In this report we will analyze the security of the Wi-Fi networks in Sao Paolo, Brazil. There are two chief reasons for this:
This article follows similar research conducted in Caracas, Venezuela, the results of which are available at http://www.viruslist.com/sp/analysis?pubid=207270940
Sao Paolo is a lively and business-oriented city. Its geography and the architecture of its skyscrapers make it possible to easily implement Wi-Fi networks. In every corner of the city we visited there was at least one available Wi-Fi network.
This research, like the previous one, examines the security of the networks; however, there were no actual attempts to compromise the networks that were studied.. Rather, o ur purpose was to come up with an objective description of the current state of Wi-Fi networks: type, security and other interesting features for the IT security savvy. This report's data was gathered in public places: business areas, streets, parks, restaurants and transport stations.
Let's now unveil our findings, starting with the physical characteristics of the equipment detected. It is worth noting that this research covers the the 802.11a/b/g protocols.
Wi-Fi channels in Sao Paolo are shown in the following graph:
As expected, channels 6 and 11 were the most widely used. More than half of all networks in Sao Paolo resort to channel 6. In fact, much of the hardware equipment designed for the implementation of Wi-Fi networks is preset for that channel. Apparently, many system administrators do not bother in analyzing the Wi-Fi traffic in order to choose the least used channels.
Regarding the networks’ transmission speeds, most of them work with standard 802.11g – 54Mbp/s. This shows that the equipment used to implement the Wi-Fi networks is new or new generation -the maximum speed or the previous generation (802.11b) was only 11Mbps.
What can be said about vendors or manufacturers of the hardware used in Sao Paolo? Our research reveals that a large portion of Sao Paolo's market belongs to D-Link. Nearly 42% of all Wi-Fi networks in Sao Paolo rely on D-Link-manufactured equipment. The second position, with 26% of the market, is held by Linksys.
These 2 brands are the most common in the Wi-Fi market in Sao Paolo and possibly in the entire Brazilian market.
As for the type of Wi-Fi networks in Sao Paolo, as expected, around 98% are infrastructure-type networks and only 2% are Ad-Hoc type.
The security issue regarding Ad-Hoc Wi-Fi networks has already been discussed in our weblog: http://www.viruslist.com/en/weblog?weblogid=208187463
Given that in these cases the connection is made through a host and not through a wireless access point, hackers could sniff the traffic processed by the host and steal personal information from users: passwords, pins, etc.
Among all the Ad-Hoc networks, we found only one that used Web encryption - its SSID was “msgSpot”. Such a name could lead anyone to think that it is a hotspot, and as we mentioned before, the fact that it is an Ad-Hoc network jeopardizes all connections to the network and makes confidential data vulnerable.
Sometimes, access to hotspots requires a payment: the home page usually invites connected users to pay connection time with credit cards. Doing this could be extremely dangerous since a hotspot like the above mentioned has an Ad-Hoc connection.
As we are already talking about security, let’s now analyze the type of encryption used on Sao Paolo’s networks:
As the graph shows, half of the networks resort to WEP encryption. AAlthough it is better to use this encryption than no encryption at all, WEP encryption was declared vulnerable a long time ago. Hackers could easily break the code in a very short time.
26% of the networks have implemented better encryption methods, namely WPA (22%) and WPA2 (4%). 24% of the networks use no encryption methods at all. Such networks are either widely open to the public or have implemented rather simple security devices, such as access filtering by MAC address.
The systems used for the management of coding keys and authentication devices in networks with WPA/WPA2 are shown in the following graph:
Around 79% of the WPA/WPA2 networks use the PSK method for keys management. PSK (Pre Shared Key) keys are usually used in domestic networks in which there are no special servers with advanced authentication. This encryption mechanism is far safer than WEP, yet it is also vulnerable to dictionary attacks.
On the other hand, the 802.1X/EAP authentication mechanism (which is safer than PSK) is used on 21% of the networks with WPA/WPA2 encryption. This mechanism allows a number of authentication methods: token cards, Kerberos, one-time passwords, certificates and public authentication keys.
As for SSIDs, around 15% of the detected networks use an SSID preset by the manufacturer. This practice is dangerous, because from the very beginning it provides the hacker with all information about the access point used by the network.
Around 6% of all networks have a hidden SSID, i.e., the SSID is not broadcast. This practice allows Wi-Fi network administrators to enhance the security of the connection to their access point, but it is insufficient as a single mechanism of security.
In Sao Paolo, much of the equipment that works on 802.11g now supports WPA or WPA2 encryption, which offers enhanced security compared to WEP. However, it seems that network administrators stick to WEP coding because of habit rather than any other reasons.
More than half of all networks use channel 6. Thus, if you plan to set up a Wi-Fi network in Sao Paolo, it might be a good idea not to use this channel. Instead, it would be better first to scan all frequencies to identify less-used channels and thus secure higher performance of the future network.
Unlike Venezuela, where the chief vendor of Wi-Fi equipment is Linksys, In Brazil D-Link is the market leader.
Based on available data regarding the number of networks and statistics shown above, we could conclude that Brazil is doing things right. However, more serious thought should be given to security of the Wi-Fi networks in order to guarantee: