AT&T Instructs People to Set Up Their Wireless Networks Insecurely

Posted on September 9, 2009 by John Woodman

AT&T Instructs People to Set Up Their Wireless Networks Insecurely

One of my customers had a wireless router die, so she got a new one from AT&T and tried to set it up herself.

2wireAfter fiddling with it a bit, she called me, I went over and got it set up. In the process, I noticed an odd thing. Years after the arrival of  uncrackable encryption, AT&T is telling their customers to set up their wireless networks in such a way that they can easily be cracked in a matter of just minutes…  While setting up my customer’s network, I noticed the AT&T supplied pamphlet she herself had been working from.

It instructed her to set up WEP encryption.

Now I have an idea of why they probably do this. WEP is older encryption technology, so that means it’s been around longer and even people with older computers should be able to use it.

There are still a few people whose equipment might not be able to work with the newer and far more secure WPA — at least not without upgrading some of their equipment a bit. And, WEP is definitely better than no encryption at all.

But the fact is, WEP is inherently insecure.

If you use WEP, anyone who has an idea of what they’re doing can crack your network within minutes.

There are numerous tutorials on YouTube & elsewhere showing anyone how to do this. You can learn the essentials of cracking almost in the time it takes to fetch a beer from the fridge.

If you don’t properly secure your wireless network:

1. Your network resources are exposed to unknown users.
2. Your network traffic can be captured and examined.
3. Your internet connection can be used for illegal, immoral, or objectionable activities.

WEP inherently exposes you to those problems.

WPA, on the other hand, is secure — IF you set it up properly. And it’s really no more trouble to set a wireless network up properly than it is to do it the wrong way.

If you don’t set WPA up properly, though, it’s no better than WEP.

“Properly” in this case means using a nice LONG passphrase that isn’t just made up of dictionary words.

In other words, “robert53” is not a secure WPA passphrase. Way too short.

inthemoldcottonfieldsbackhome” isn’t a good WPA passphrase, either. It’s long enough, but it only has dictionary words.

On the other hand, “nicelong302w6aciwpog#*22(&)#!” used with WPA should keep any and all wireless crackers out. It’s about 30 characters long, and it includes a lot of utterly unguessable nonsense.

At that point, it’d be almost infinitely easier to break into your house and steal your laptop in order to get the key.

This entry was posted in How. NOT. To Do Stuff and tagged , , , , , . Bookmark the permalink.