Why unencrypted wireless network are bad

A lot of times, speaking to people about home wifi and security, i hear something like this: “Why should I encrypt my home wireless network, I don’t mind sharing my internet connection, I’m ok with it as long as I don’t need my whole bandwidth”. And I can’t tell that’s wrong at all.

But what these people don’t think, which is not obvious for those who doesn’t know how it works, is the whole question of security: when you connect to a wifi network, you usually exchange data over the air with an access point, which is the only device supposed to receive and process it.

But when you send data through your wireless card, you’re just broadcasting it over the air, and every device close enough to your computer which is capable of receiving wireless data could potentially receive it.

As you could imagine, when you establish a connection through an access point, you’re sending data but you’re also receiving data from it. That means that every wireless card has the capability of receiving data of a wireless connection. Obvious.

But then, how comes that I can surf the Internet without seeing the traffic of all the other people of the network? Of course, the wireless protocol grants that only the data meant to be sent to my wireless card will be processed, ignoring all the packets sent to other’s. That’s clear and reasonable.

But what you should ask now is: who is granting that the wireless protocol is working that way?

Nice question. It’s the operating system. It speaks directly to the hardware, which is meant to receive bits correctly and not much more. The card then turns the bytes received to the operating system, which interprets them and decides what to do. Usually operating systems are built to avoid people messing up with the hardware itself, which is usually a good idea, so the protocols are deeply integrated with them. Here is when you come and say: “The hardware is mine and I want to do what I want with it”. That’s why you should use Linux. Linux is free, and so are you when you use it over your computer hardware. Linux is programmed to work as you expect it would, but it always lets you do what you want if you know how (and have the right permissions).

That means yes, you can actually receive data packets the other people are broadcasting, as long as you’re close enough with the source of the wireless signal and you have a wireless card capable of doing that (most of the cards will work, but some cards which are hardware-blocking this possibility exist).

Now that you understood that you can receive other’s data, let’s go back to the encryption problem. Of course, since you’re broadcasting data over the air, you can always be received by someone else’s wireless card. But if you’re connected to a unencrypted network, you are also sending data in clear. That means you’re broadcasting to potentially anyone everything you’re sending to the network, and they can read it in clear. The funny thing is that, when you’re only receiving data, no one can notice it since you’re not transmitting anything yourself. You don’t even need to be connected to the same network, you just have to listen on the right “channel”.

Fortunately, you’re not beaten yet in this privacy war. If you’re connected to an unencrypted wireless network but you’re using an encrypted service, such as https, you’re still transmitting data in clear, but that data is https data, which has already been encrypted by the https protocol, which you and the endpoint are using (and want to use). So when the malicious listener receives the wireless data, he can see it, but he’ll found it’s encrypted data.

You can now understand that all the unencrypted traffic sent through an unencrypted connection can be intercepted and read in clear by a potential attacker.

Some examples of unencrypted services that transmits unencrypted data are ftp, pop3, smtp, http. If you use one of these protocol over an unencrypted connection you can be easily read by someone other’s computer nearby.

I’ve created a little bash script which looks for an unencrypted wireless network and starts listening for packets sent through it. Then you can use your preferred packet sniffer software to display and analyze the packets received from your wireless card.

Here’s the code:

 

#!/bin/bash

dev=wlan0

echo "Setting $dev to managed mode"
sudo rfkill unblock wifi
sudo ifconfig $dev down; sudo iwconfig $dev mode managed
sudo ifconfig $dev up

channel=""
ssid=""
unencryptedchannel=""
sleep 2
echo "Searching for unsecured network channels"
for word in `sudo iwlist $dev scan`;
do
if [ "$word" == "Cell" ]; then
channel=""
ssid=""
fi
buf=`echo "$word" | grep "Channel:" | cut -d':' -f 2`
#echo "Buf: $buf"
if [ "$buf" != "" ]; then
echo "I've got a channel! The channel $buf"
channel="$buf"
fi

essid=`echo "$word" | grep "ESSID:" | cut -d':' -f 2`
if [ "$essid" != "" ]; then
echo "The essid is $essid"
ssid="$essid"
if [ "$unencryptedchannel" != "" ]; then
break
fi
fi

enc=`echo "$word" | grep "key:" | cut -d':' -f 2`
#echo "enc: $enc"
if [ "$enc" == "off" ]; then
echo "The channel $channel has no encryption!"
unencryptedchannel="$channel"
fi
done

if [ "$unencryptedchannel" == "" ]; then
echo "No unencrypted network. Quitting"
exit
fi

echo "Your channel is $unencryptedchannel, on wifi network $ssid. Proceeding with sniffing"
sleep 1

echo "Putting $dev in monitor mode"
sudo ifconfig $dev down; sudo iwconfig $dev mode monitor
sudo ifconfig $dev up
sleep 1
while [ "`iwconfig $dev | grep Monitor`" == "" ]; do
echo "Monitor mode not set, retrying"
sudo ifconfig $dev down; sudo iwconfig $dev mode monitor
sudo ifconfig $dev up
sleep 1
done

echo "Setting $dev to channel $unencryptedchannel"
sudo iwconfig $dev channel $unencryptedchannel
echo "Interface $dev ready for sniffing."

This code is not intended to be used for malicious purposes, this is just a proof-of-concept to understand which are the real risks of transmitting through an unencrypted network. Use this code to try and intercept your own traffic while sending emails with smtp, or retrieving them with pop3, or connecting to your ftp host. You’ll better understand what I explained in this post.

It’s even possible to intercept images you are seeing on your browser through http, yes, like Facebook photos and similar. That’s because Facebook by default avoids using https after the login due to its bandwidth cost.

I should conclude encouraging you to encrypt your wireless connection if you want to protect your privacy, or at least to be aware of the risks you can take by using it with unencrypted services.