Home Wi-Fi networks the next target for cyber crime: Layer 10
- 07 April, 2011 10:43
Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.
According to Paul Brooks, chief at Layer 10 Consulting - which contributed heavily to key aspects of the National Broadband Network - the density of Wi-Fi networks combined with lax encryption practices poses a major risk of data seepage.
In addition, current wireless security approaches such as WEP (Wired Equivalent Privacy) and Wi-Fi Protected Access (WPA) were in need of updating in favour of the new G.hn standard. This is a standard for high-speed home networking that spans coaxial cable, electrical wiring and phone lines.
"This is going to be the technology of choice for buildings where you can't retro fit with dedicated cabling for networking," he said. "For small businesses and homes, what we need to focus on is encryption and strong quality of service guarantees that won't be interfered with by other technologies.
“In some places with wireless signals you have the issue of leakage to neighbours that people could pick up on and get access to your confidential data."
Brooks said that even if cyber criminals were not trying to gain access to the home users' data it was easy, due to the close proximity of different wireless networks, to unwittingly interfere with wireless signals and cause them to stop working.
"Big organisations have staff to look after internal local area networks (LAN) and encryption technologies," he said. "But if you were a cracker and were looking to get access to people's banking details, it's much easier to tap in to the information at the source in people's homes rather than capture it in transit between the two."
That meant the adoption of high band width technologies was needed.
Besides security concerns, he pointed out that the newer generation of Wi-Fi offerings have short ranges.
"Their maximum range is touted to be in the region of five to nine metres so they are not going to be a solution to the problem.
Those offerings will be great for joining your DVD player to your TV remotely and getting rid of the rat's nest of cabling behind your TV but they are not going to be a solution for blanketing your house with a network that allows devices to interconnect."
He also said that the materials used in apartment blocks, such as concrete, can block Wi-Fi signals.
"For the gigabit wireless signals, a brick wall could completely block the signal [between walls] and reduce it to one room."
Another problem noted by Brooks is consumers would not have control over some aspects of the home network.
For example, digital network TV providers or digital rights holders would want the service provider to set up a fully encrypted end to end channel through to the output of the display device.
"To achieve that in a broadband world means the service provider will need to set up a secure encrypted channel between the broadband modem and the set top box.
You end up with a network. or multiple networks, inside the user's home that the user doesn't control," he said.
According to Brooks, this was like the electricity smart metering concept where the electricity provider wants a link between the consumer's smart meter and NBN connection.
"They want that [link] to be encrypted with a password. However, they want this set up in a way that the end user can't view the signals and can't block the signals [from the smart meter],"
While Wi-Fi security needed to grow in importance, he said Web browsing had become safer as protection was in place.
"You're covered if the devices and applications that people are using involve end to end encryption and we see that with Internet banking all the time. Web browsing is protected through the security socket layer (SSL). Then you only need to worry about distributed denial of service (DDoS) attacks and if someone stops the communication from happening."
Brooks is scheduled to present at the upcoming security conference AusCERTin May.
IDG Communications is an official media partner for AusCERT 2011.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU