A few things annoy me about how KARMA works. First off, if my wireless network at home is WPA2-PSK and one shows up with the same name somewhere else without any encryption, all the operating systems I know of will happily connect to the impostor.
Why operating systems don't try to match a given access point (or an AP mesh/WDS) to a key and warn you if there's no encryption when it has a key stored for the network boggles my mind.
For networks that aren't meshed, I think that the AP list should keep track of the BSSID (MAC address, essentially) of the access point, as well as any encryption keys.
I know very little about wireless drivers, supplicants, or even the lower level protocols more than tools such as Wireshark show me. I really have no idea how feasible this functionality is. In my opinion, if wireless connection tools alerted users to inconsistencies, things would be a little more secure. It most certainly wouldn't be hacker-proof. Even if these defenses were able to be switched on in some "advanced" control panel, I would probably sleep better at night after having set this up and educating my users.
As it stands, the only defense is to trust nothing by default, keep your software up-to-date, log out of all of your sessions and kill all your cookies before connecting to public WiFi somewhere -- or in some cases, even in your own home or office.
In the blink of an eye, tools like Hamster & Ferret can snarf valid sessions for your sensitive online web-apps, and as more things move "into the cloud" the more sensitive information could potentially find its way into the wrong hands.
Given the ubiquity and untrustworthiness of wireless networks, I feel like this is one of the weakest links right now. How would you fix WiFi? Are any of my ideas even possible?
Don't tick 'Connect Automatically' would be a good start.
ReplyDeleteMaybe if it was possible to encrypt the Client Probe then systems such as Karma couldn't pick out the SSID to start with.
Yeah I agree, autoconnecting to AP's based solely off ESSID is a bad Windows feature. Most non-MS based connection clients use the BSSID which is better, but still spoofable with a little more skill.
ReplyDeleteI meant beyond things like autoconnect, though (which I covered here. I'm talking about the way operating systems and drivers handle the wireless connection.
ReplyDeleteAnd yes, it would only take a little bit of work to make Jasager scan remote access points, and change the MAC of the adapter the fly to match one of the nearby access points. That might be kind of cool, but you can only spoof one BSSID at once. I think. Hmm... (digs through wlanconfig create syntax...)