Wireless-G router. I distinctly remembered buying Sandy a brand new Wireless-N router last year, a Linksys EA-2700.

And then it dawned on me. I wasn't in Sandy's router. I was in... her neighbor's. 

Well, there's your problem, mom!

I had re-built Sandy's laptop during the winter break when she was down here visiting with my Father-in-Law, Bob. I purchased her a Windows 8 upgrade license, a new copy of Office, and configured it to use her model of printer. 

Now, Sandy's printer, an Epson Workforce 645, can be used wirelessly, over a Ethernet connection, or it can be directly connected via a USB port. For whatever reason, the Epson tech could not get the printer working with Sandy over the phone. I figured out what happened though.

First, the Epson phone tech didn't realize that Sandy was connected to an unsecured wireless network. How she got connected to it doesn't really matter. She could have clicked on the first network that popped up by accident (because it was called "Linksys" which is the same brand as her router) or the Epson tech simply assumed that was the correct network when she told him what brand of router she had.

I was not privvy to the tech support conversation, but Sandy did tell me that the tech instructed her to uninstall/re-install all her printer drivers, and then determined they "Could not get the PC to work with the printer."

An unsecured Linksys WRT-54G is the wireless security equivalent of keeping the front door of your home wide open, year-round.

For whatever reason, the PC and the Epson All-in-One lost the wireless connection to her EA2700 router. Windows 8's default behavior is not to connect to any unknown wireless network unless the user instructs it to, secured or otherwise. This is a security feature. Not "A Windows Problem".

Jersey has been having lightning storms and random power outages a lot in the last year or so, so it wouldn't surprise me if there was some temporary connectivity issue involved in the mix, combined with simple user error that caused this condition. As well as being stuck with a telephone support tech at Epson that obviously doesn't understand the fundamentals of PC and TCP/IP networking.

Either way, an unsecured wireless network tripped Sandy up. And I suspect that this sort of thing is not uncommon.

How did I fix it? Simple. I had Sandy connect an ethernet cable from her router to the printer, and another one from her laptop to her router, since it never leaves her desk, and installed/upgraded the Workforce 645 drivers and firmware.

That Epson's tech couldn't figure this out is laughable, but all sorts of end-user to tech phone communication issues can contribute to an unsatisfactory support experience. I'll give them the benefit of the doubt on this one.

In any case, in the course of fixing this minor printer issue via remote, I discovered that Sandy's neighborhood was absolutely infested with unsecured wireless networks.

The screen shot at the header of the article says it all. We've got the ubiquitous "Linksys" that tripped up Sandy, a Time Warner Cable public access Wi-Fi gateway, an Optimum Online public access Wi-Fi gateway, and a few others that didn't show up in the screen shot, such as a Comcast XFINITY W-Fi gateway, and a large number of unsecured privately-owned routers built by Netgear, D-Link, Apple and other usual suspects.

In the case of the cable companies providing public Wi-Fi access points for their subscribers, I have to say I am a bit annoyed that they tend to use unsecured, SSID broadcast Wi-Fi networks as entry points.

My general understanding is that they require registered MAC addresses in order to gain actual access, but still, it potentially can cause connectivity issues with devices that will attempt to default lock onto them, and it simply pollutes the neighborhood with unnecessary stuff showing up on our respective devices and confuses end-users.

Now, private end-users with unsecured WLANs? These people are really asking for trouble. Sandy's neighborhood is a bedroom community in Northern New Jersey, with nice houses in residental developments bordering a golf course and a country club. This is exactly the type of neighborhood that "wardrivers" stalk, looking for systems for which they can gain entry and steal information.

In the defense of most SOHO networking equipment manufacturers, they have gotten a lot better about creating default settings that require WPA2 encrypted WLANs out of the box. However, there are still many older routers still on the streets, such as the WRT-54G, which aren't secured and are running in default configurations.

An unsecured Linksys WRT-54G is the wireless security equivalent of keeping the front door of your home wide open, year-round.

Sandy's community is primarily composed of folks aged 60 and older. They've been living in their homes for at least a decade or longer, and have had broadband probably for at least that long. I don't want to make any sweeping generalizations about older people, but a lot of folks do not replace SOHO networking equipment until it actually breaks, and many of these older people are not technically savvy. So they are the perfect target for wardriving attacks.

