Government norms likely to compulsorily secure WiFi links

NEW DELHI: In the wake of the terror emails being sent from unsecured wireless fidelity (WiFi) networks, the government is examining the possibility of issuing new norms that will make it illegal to leave such internet connections open. The new norms may also put the onus on telcos and internet service providers (ISPs) who sell WiFi connections to educate their customers of keeping them secure.

The department of telecom will work with the home ministry and intelligence agencies to put in place steps to secure WiFi internet connections, which are increasingly being used in homes and offices across the country. WiFi networking companies may also be asked to limit WiFi signal right down to a defined radius by installing access points around the signal.

However, internet service providers (ISPs) say that it is customer who is to blame. “Internet service providers are taking steps on their own to secure WiFi connections. All ISPs are installing AAA servers and firewalls. But, if you look at the terror mails, they were sent from hacked or open WiFi accounts – there is nothing we can do about this.

When people take a broadband connection, then take routers and make their homes and offices WiFi enabled, and then leave it open, there is nothing ISPs can do about it,” explained the president of the Internet Service Providers Association of India’s president Rajesh Chharia.

Industry experts say that regulations will not help much since most home and corporate users use minimal security to lock their WiFi networks making them an easy target to hack into.

Security experts suggest that WiFi users should never broadcast their SSIDs (service set identifiers) and change their access passwords. “Most routers which come in the market have a password 1234 and login id – as admin. One should immediately change it after installing. Also one should block the router’s SSIDs from broadcasting the WiFI networks and allow only particular machines to access it,” says Aujas Network Founder and COO Sameer Shelke.

Generally a WiFi router is configured to advertise its SSID to all neighbouring WiFi devices. One can block the SSID from advertising so that only by typing the name, the particular WiFi network appears.

The Wireless Fidelity (WiFi) connection of a Mumbai based power company was hacked into by suspects in Chembur, who sent the e-mail to news organisations while the serial blast continued in the capital which killed about 25 people and left about 100 injured on Saturday.

Experts say that digital forensics still holds the key to catch suspects who have even challenged security agencies to catch them.

Accessing the WiFi router or the wireless access point’s log files (present in Mumbai’s Kamran Power Company in this case), one can find out the MAC (Media Access Control) address of the WiFi card which accessed the WiFi point of that company.

Source: Economic Times