Monday, March 4, 2013

What I don't understand about WiFi Hackers

Rather than discuss whether the tools that are available are of any use in determining whether you are at risk or more importantly are any use in determining ways to compromise systems, the discussion revolves mainly around the cost of the equipment that is being promoted to enable penetration.

The Pwnie Expresss Pwn Pad is a case in point. Promoted at the RSA conference it is not whether the device is effective that the talk is about, it is the fact that they are trying to charge in the region of $600 for free software.

It seems to taken as red that users of wireless networks are at risk regardless of what measures that they may take. I don't think that there are many users that are not aware of wireless security and you are not easily put in a position where you can operate a network with no security in place. Encryption is pretty much setup by default and you would have to switch it off manually if you so desired. Most users are incapable doing this in any case.

The final irony is that even if you were to operate a wireless network with no security the relative risk that the average user would be exposed to would be minimal. Even if a "hacker" managed to penetrate your system and could "see" your traffic it is unlikely that that "hacker" could  do anything with this information. Apart from frightening the "hacked" into thinking that they are at risk and then sell them a solution so that they are presumably protected.

There are many that will disagree with me on this point but I would counter that many of these are the "profession" themselves and are in the business of selling you such solutions.

1 comment:

pwn_skeptic said...

I have just read some of the comments on the Pwnie Express interview about the Pwn Pad and earlier products and I see that the “Guns don’t kill people” argument was brought up. This was in relation to the fact that such devices, the Pwn Pad and others, are primarily aimed at those that are intending to “break in” in a network for nefarious means. Duh!

This was in defense of the production of such devices and that they should only be used for “good” and not “bad” activities. This is presuming that the devices do as they are claimed to do.

Further analogies were made with lock-picking devices for breaking into cars being outlawed in some States. Lock-Pickers like guns do in fact work and can be used to break into cars and perform violent acts on people. WiFi penetration solutions are mainly fictitious so the discussion doesn’t really need to be made.