I suspect that most of the people reading this piece are not the types to run unsecured networks. But if you do see them in your neighborhood, try to find out who owns them, and educate whoever is running them to replace their older router equipment (particularly if they are only capable of using WEP, as opposed to the newer WPA2 standard) and to set the appropriate WLAN passwords and to use Wi-Fi Protected Setup (WPS) with their devices when possible.

And while I am generally not of the opinion that governments should interfere with the usage of our own electronic equipment, I do think that anyone who runs an unsecured WLAN should be subject to fines, because they endanger themselves and the people living in their households, as well as those people who they are potentially sharing data with. 

Is your neighborhood infested with unsecured wireless networks? Talk Back and Let Me Know.

Topics: Networking, Security

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

90 comments
Log in or register to join the discussion
  • Asking for trouble...

    Being unsecured is asking for trouble. Not only can you easily snoop traffic, because it is unencrypted, allowing somebody to attach to sniff around your network is never a good idea.

    What are the legal implications in the USA? Here, in Germany, if you don't use a password, you are legally responsible for everything that happens on your network, unless you log each MAC address that connects to the network and register what they access (i.e. if you don't use a password, you are acting as a service provider, so have to register and log users).

    As to your comment about the Epson engineer. He won't know the customer's network from Adam. If the user is attached to a network, he has to assume that they have connected to their own network, they *must* know their network better than him.

    If Sandy didn't know she was on the wrong network, how the heck should the Epson engineer know that? That he couldn't find an Epson printer on the network shows that the printer isn't connected to the network or isn't working. But just how is he supposed to know that Sandy was on the wrong network?
    wright_is
    • For the love of god

      Modern routers have guest networks that only get to the net while allowing you to secure your lan. free internet for all! Land of the free.
      LarsDennert
      • Not so fast

        They may allow "access", but take bandwidth that the owner is actually paying for. "Land of the free" my ass.
        Njia1
        • Exactly that fast

          Your point is irrelevant. If the user sets up his or her router with guest network access, then they are purposely donating that bandwidth, so it is perfectly free to those who take it.
          .DeusExMachina.
          • No, you missed the point

            I clearly responded to the "free internet for all" statement, in which he seems to imply that the owner/user can/should set up a "guest" network partition so others can leech the bandwidth.
            Njia1
          • And?

            I am fully aware of what you were commenting on. It was irrelevant.
            .DeusExMachina.
          • zactly

            To call for fines for people who choose to be "good neighbors" is absurd, what a facist. Of course this sort of fear mongering is to be expected from someone of the "establishment" - can't have those anonymous access points enabling PIRACY! Free wifi is COMMUNISM!

            My own reason for encrypting my wifi was more pragmatic: when it was free and open I had trash piling up behind my house from the kids hanging out there with their cellphones. My car was even broken into - well, no more free wifi, no more kids.

            GET OFF MY LAWN!
            poptones
          • Haha!

            You know, this reminds me of one time I was playing music with some friends, I used to have a huge Vox Superbeatle Amp. Suddenly, I started hearing a voice coming from my speakers. Lowering the volume did nothing, it was being picked up by something in the Power section, so it was coming out of my amp full volume. Sure enough, I looked outside and there was a guy in a little Datsun or something, with a HUGE rotating antenna on the top of his car.

            So I faced my amp toward him and opened the window - The Next time he spoke, he heard his voice coming from my amp - You could see his head hit the roof of his car! He started his car up and hauled out of there very rapidly. He never parked there again.

            I don't know why this issue of Unsecured WiFi reminded me of that - But if you think about it, it is very similar. Except that my reception of his transmissions was not intended. But it just goers to show, there are damn commies all over our neighborhoods using all manner of illicit transmissions, be they Low Band Radio, or WiFi.
            XweAponX
        • I don't care about your ass but...

          Tell me what sort of provider you have that charged by the byte? Oh yeah, they don't...
          NoAxToGrind
          • They Don't?

            I use Cox Cable - They supply me with only 250 GB per month of Bandwidth. If I go over that, they start charging me for it. Now, generous guy that I am who has let neighbors use my WiFi, if they download over 200 Gigs of Data using MY network, they WILL be paying me for it. If they are just using it for Googling and Facebooking, no problem.
            XweAponX
      • Hah

        Free? I have the guest band broadcasting. Anyone can connect to it, but it's not connected to anything.... so yeah, connect away!
        benched42
    • legal implications are pretty much nothing.

      "What are the legal implications in the USA?"

