Are Open SSIDs in decline?

Published: 2012-05-01. Last Updated: 2012-05-01 15:43:40 UTC
by Rob VandenBrink (Version: 1)
15 comment(s)

After hearing about my wife's iPad disconnecting from wireless for a couple of weeks (ok, maybe a bit longer than that), I decided to do some upgrades to the home network and replace the problem Access Point (and older home unit).

So off to the store I went, and came home with a bright shiny new A/B/G/N AP.  After throwing the DVD away (you know, the one that comes in every box with the outdated firmware on it), and updating the unit to the current rev, my kid and I started setting it up.

It's been a while since I worked on a standalone AP - my builds normally involve controllers and *lots* of AP's.  So imagine my surprise and joy when I found that these home units no longer default to an SSID with a default name and no security!  This one started the setup by defaulting to WPA-2 / Personal, and asked me what I wanted to use for a key !  You really have to be determined now to create an Open SSID ( good news ! )

So are we looking the long, slow goodnight of open wireless on home networks?  I've written in the past about how tablet users that don't know better routinely "steal" wireless from whoever is close without thinking twice - is this going to get harder and harder from them over the next few years, as people migrate to newer APs?

On the other hand, we're seeing more and more guest networks that are open, things like coffee shops, municipal offices, hair salons - pretty much anyplace you're likely to spend more than 5 minutes at seems compelled to offer up free wireless.  But using free wireless that's offered to you is a much different proposition than stealing it from someone who's misconfigured their home network..

I invite your comments - my AP's name starts with and L and ends with an S (made by our friends at C***o).  Are the current models from other vendors implementing better defaults now too? 
 

===============
Rob VandenBrink
Metafore

Keywords: open ssid
15 comment(s)

Comments

WPS enabled by default?
When we signed up for AT&T U-Verse they installed a 2Wire gateway that includes 802.11b/g (no n; it's a few years old). It had WPA2-PSK already enabled with the pre-shared key printed on the 2Wire itself. I think it is just the MAC address. I was able to change it to something else without any problem and if it ever gets reset to factory defaults, it's back to the same preprinted PAK.
I can't speak to all vendors, but I know one (rhymes with shmerizon) gives you a router with wifi when you sign up for their Internet service. As of 8 months ago the default looked like it was setup with the network name being the serial number of the router, and WEP was set for security. I'm sure that the routers you buy from the box stores come with better security now, but I'd bet that the setups that average home network users get from the big providers are still pretty weak when it comes to security. They tend to care more about interoperability with legacy laptops than security. Your standard ISC reader will obviously fix this issue, but the masses are still out there with lame-o security from what my most recent Kismet scans from my kitchen table show.
I've seen the 2wire SSID's and wonder if there is a pattern to them, like with the Verizon MiFi devices.
Fewer devices ship open by default but we are seeing a trend towards more open Wi-Fi hotspots as cell carriers struggle to keep up with the demands on their bandwidth. This isn't going away but we will see the attack surface shift from the home to the high street.
I deliberately enabled open SSID because I have some devices that only take WEP or open and I would have some difficulty convincing a jury that WEP = no practical security.
A quick scan of my own area has about half the routers using WEP and the other half using WPA/WPA2.

Of those using WPA/WPA, rougly half were configured to use AES only, the other half TKIP/AES. There was one configured to use TKIP only.

Roughly 1/3 were WPS enabled.
I started seeing devices defaulting to security about a year or more ago. I was pleasantly surprised too. It can only be a good thing.
A cable company whose name rhymes with "box" sets up the wireless routers, at least in this area, like so:

SSID: LastName+FAM so if your last name is Jones your SSID is JONESFAM

Key: Home phone number with area code but no dashes. Something like 9702345431

I don't know what they do if you don't have a home phone number. Probably leave it open.
There's an interesting graph at http://www.wigle.net/enc-large.html.

It would also be interesting to see how many devices have WPS enabled by default nowadays too...

Diary Archives