Spam hotspot
November 29th, 2005 by Aviram, Filed under: Commentary, Privacy, Spam, Phishing
Wardriving is practically extinct. It doesn’t make sense anymore to drive around looking for wireless hotspots, because that will be like using a complex GPS navigation system to find a starbucks. There’s no need to search for it - it’s right around the corner!
Wireless hotspots are everywhere – from the local coffee shops trying to compete with Starbucks by giving away free wifi, through the motels that found themselves forced to provide free Internet to their guests, to the community-sponsored free hotspot in places like Palo Alto. Google announced plans to cover Mountain View with free hotspots, and suddenly you don’t even have a driving license in order to wardrive.
This is all a good thing, of course, because it means I can enjoy Panera’s excellent soup without missing this week’s PBF cartoon. But there’s one drawback to this situation - we lose traceability.
Right now whenever someone decides to set up a new kiddie porn site, whether it’s on a zombie machine or a “bullet proof” hosting server, that machine has a unique IP address that is traceable to a person. Typically, only the ISP that provides the actual network connection will know who the person or organization behind that IP is, but that’s usually enough. If it’s a serious offense such as kiddie porn or phishing, coordination between the ISP’s and various security groups will get that machine shut down, and if necessary, prosecute the owner. Traceability is here in a sense that every IP identifies an ISP who can match {IP, timestamp} with a paying user. This will not be the case with free wifi hotspots.
With free wifi, there’s no authentication. Even if there were, as long as there’s no payment, the authentication is worthless.
Consider the following situation. I go to my favorite Café, order a tall Laté and post an anonymous note in a forum threatening to kill my teacher. In a typical scenario, the police could trace my IP from the forum logs, go to my ISP and ask for my address. But the IP that appears in the forum belongs to the wireless router used in the Café. Even in the unlikely situation where logs are kept, all the Café has is my internal address and my MAC address. I might even be there when the police comes – drinking my coffee and connecting to other web sites. They’ll have a hard time tracing my machine without triangulation hardware, and if I bought a new Wifi card at Fry’s, my MAC address will be different and then I really disappeared off the map.
Now consider this on a larger scale. Lets say I buy a mini-Mac, find my nearest Panera and place the mini-Mac some place where it won’t stand out (tape it on the rear restaurant walls near the garbage cans?) and use the wireless connection to send out kiddie porn pictures to a mailing list, or just plain spam. Even when somebody traces my machine back to Panera, it will be difficult to find the computer without sophisticated hardware. Even when it’s found, all I lose is the machine – it will never be traced back to me.
Easier and more reliable than using a zombie. Only a few hundred dollars to set up, no monthly fee (and no roaming charges, but I digress).
I’m not sure how to solve this problem, without completely shutting down free wifi access the way it is today – and I really wouldn’t want to see that happens. Maybe it’s one of the risks that arise when new technology comes into play.
-
Scan your web site for vulnerabilities with a Vulnerability Scanner - Be Safe!
Subscribe
Subscribe
This seems to be a similar problem as with public mailboxes and pay phones. It’s easy these days to send a piece of physical mail or make a phone call that can not be traced (except to a physical location you were at in the past).
Your minimac scenario only works as long as public hotspots have open policies for incoming connections. This isn’t necessary; these hotspots are intended for clients initiating outgoing connectionsT. The public hotspot I’m using right now doesn’t allow connections initiate from the outside to reach my laptop. Okay, there are ways around this but it does make setting up a public http server a pain.
That anonymity is feasible on the Internet today is a fact that must be dealt with. IP addresses were never intended as an authentication method.
Maybe the coffe shops can implement some authentication based on the buying tiket. Wen you use credit card, some data are kept by the seller, so there can be a way. if you pay using cash, the seller can ask for a taxes pay number. Something like a tributary identification number.
Open WiFi will soon come to be known as just as dangerous as open SMTP is known to be now.
I’d imagine we’ll start seeing network auth on these WiFi APs and that access to them will soon be tied to a purchase (coffee shop ticket, room number, etc.)
As for community WiFi… that will be dangerous. I’d expect that invasive requests for information will soon become part of the process for getting access to municipal WiFi once the dangers of it are fully realized.
Unfortunately, that transition could well take decades, as has been the case for e-mail. We still haven’t seen a transition to any kind of authenticated sending model in that application, and that is what is sorely needed.
This, and most other open-wireless-security-issues articles I’ve read all assume the attacker will visit the hotspot. Yet, with current wireless tech, it’s a simple task to order the equiptment necessary to connect to a hotspot without being in the same building or even the vicinity of the open hotspot.
http://www.wired.com/news/wireless/0,1382,68395,00.html
Something even as simple as a parabolic antenna connected to a standard wireless card can allow an attacker very unrestricted access to wireless hotspots.
http://www.hyperlinktech.com/web/antennas_2400_out_directional.php
Now, if you were to get a hotel room in a highrise looking out over a city who knows how many hotspots you could connect to?
There is a very slippery slope that we tread when we begin to look at technology issues like this one. While I can agree that the potential for abuse is clear, there is also a need to assess the threat and compare it to the potential greater good. What other options do the cafes have if they want to keep their internet access up and running? They could install traffic monitoring tools, but we all know that traffic can be encrypted and traffic monitoring tools without extensive Linux knowledge get expensive very quickly. Also, would you want to surf the Internet at a shop where they are watching you, or a shop where you are free to go as you wish? There are other, more extreme, options that involve outside parties such as the government and whatnot, but most of us would rather the pimply-faced kid at the coffe shop know what we are doing instead. My point is that while the threat of spam and other abuses of an open WiFi system exist, we must not overreact and make sure the the solution does not kill the benefit of the access in the first place.
Michael - you are absolutely right. We definitely don’t want the coffee shops to spy on us (and they probably wouldn’t want to do that, either).
But I did like suggestion by Cdrack to have some form of micro-authentication that can at least give a lead to the law enforcement guys.
On the other hand, I’m not too worried about Ryan’s comment about the bad guy not being there physically - if we can somehow ‘trace’ somebody who is 100s feet away, we (and I use ‘we’ for the people triangulate wireless signals before breakfast. I wish) can do that for someone 1000’s of feet away. It then becomes a cat-and-mouse game, similar to how phone phreaking tried to use many hops to fool the law enforcement guys (time to read ‘takedown’ again…)
I can now find wireless service in McDonalds in Israel… I think that sums the availabilty part of your statments.
sunshine - spam from that hotspot will go something like: “would you like to enlarge your pen*s for 1.90?”
Even with proper authentication, the problem will still exist as we all know the security flaws in wireless technology. Unless security is enhanced for this technology, we will not be able to defeat this problem so soon.
using an open proxy is way more simple than travelling somewhere anyway, and with LOTS of open SMTP servers across the net, I don’t even think security can be talked about. It’s none… The only solution is to protect better, which is not actually the best strategy, but it’s like building a good fortress to protect against people throwing stones. And in case there is a large scale attack, then it’s worth the effort to go and get them.
You can also get disposable PAYG Visa and Mastercards to use, and those do not need to be registered before use, so no way of tracing those if paying for connection at a wireless hotspot.