War driving in Santiago Chile
Between 6th and 11th October, we went war-driving in Santiago, the capital of Chile, with the aim of collecting data on the city’s wifi networks. Why did we choose Chile? Simple – as the diagram below shows, it’s got the highest Internet connectivity out of all the Latin American countries. (Data is taken from internetworldstats.com , 30th June 2008.)
Percentage of population with Internet connection in Latin American countries
Going on the figures shown above, almost every other Chilean has an Internet connection. Additionally, this country seemed an interesting research candidate due to its well developed economy, and the widespread use of electronic devices in almost every area of daily life. Figures for the latter are higher than the figures for Argentina, Brazil and Mexico.
The research was conducted in business areas; the economic hub of the city, where the offices of major companies are located. We also sourced data from the city centre which is visited by a large number of tourists. Slightly more than 1700 networks were detected, and data relating to these networks was analysed, with our focus being on 802.11 a/b/g networks. No attempts were made to intercept or decrypt any wifi network traffic.
First, let’s take a look at the channels used by the wifi networks we detected in Santiago.
As was to be expected, the majority of networks use Channels 6 and 11; this is because these channels are often used as the default when configuring the access point equipment.
Channel 5 is the least popular, making it potentially a good choice if you live in Santiago and want to set up your own wifi network.
As for the equipment used, there’s no vendor with a clear leading market share. D-Link, Cisco, and Asustek make up the top three, accounting for 50% of the consumer market. It may be that one of these companies will gain a leading share in the future.
The figure below shows the data collected relating to network SSIDs (network identifiers):
As the diagram shows, 77% of all networks detected transmit the SSID, making it visible to any users within range of the access point. Only 23% of networks hide the SSID – hiding the SSID improves network security, although this is not the only security measure that can be taken.
Another security measure is encryption. As the figure below shows, 16% of all networks detected do not use any encryption at all. This means that anyone within range can connect to the network. Networks which do not use any form of encryption may use MAC address filtration as a form of security. However, this approach does not guarantee security, as all MAC addresses are transmitted over the network without any form of encryption. This means that any malicious user can sniff the network and get the MAC addresses of users who are already on the network. S/he can then use one of these “genuine’ addresses to get access to the network.
Although, as mentioned above, 16% of the networks detected do not use any type of encryption, 61% of networks use WEP encryption. It’s been known for a long time that this type of encryption is vulnerable as a malicious user is able to conduct an attack designed to get the access key to the network. However, it should be noted that in comparison to other Latin American cities (Caracas, Montery and San Paolo) where we have conducted similar research in the past, Santiago has the lowest number of open networks.
Only 23% of all networks detected use WPA encryption, which is a more secure option both for the network, and for the users of the network.
As Internet usage becomes more and more widespread in Chile, users are increasingly migrating to wifi networks. Consequently, the number of wifi networks is on the rise. However, wifi networks are not necessarily secure; malicious users may exploit them to spread malicious code and other threats, and for other types of cybercrime, such as stealing users’ confidential data (e.g. passwords, user names etc.) Before using a wifi network, you should check the security that’s in place, particularly if it’s a public network.
And if you’re the network owner, you should be putting security measures in place such as WPA2 encryption in combination with MAC address filtration. The SSID network identifier should be modified and hidden; you can also adjust the strength of the signal so that the network is only accessible from the areas in which you intend to work. It also makes sense to check log files as they will enable you to track any attacks on the network. Taking all these steps will reduce the likelihood of your network being used by any third parties, including malicious ones.
Article by Dmitry Bestuzhev, Kaspersky Lab.