Is your Wi-Fi safe?

I

With the newly enacted Evidence Bill Amendment, you would have been deemed to have published everything that originates from your IP address. What that means is that if someone hacks your Wi-Fi and then uses it to publish malicious or seditious statements online, you will be deemed to have published it, and the onus is on YOU to prove you’re innocence rather than for the prosecution to prove your guilt.

So obviously with the new law floating around, Wi-Fi security should be at the top of every Unifi Subscribers agenda–if it isn’t already.

However, how secure is your Unifi Wi-Fi connection?

The short answer is not so secure.

The brilliant blog Lifehacker recently posted an article on how you can hack Wi-Fi connections secured by a WPA or WPA2 password. The post is quite detailed but even I have to admit the technical skills neccessary to pull this off is somewhere between intermediate and expert. At the end of the post is a link to a spreadsheet detailing all the devices that are susceptible to this hack, and one of those devices is the DLink Dir-615 Wi-Fi router, if it doesn’t sound familiar let me refresh your memory–it’s the router that Unifi gives out to all Unifi customers!!! (que bone-chilling Alfred Hitchcock Movie sound)

Now taking aside the fact, that I could probably call all Unifi customers to request the Wi-Fi password printed at the bottom of their router, and 50% would probably provide that to me with no issue, this also means that for those people smart enough to hide their passwords — I can still hack your Unifi Wi-Fi connection no matter what you do on your router. There’s literally nothing you can do, hiding SSIDs don’t work and neither will MAC address filtering. Of course this is all theory, and testing this theory took a lot more time than I had, so I’m not sure.

What I am sure is that Unifi have their own firmware for the DIR-615 router, and that’s a partially susceptible router, meaning some firmwares are susceptible some firmwares aren’t, and it’s a coin toss and whether your router at home is susceptible.

Now, while I know of a few people who hack Wi-Fi passwords just for the fun of it,and there’s a lot of references and material online detailing the steps required–so we all know this works. In fact you can buy packages online that allow you crack the routers easily :). This blog written in Malay claims that they’ve successfully hacked a DLink Dir-615 router, I’ve no doubt it’s possible, but it’s not easy and it takes time.

Either way though, it’s always good to remember this. There is no such thing as impossible to crack, merely inconvenient and infeasible. Don’t believe me? Check out this story of how a group of University Students manage to hack a US Military Drone in mid-flight using nothing more than $1000 worth of equipment, do you really think your Wi-Fi at home is more secure a ‘death from above’ US Predator Drone? Every Wi-Fi access point hackable, it’s only a matter of how much time, effort and money is required.

What if I don’t change my password?

If you don’t even bother, or don’t know how to change Unifi password of your router from the default 6 digits Unifi assigns to you, then it’ll be safe to say, that geeky neighbour kid is probably stealing your Wi-Fi.

This post demonstrates a real easy way to brute force hack a router. What that basically means is that the program will try every single possible combination for your router password, usually that will take weeks, however if you just use the 6 digit default Unifi password, then you’ve narrowed the search to just 1,000,000 possible combinations. For a human that’s a big amount, but a for a computer running Beini–it’ll take about 10 hours.

So for Wi-Fi there are 2 general rules, change the default password AND don’t use WEP.

The consequences of low protection

A lot of people don’t appreciate the importance of internet security and even few know how to properly secure things like the PCs, Wi-Fi and even online bank accounts. Some people I work with in my job, still think WEP is a perfectly acceptable way to secure a Wi-Fi connection…and I work in IT.

Naked Security (a fantastic blog to follow) details how a SWAT team Evansville, Indiana raided a house with flashbangs and grenades because the traced threatening blog post to the IP address of the house. The only problem was that the house was using an unsecured Wi-Fi connection, and it became pretty apparent that the 18 year old watching TV with her grandmother were not the perpetrators of the crime. It became even more apparent, that anyone within Wi-Fi distance of the house could use it to post those comments. Fortunately, the state of Indiana still believes in innocent till proven guilty and paid for the damages to the house cause by the flash bangs. In Malaysia, with the new evidence act amendment–you may not be so lucky.

