AT&T Instructs People to Set Up Their Wireless Networks Insecurely
One of my customers had a wireless router die, so she got a new one from AT&T and tried to set it up herself.
After fiddling with it a bit, she called me, I went over and got it set up. In the process, I noticed an odd thing. Years after the arrival of uncrackable encryption, AT&T is telling their customers to set up their wireless networks in such a way that they can easily be cracked in a matter of just minutes… While setting up my customer’s network, I noticed the AT&T supplied pamphlet she herself had been working from.
It instructed her to set up WEP encryption.
Now I have an idea of why they probably do this. WEP is older encryption technology, so that means it’s been around longer and even people with older computers should be able to use it.
There are still a few people whose equipment might not be able to work with the newer and far more secure WPA — at least not without upgrading some of their equipment a bit. And, WEP is definitely better than no encryption at all.
But the fact is, WEP is inherently insecure.
If you use WEP, anyone who has an idea of what they’re doing can crack your network within minutes.
In fact, here’s a very nice little instructional video on how to do it. Cracking WEP is covered in the first 4 minutes. It takes a little bit longer to actually do it, but you can learn the essentials of cracking almost in the time it takes to fetch a beer from the fridge.
The video also includes 3 good reasons for securing your wireless network:
1. Your network resources are exposed to unknown users.
2. Your network traffic can be captured and examined.
3. Your internet connection can be used for illegal, immoral, or objectionable activities.
WPA, on the other hand, is secure — IF you set it up properly. And it’s really no more trouble to set a wireless network up properly than it is to do it the wrong way.
If you don’t set WPA up properly, though, it’s no better than WEP.
“Properly” in this case means using a nice LONG passphrase that isn’t just made up of dictionary words.
In other words, “robert53” is not a secure WPA passphrase. Way too short.
“inthemoldcottonfieldsbackhome” most likely isn’t a good WPA passphrase, either. It’s long enough, but it only has dictionary words.
On the other hand, “nicelong302w6aciwpog#*22(&)#!” used with WPA should keep any and all wireless crackers out. It’s about 30 characters long, and includes a lot of utterly unguessable nonsense.
At that point, it’d be almost infinitely easier to break into your house and steal your laptop in order to get the key.