Saturday, July 30, 2016

War Walking

 on  with No comments 
In ,  
You've done all your due diligence.  You've optimized the transmit power of all of your access points to allow little to no signal outside of your boundaries.  You've enabled WPA2 on the corporate SSID, and installed certificates on all authorized laptops.  You've tightened up the physical security of your environment, and nobody is getting in.  Your users have been trained and will be retrained periodically in the future.  And finally, you've hired a third party to do a wifi security assessment on your environment.  All set, right?

Not exactly.  Have you accounted for WarKitteh?

WarKitteh, and its partner WarDoge, is an interesting project that involves a wifi enabled cat collar for the purpose of wardriving.  In the early days of wifi, you may recall wardriving being a thing where people would drive or walk around with a laptop computer and specialized software to log all open wireless access points for the purpose of obtaining free Internet access.  War drivers would share their databases, and even mark the buildings where they found open wifi with chalk.  Today its not that difficult to find free wifi, every coffee shop and fast food joint in town offers it.  No, today if anyone is looking, they have ill intentions.

In the space of a cat collar decoration, a wifi receiver and GPS unit are able to log all visible access points along with their GPS coordinates.  The gentleman behind the project notes that on a particular run, he found 23 wifi hotspots in his neigborhood, of which better than 30% were open or encrypted using only WEP.  The discovered networks were mapped using Google Earth.   Cat not included.

Now, lets think back to the hypothetical network in the opening paragraph.  You've locked it down tight through every technical means possible.  You've addressed the physical security of your environment well enough that no person is getting in without you knowing about it.  Now can you say you've never seen a cat or dog walking around outside the building?  It doesn't have to be a big cat.  In fact, the collar could probably fit on a rat or a gerbil.

Just one more thing to think about when you do your security audit and your wireless site analysis.


Post a Comment

Discuss this post!