      Pretty much nothing. As far as I know, there's no laws regarding open networks.

      In Germany I found it pretty hard to find a useful WiFi. I guess most businesses opted not to have WiFi at all, rather than to secure it.
      CobraA1
      • The problem is

        they are responsible for what you do on their network.

        If you hack another business, upload illegal material, send spam etc. They are the ones that will end up in court. As I said, they need to register each attached machine and, if they don't want to land in court, they have to log each connection you make.

        It is easier to not to bother with Wi-Fi.
        wright_is
      • Legal ramifications

        Most states now have laws against "unauthorized access to a computer". A router DEFINITELY meets the legal definition of a computer for purposes of those statutes--even if it's not hooked to a network. The fact that the network is not password-protected would not constitute granting access permission. If I leave my front door shut but unlocked and someone opens the door and enters without my permission, it IS considered "breaking and entering".

        BUT ... there are laws against spam too. There's a huge difference between HAVING the law and being able to ENFORCE it. ESPECIALLY folks with no tech savvy wouldn't have a clue how to locate whoever is accessing the router. And then, of course, even if someone COULD, what prosecutor is going to waste funds prosecuting an unauthorized user? Which rape, burglary, etc., do they NOT prosecute because they only have funds for a limited number of cases, so they can spend funds on an unauthorized computer access not involving a major business or government agency?
        Rick_R
        • Technically, you are correct, but...

          ...there is always a but, isn't there?

          A WiFi router is broadcasting its presence. It is an opened invitation to connect. If your front door is unlocked and there is a sign on it that says "Welcome", you are inviting people in. Of course, the law doesn't see it this way.
          mlashinsky@...
      • Legal implications anywhere?

        What if the person connecting to your WiFi is a pervert? Go prove that the illegal material downloaded through your router had nothing to do with you. Keep your router secure because even if your neighbor has his own connection don't expect that he always wants his download activities to be trace to him.
        jsargent
        • In the Name of the Router Owner ...

          This comment about the pervert reminds me of a story a few years ago on one of those crime dramas. Someone murdered a popular high school coach, and the cops discovered that the coach's home had an unsecured wireless router reachable from his roof. A boy on the team who had some grudge sent phony emails in the name of the coach that caused another boy's dad to think his son was being abused by the coach, resulting in the murder of the coach.

          So in contrast to German law, most states and the federal government have a "laissez faire" approach to unsecured routers: run it at your own risk, and the IP address is presumed to be an accurate ID of the perpetrator of anything illegal over the internet, unless the innocent "patsy" can prove otherwise. Deliberately running a "guest" network MAY be evidence of innocence, but why take the chance?

          To non-technical people, it all appears so "magical" that it never occurs to them that identities can be faked and the access is available outside their homes. It also does not always occur to them that freeloaders not only have INTERNET access, they also have LOCAL NETWORK ACCESS (especially if they never bother to use the network to share their own data between their own computers, or only have one computer). They do not know, therefore, that unprotected files on their own hard drives may be visible to the freeloader or "wardriver" just outside their homes.
          jallan32
    • Simple troubleshooting, perhaps?

      The initial steps for troubleshooting connectivity between a PC & a printer are identical to troubleshooting Internet connectivity for a wireless laptop:

      1. Determine the type of connectivity being used (wireless vs. physical cable)
      2. If wireless, have the caller physically connect the devices (printer to PC/PC to BHR).
      3. If the devices work (PC can print to or install the printer/PC can connect to the Internet), then the problem is in the wireless configuration (either software or hardware), & additional troubleshooting will focus on the wireless connection (wrong WEP/WPA/WPA2 password, low signal strength, bad BHR/printer, bad wireless antenna, etc.).
      4. if the devices still don't work even when directly connected, then there's a 99% chance it's some sort of hardware issue, & additional troubleshooting will focus on that area (bad cable, bad port, bad BHR/printer, etc.).

      Within 5 minutes, the Epson tech should have been able to determine that the issue was the wireless connectivity, and (if he could see the wireless settings the printer was using) at least let Sandy know that her printer was attempting to connect to a different wireless network than her laptop... at which point she would have been directed to contact her ISP (which would have meant a call to Jason)...
      spdragoo@...
    • Ok...

      So it sucks to live in Germany. Got it...
      NoAxToGrind
      • No

        it doesn't suck, far from it.

        I moved here over a decade ago and I wouldn't want to live anywhere else.
        wright_is