Just when you thought it was safe to use WiFi…along comes the latest threat: cats. Wait, cats? Really? Well, that is if the cat comes outfitted with the newest WiFi hacking device, called WarKitteh.
Created by Gene Bransfield, a security engineer at Tenacity Solutions Inc., WarKitteh riffs on the idea of war driving (and war biking), in which hackers ride around in cars trying to find vulnerable WiFi networks that they can hack into. When they find an open WiFi network, they can easily steal login information to bank accounts, social media, and email accounts from anyone accessing it. Software for wardriving (or warbiking) is easy to install and available for free on the Internet.
Bransfield created the hacking device for his cat after a co-worker gave him a collar with a GPS device. He took the collar home with him, added a Spark Core chip and a WiFi card and put it on his cat Coco. In all, it only cost him $100. Then he let Coco roam the neighborhood with the intent on seeing just how secure his neighbor’s WiFi networks were.
What he found surprised him.
Unsafe WiFi Networks
Coco’s adventure led to finding 23 WiFi networks, and one-third of them were using WEP (Wired Equivalent Privacy), a WiFi standard that is sorely out of date. As he told Wired, “There were a lot more open and WEP-encrypted hotspots out there than there should be in 2014.”
Bransfield plans on speaking at the DefCon hacker conference in Las Vegas about what he found, because while entertaining, his WarKitteh device could easily be duplicated by serious hackers.
Using Safe WiFi
Below is a brief overview of wireless network protection standards.
WEP was the first wireless network protection standard and was introduced in 1997. By 2001, several serious weaknesses were identified so that today a WEP connection can be cracked within minutes. In response, in 2003 the Wi-Fi Alliance announced that WEP had been replaced by WiFi Protected Access (WPA). WiFi Protected Access (WPA and WPA2) indicates compliance with the security protocol created by the IEEE to secure wireless computer networks.
The main weakness of WEP is its use of static encryption keys. When you set up a router with a WEP encryption key, that key is used by every device on your network to encrypt every packet that’s transmitted. But just because packets are encrypted doesn’t mean that they can’t be intercepted. The process of cracking a WEP key used to require that a hacker intercept millions of packets, but that’s no longer the case, and now they can be hacked in minutes.
Even if your router is six years old, it most likely supports some form of WPA. The most widely supported version is WPA Personal, otherwise known as WPA Pre-Shared Key (PSK). WPA version 2 (WPA2) uses a more advanced encryption protocol that is more efficient and resistant to attack.
If your current home wireless router does not support at least WPA (preferably WPA2), you should consider replacing it. Properly configured, WPA or WPA2 offers significantly better protection than WEP.
And be on the lookout for any WarKittehs roaming around your neighborhood. It’s a jungle out there.