English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Wardriving in Caracas (Venezuela)

This report provides an insight into the state of WiFi networks in Caracas, Venezuela. It should be noted that this is the first time such research has been conducted either in Venezuela or on the South American continent.

The research uses data that can be accessed by the general public. No attempts were made to harvest or decrypt data, nor to access users' personal data. Furthermore, this report does not include information about the physical location of network access points or the exact names of the networks detected.

The research was conducted between 4th and 7th July 2007, and was mainly conducted in business districts and public places such as shopping malls, parks, and hotels.

The geography of the city, a blend of plains and mountains, makes it ideal for such research, as higher locations offer clear visibility which make WiFi networks easy to detect. The results were exciting: the entire city is full of access points which means that wherever users are, they will have access to a WiFi network.

Let's now take a look at the WiFi networks we detected in Caracas. We gathered data on networks that use the 802.11 a/b/g standards. The results show that the vast majority of these networks use the 802.11 g standard, i.e. 54Mbps/s, indicating that the equipment used in these networks is relatively new or up-to-date.

Only 15% of the networks detected still operate under protocol 802.11b with a transmission speed of 11Mbps/s. This leads us to believe that the boom in WiFi networks in Caracas is relatively new (and probably highly popular among inhabitants of the city).

This diagram below shows a breakdown of detected networks according to standard:

We did not detect a single network working under the 802.11a standard.

As we anticipated, most of the networks operating have a fixed infrastructure, and only a few ad-hoc networks were detected.

The most frequently used channels for network operating are channel 6 and channel 11. This is unsurprising, as these are the default channels set by hardware manufacturers.

More than half of the networks (51%) use channel 6. Anyone wanting to set up a new WiFi network in Caracas would therefore be advise to choose any channel apart from channel 6, which is clearly overcrowded.

As far as the Service Set Identifier (SSID) is concerned, most of the networks detected are configured to display their names to users. The data collected shows that only 7% of all networks do not display their SSID to users. It seems that network administrators believe that this will act as an additional defence against unauthorized access.

Additionally, 22% of the WiFi networks which broadcast their SSID are actually using the manufacturer's original default settings.

'Default settings' covers not only the default SSID but also passwords and In this case, we mean not only the SSID set by default, but also to passwords and configuration settings. This practice puts both the general security of the networks and also the data transmitted via them at risk.

Nearly half of all the WiFi networks in Caracas are open networks i.e. they can be accessed by anyone. The figure below shows the percentage of open networks and networks which are protected by some type of encryption protocol:

Local practice indicates that around 50% of WiFi networks should be unencrypted, providing anonymous public access. So if you're planning to visit Caracas soon, there's a very good chance that you will be able to access a network and have free access to the Internet anywhere you are.

Now let's take a brief look at the encryption methods used to secure the networks and connections to the WiFi access points.

Although it's widely known that the WEP protocol starting vector is vulnerable, it is still used to protect nearly half of the networks detected. In spite of the fact that anyone with a little basic training could break WEP 128 bit encryption in around 8 minutes, this protocol is still widely used to secure networks. This is largely due to the fact that the protocol is incorporated in firmware and system administrators therefore usually use it by default when configuring an access point.

Nonetheless, as the graph shows, 39% of the networks detected use WPA, a more secure encryption protocol, while 6% of the encrypted networks use WPA2, which is one of the most secure encryption protocols currently available. It should be noted that networks which don't use any type of encrypting may implement other security measures such as MAC filtering of addresses.

Now, let us dedicate some attention to the most popular brands used in Caracas WiFi networks. The undoubted leader is Cisco-Linksys.

According to our research, this brand accounts for nearly 40% of the market in Caracas. Seemingly, the price-quality ratio of this brand is high, which is why it is chosen by system administrators. On the other hand, it should be noted that D-Link products are becoming increasingly popular, and this brand is currently in second place. Other leading brand names include ShenZhen TP-Link, AboCom, 3Com, Belkin, Netgear and Cammeo Communications.

Following an announcement made by Cisco on July 26th 2007, the company got rid of the brand name Linksys and launched an aggressive sales campaign for its products under the stand-alone brand name Cisco. It's a little too soon to tell how this will affect the Latin American market, and the impact will be affected both by the quality of the products and the price.

Conclusion

Despite the fact that much of the equipment used in Caracas WiFi networks is new and uses state-of-the-art technology, from a security standpoint these products are not yet being used to their fullest extent. There still are a number of networks which do not use any type of encryption, allowing users the ability to connect freely and to access internal data. However, those networks which have implemented encryption continue to WEP which is vulnerable to attack. In addition, only a very small number of the networks use secure encryption protocols such as WPA2.


Comments

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Author

Analysis

Blog

Source