Wi-Fi piggybackers

[kgcayenne]

http://www.cbc.ca/news/canada/british-c ... -1.2577859
Wi-Fi piggybackers rack up $800 on senior's Rogers bill.

Chilliwack, B.C., woman didn't know she needed to secure her wireless network with password

Why, oh why does Rogers not have a default wifi password that is set up on the customers' network at the time of installation. I have a beef with Telus these days (that I'm taking to various levels of regulators), but hell, even Telus has default passwords assigned to their wireless gateway devices, and they don't leave until every terminal in the house is operating as it should (well, at least that's how it's been for both office and home). This is a Rogers installation service FAIL in my books, and I hope this publicity pressures them to fix the situation.

[my5cents]

Happened to my step daughter with Telus (many years ago). By the time she realized she had a huge bill.

[kgcayenne]

Happened to my step daughter with Telus (many years ago). By the time she realized she had a huge bill.

That's awful. I bet you hers and similar cases are what prompted the default security codes in use now.

[kgcayenne]

Another thing to watch for is if someone in your household shares your password with another person without realizing what could happen. I logged into my gateway one time and noticed several unrecognized devices because my daughter was sharing our key with her friend next door. Let's just say that won't be happening again.

[Captain Awesome]

I find it weird that her Internet access is metered. I'm with Shaw and I don't even know how much data I'm using. The only time data metering comes in if you use mobile data.

The number of open WIFI networks is declining though. Nowadays most routers come with preset password protection. But few years ago when I lived in Vancouver I've never paid for Internet by simply connecting to an open network of somebody in the building, there was like a dozen of them to choose from. But even right now I see at least 2 open networks in my area with strong signal.

[my5cents]

Another thing to watch for is if someone in your household shares your password with another person without realizing what could happen. I logged into my gateway one time and noticed several unrecognized devices because my daughter was sharing our key with her friend next door. Let's just say that won't be happening again.

We're careful not to tell the cats the password. :)

But we have lots of relatives that have been given the password, and as you likely know, their device remembers it and next time they visit their device works. I'm in a condo in Maui at this moment and every year our iPhones and iPads remember the passwords for the resort and our individual condo without having to input it again.

We're not concerned about our relatives but it's something to keep in mind. If there's concerns, it would be prudent to change your modem password every six months or so.

Off topic, I heard of a funny prank. As you probably know, each wifi modem has a factory default name, usually the manufactorer's name. People rename them, usually "Jones", etc. The name is only seen if you go into setup on your wireless device or into the setup features of the wifi modem. Name your modem "RCMP Surveillance Van" Keep the neighbors on their toes.

[kgcayenne]

We have one in range called “Nobody can-a join it”.

:-D

[grammafreddy]

Name your modem "RCMP Surveillance Van" Keep the neighbors on their toes.

[Captain Awesome]

[Bsuds]

I find it weird that her Internet access is metered. I'm with Shaw and I don't even know how much data I'm using. The only time data metering comes in if you use mobile data.

Cap'n if you read the story she is using a rocket Wi-Fi wireless hub air card. So she would be metered.
While I sympathize with her, it is her own fault that people are able to piggyback on her plan.
She was probably told to change the password and just didn't understand. Sam as telling people they need Virus protection and they would come back a few days later with a Virus on their computer.

[LoneWolf_53]

Speaking of wireless security issues, I encountered one myself the other day that caught me off guard.

I installed newer wireless "N" router at my premises a couple of months back.

I configured my security settings, putting a password in place and such, and thought little more of it.

It wasn't long after that my daughter visited and asked me for my password so she could connect her phone, so I gave it to her.

A few seconds later she asked me which network she should use, and why I had one unlocked. That last part getting my attention instantly.

I'm like huh? I went and investigated and saw my main wireless account, and alongside a second with the same name but "guest" along with it, and indeed it was showing up as an open wireless network.

I instantly check all my router settings, look in it's manual, and there isn't even a section mentioning anything about guest account capability for that model.

It took me some time in fact, before I recalled installing an app on my phone, which allows me to control my home router settings. I went into the app, and sure enough it offered a guest account, and also sure enough I had assigned a passphrase to it as well.

So to make a long story short, for reasons unbeknownst to me, that app was providing a feature my router isn't even designed for, and doing it incorrectly at that, since the password part obviously does not work.

I have dealt with that security flaw by deactivating the guest account feature, but just thought I'd share just in case this happens to anyone else.

I'm using a Cisco router and it was the Linksys Smart Wifi app that caused me the problem. Aside from that it's a very useful app, since I can monitor my network from anywhere, and see who is connected to it, even disconnect a device if I so wish.

What this demonstrated is that it's imperative a person check what wifi signals are available in your home, and make sure that they are all locked down.

[Bsuds]

What this demonstrated is that it's imperative a person check what wifi signals are available in your home, and make sure that they are all locked down.

Which is (unfortunately) way beyond the capabilities of most people.

[rekabis]

Be careful which router you own. Many Linksys (Cisco) and other routers have a flaw in them which makes it almost trivially easy for it to be taken over by a piece of malware (a router rootkit) that is now spreading across the Internet. This Malware takes over your router, and allows the attacker to sniff in on virtually any communication that goes over that router, and can even perform “man-in-the-middle” attacks on supposedly secure communications (like when you access your bank account).

If at all possible, re-flash your router with open-source firmware like DD-WRT or Tomato. This will mitigate any ability to hijack your router. PM me if you want more information.

[Loed]

Those attacks are viable on any routing hardware, FYI. DD-WRT/Tomato do not avoid this disability.

The main compromise you are referring to has to do with having a USB HDD plugged into the router and set up as a shared device. This is what the latest BIG issues were referring to.

Without the FUD of your post though it's still good good advice.

[rekabis]

Those attacks are viable on any routing hardware, FYI. DD-WRT/Tomato do not avoid this disability.

The main compromise you are referring to has to do with having a USB HDD plugged into the router and set up as a shared device. This is what the latest BIG issues were referring to.

Without the FUD of your post though it's still good good advice.

I beg to differ. Exploits are hitting Linksys routers without requiring storage. They are attacking the router directly. Moving to a non-Linksys firmware such as DD-WRT or Tomato is exactly the solution that stops this attack dead in its tracks, since the attack is based off of unpatched firmware. And many of the models in question are now EOL (End Of Life), so no patched firmware from the manufacturer will be forthcoming.

Malware attacks on routers are increasing, and are attacking many different brands. Plus, these attacks are overwhelmingly on the firmware of the router itself, which makes patching impossible on older versions that have been EOL’d and for whom updates are no longer being made. The safest all-around bet is to move to an open-source firmware that is compatible with your unit. If there is no open-source firmware that is compatible, replace your router with one that is compatible, and “upgrade” it to that firmware. Most router manufacturers are reactive, not proactive, when it comes to security. Open-source firmwares are the reverse, and as such, are far more secure in the long haul.

Source: I work in I.T. security. This info is my bread-and-butter.