In the past, the worst that stolen Wi-Fi meant was you would experience a slow connection because the neighbourhood hack geek was using your Wi-Fi to watch porn. Now it has far dire consequences that could include you being sent to jail.

With the newly ammended Evidence Act it’s far worse. Anyone that hacks your router can use your IP address to post malicious, seditious and sensitive material online, and YOU would be held accountable for that post. So If I hacked your router, and it’s quite possible, then I could post a terribly seditious post online that would be traced to your IP address, and you would have been deemed to publish it. It’s up to you to prove I hacked your router, and if you don’t even have the know-how to secure your Wi-Fi what chance do you have a catching me?

To see how easy it is to hack a Wi-Fi network, check out the point and click steps here.

That’s bad.

That’s why you need to sign the petition here. http://www.tinyurl.com/stop114a  to stop the Evidence Act Amendment from being gazetted into law. Do that now.

Last Words

I’m really peeved that Members of Parliament from both the Government and Opposition have passed this law, particularly the opposition MPs simply because they failed to do their job. As an MP you have just one job– to pass laws — and if you can’t even get that right you don’t deserve to be an MP!!. I don’t care if you were given 400 pages to read 15 minutes before the bill is tabled, if you have just one job, you ensure that you perform that one job exceptionally well.

Shame on you Pakatan, at least BN MPs can claim to be following orders. Pakatan MPs should be ashamed that it took a blogger to first break the news about the amendment, rather than the MPs themselves.

Finally I’m merely pointing out to you what is now general knowledge of every hacker on the internet. Showing you how to steal internet is likely to get me jailed or worst, banned from cable. I’m not pointing out how to steal Wi-Fi, I’m pointing out on an unsecured Wi-Fi connection at your home is now a dangerous thing.

Image of router rather ‘Maliciously’ taken from thePCHarbor, I hope they don’t mind. http://techblog.thepcharbor.com/?p=2477

15 comments

Astound us with your intelligence

    • Well, it’s not just me Hiew. I haven’t personally hacked a Wi-Fi connection yet, but I’ve been told by reliable sources that it isn’t hard and the evidence on the web seems to suggest this is the case as well.

      It could be that if you have a poorly secured Wi-Fi connection, someone in your neighbourhood could be stealing your Wi-Fi for their personal use, or worse– to implicate you in a crime. Poorly secured Wi-Fi connections are like leaving the door to your house open at night, dangerous and insecure.

      • Indeed I’ve heard this from Johnson too. It is quite scary. I’ve set my own password, making sure it is long, has alphabets and numbers, etc, but looks like even that is no guarantee. At the moment my internet connection at home seem to be ok. Hopefully I won’t kena bad luck…

  • Hmm… i wish i can read the hansard at the time of ammendent. So i can agree of your claim.. Err can you help me to find it please.?

    • Well, it’s not just me Hiew. I haven’t personally hacked a Wi-Fi connection yet, but I’ve been told by reliable sources that it isn’t hard and the evidence on the web seems to suggest this is the case as well.

      It could be that if you have a poorly secured Wi-Fi connection, someone in your neighbourhood could be stealing your Wi-Fi for their personal use, or worse– to implicate you in a crime. Poorly secured Wi-Fi connections are like leaving the door to your house open at night, dangerous and insecure.

      • Indeed I’ve heard this from Johnson too. It is quite scary. I’ve set my own password, making sure it is long, has alphabets and numbers, etc, but looks like even that is no guarantee. At the moment my internet connection at home seem to be ok. Hopefully I won’t kena bad luck…

  • Hmm… i wish i can read the hansard at the time of ammendent. So i can agree of your claim.. Err can you help me to find it please.?