When Is WiFi Use Theft?

July 8, 2005

Security, Technology, Wireless

By now, everyone has probably read the news of the man who was arrested for “stealing” an unsecured WiFi signal. As I have read the news stories, several thoughts have come to mind:

  • How can someone be guilty of theft when he was not on the land of the property owner? Indeed, the signal was being broadcast onto public property.
  • On the other hand, mail messages move through public space. The mere transit of public property does not vacate the right to have security of transit for paper-based mail. And what about phone lines? They sit on public property. [Actually the phone companies have been granted easements by public landholders – i.e., the government.] So standing on public property shouldn’t “permit” you to exploit a wireless signal.
  • How can someone be gulty of theft when the signal was not encrypted and the router was completely unsecured?
  • On the other hand, if I leave my unlocked briefcase in an airport restroom, this does not give anyone the right to open the unsecured briefcase. Of course, shame on me for not locking my briefcase. And shame on me for leaving my valuable documents in an unsecured container on public property. But the fact that a lock has not been enabled does not give someone the right to open the briefcase.
  • How can anyone own a wireless router and not take even the most basic of precautions? People don’t seem to realize that sensitve data is being broadcast beyond their property line.
  • In the past, I’ve done some “war walking” to demonstrate (in)security. Should I turn myself in?

But let’s put aside the ethical discussion for a moment. What should we do?

As individuals, we should secure the wireless infrastructure that we have installed. Here are a few basic steps you should follow:

  1. Locate the Router or Access Point Appropriately
  2. Change Default Administrator Passwords
  3. Change the Default SSID
  4. Disable SSID Broadcast
  5. Turn on Encryption
  6. Enable MAC Address Filtering
  7. Assign Static IP Addresses to Devices

In addition to these simple steps, you should also check out good security sources on the Internet. Tony Bradley has an excellent series of tips on the About.com network. Tony also has some great links to books and other articles.

Once you’ve secured your own systems, start thinking about those around you. As wireless consumers, we should urge the many wireless device manufacturers to simplify the process of enabling security. Linksys (a wireless hardware manufacturer) and Broadcom have created the SecureEasySetup program. Buffalo has endorsed the AOSS program. These two technologies were recently compared over at Tom’s Networking. I won’t recommend one program over another. But both programs do one simple thing: they make the process of enabling secuirty far simpler.

If you aren’t secured, what are you waiting for? Highly publicized arrests ought to alert you to the fact that some folks will use your wireless infrastructure – if you let them. After all, you have locks on your front door, don’t you?

-CyclingRoo-

*Update 7/8/05* – Declan McCullagh has a pretty good article about this subject at C|Net’s News.Com site.

Advertisements

Subscribe

Subscribe to our RSS feed and social profiles to receive updates.

One Comment on “When Is WiFi Use Theft?”

  1. Art Says:

    I was a little shocked at some of the responses as well. Per your example, it’s not “right” to steal someone’s WiFi if they don’t want you to. While “sniffing” their network might put you on safer ground for receiving a broadcast over public airwaves, you have to send a signal into that person’s house to make use of their leaked network connection.

    Unfortunately, while you offer excellent tips to solve the problem, the people who need to know these things will probably never read them. I hate to say it, but manufacturers should ship their access points in a locked-down configuration and let the users learn the “hard way”.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s