Since recent events like Google versus China and the arrests in Hubei Province have brought Chinese hackers out into the limelight, now is a great time to secure your wireless network from intruders. Because your personal information and bandwidth aren’t as safe you think.
The Transcend G-Sky with Backtrack
A friend recently referred me to a device available for sale in China (on Taobao) that? includes the hardware and software you need to crack wireless encryption. It costs 70 yuan (about $10) and is called the “All New Transcend G-Sky 8M Card King”. That’s a mouthful, but it’s actually a simple network adapter with powerful antennae that’s made for stealing information or bandwidth from neighbors or enemies. Combined with a suite of “Penetration Testing” Linux applications, it’s everything you need to break into (most) encrypted Wi-Fi networks.
How it Works:
After ordering the $10 package on Taobao, you install the wireless adapter using the included driver and USB cable. It comes with a powerful antennae that has a long range made for eavesdropping onto wireless networks near and far, which itself can be upgraded with an inexpensive attachment.
Once the hardware is installed, the included disc is used to run a Linux distribution called Backtrack, which probes and cracks nearby networks. The seller specifically mentions that he doesn’t offer tech support for the software, but refers customers to a Chinese language forum with a healthy community of users volunteering support. He’s nice enough to include an official-looking printed guide to the software written in Chinese for novices, though.
For $10 you have all the tools and instruction required to get started, which makes this an alarmingly brainless introduction to hacking wireless networks.
What’s at Risk?
The reason why we encrypt our Wi-Fi networks is two-fold: to prevent others from stealing our bandwidth and to protect our personal information from prying eyes. If your neighbor is streaming TV shows from Tudou on your Wi-Fi network while you’re trying to video chat with your family, you won’t wait long before finding a way to keep them out. At the same time, when you’re transacting money or private account information online, your data is susceptible to people armed with tools like Backtrack.
I asked a few questions of a friend of mine, Ben, who’s a computer security professional and he had the following answers for me.
Ben: It’s a Linux distribution for “network security testing.” It comes with all the relevant scanning, exploit, and attack software already compiled and working out of the box.
By your estimate, what percentage of wireless networks are vulnerable?
Ben: In China, I’d guess 60-70%. Most people use WEP encryption with weak keys – things like 12345, which makes you more vulnerable. WPA encryption can also be cracked, but requires more time because the software uses a brute force tactic on that.
Why is protecting yourself from this kind of attack important?
Ben: Data sent over Wi-Fi is really susceptible to eavesdropping. For Linux there are applications available like ImageGrab and Wireshark. ImageGrab scans for specific packets and reassembles them into images of what people on the same network are looking at. Wireshark looks for a different set of packets which tells you which sites people are visiting, whether they’re using QQ or Skype, and so on. Stealing cookies from users web sessions is also possible, which can allow people access to your e-mail and bank accounts online.
3 Steps to Protect Yourself
1. Connect to your wireless router. If you can’t connect by Wi-Fi, you can plug straight into the router using an ethernet cable. Once you’re connected, you can access the routers control panel (usually 192.168.0.1 or 192.168.0.2) and adjust wireless settings, including encryption.
3. Select an encryption key by entering any text you want. It should be at least 12 characters in length and include letters and numbers. Something like “CH3ngdUL1v1NG” would work well. Don’t worry about picking a key that you can’t remember. You enter it once in any devices that connect and they’ll store the password for the future, whether it’s your smart phone, Windows desktop, or Macbook.
For more information, read this guide published by PC Magazine.
What do you think?