On CBS MoneyWatch: Deal or no deal? 8 lousy 'bargains'
BNET Business Network:
BNET
TechRepublic
ZDNet

November 19th, 2007

Is it ethical to turn on wireless security for an open access point?

Posted by George Ou @ 4:11 am

Categories: Consumer electronics, Hardware, Infrastructure, Mobile/Wireless, Networking, Security

Tags: Router, Network, WPA-PSK, Access Point, Wireless Security, Wireless, Routers & Switches, Network Technology, Networking, George Ou

One of my readers sent me the following question and I thought it posed an interesting question on ethics.  I’ll post his email and then I’ll answer his questions.

I helped a friend move, and re-established her wireless network working with a new ISP. While working, I encountered 7 wireless networks (in addition to hers), 3 of which were wide open, 2 were SSID belkin and one called linksys, etc. It was the same old problem, they plugged the router in, said “hey we’re connected” and that was it. I want your opinion on this.

I connected to each one, then using 192.168.2.1, 192.168.0.1, etc, I connected to their wide open routers, then changed the network to be WPA-PSK and made the passphrase “Secure your network, you are totally unsecure”. I did not change the router password.

Worst case, I figure geek squad will be called, but maybe, they call their router helpdesk, and learn something. I still think pressure needs to be brought to bear on router providers to default to WPA-PSK, the last “wizard I ran” never even touched on securing the link.

I have little doubt that what I did was illegal, the same way it is illegal to open someone’s car door and turn off their lights, but was what I did wrong?

Besides the fact that what you did was illegal and would get you arrested if you were ever caught, turning off someone’s car lights does cost the owner a penny but saves them a bundle by saving their car battery.  But if the victim of your “good deed” needs to call Geek Squad to come and fix their router, they’re out a hundred dollars or whatever the going rate is for tech support.  In many cases I think the user will simply call tech support and find out that WPA-PSK was enabled, but there are people who will suffer economic damage.  Perhaps if you dropped an envelope with a letter explaining what happened with instructions on how to configure WPA-PSK for Windows or Mac, then the user won’t have to suffer agitation or a Geek Squad bill.

Using a random 10-character alpha-numeric upper/lower pass-phrase would be better since your pass-phrase would be known by everyone though the owner should be scared enough to learn how to change it themselves.  Changing the SSID would also be a good ideal.  That has nothing to do with security but it does prevent accidental connections between neighbors.  Changing the router default password is as important as enabling wireless LAN security.  Of course all these changes would have to be in the letter.

There have been proof of concept browser scripts that can go in to your router using the default password and change the router configuration.  Criminals simply need to change the DNS server on your router and redirect all of your DNS requests though proxy servers that can harvest all of your browser session and snoop on all of your communications.  This would be even worse than a PC root kit because it hijacks every computer on the network and you can’t clean it off the computer because it’s on the router.

Again I reiterate that breaking in to someone’s router (even if it’s to lock down their network) is ILLEGAL and you need to ask yourself if it’s worth the risk of going to prison.  But if you want to continue doing this, please consider the potential economic impact to the owner of the wireless network and at least drop a letter in their mailbox explaining how to fix it.  While I admit the damage is far lower than getting hacked by a real criminal, the law isn’t going to see it that way.  Personally I wouldn’t be caught dead doing this because I have nothing to gain and everything to lose.

Update 12:45PM - It seems the readers have spoken in the talkback and they are pretty much universally against changing someone’s wireless settings.  I personally don’t view it as negatively since I believe the dangers of leaving it open are greater, but I do think it falls on the side of unethical.  Changing the Wi-Fi settings will break things for the user and most cause them some real economic damage so the ethics of doing changing the Wi-Fi security is very questionable.  I think changing the password on the router so that the person doesn’t get hijacked by someone malicious wouldn’t be unethical since that doesn’t really break day-to-day operations like changing the Wi-Fi security settings.  I’ll add a poll to see what all of you think.

Is it ethical to enable Wi-Fi security without permission?

View Results

Loading ... Loading ...

Is it ethical to enable someone's router password so they don't get hacked?

View Results

Loading ... Loading ...

.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 147 Talkback(s)
Like finding car keys, tossing them in the car, and locking the door
It's not like turning off the light.

It's like finding a car unlocked and locking it. And tossing the keys inside.

With a router, if I have a lan cable and know how to connect it, I c... (Read the rest)
Posted by: johnduncan10@... Posted on: 12/18/07 You are currently: a Guest | | Terms of Use
In all cases  tombalablomba | 11/19/07
Agreed completely  zeusx64@... | 11/20/07
Financial ramifications  andy.nelson@... | 11/21/07
in apartment building this would be difficult to do  pcguy777 | 11/20/07
mind your own business  Akumal | 11/20/07
it affects us ALL  jaos1@... | 11/21/07
so do people having babies  Akumal | 11/23/07
Head in the sand  reesm@... | 12/04/07
Not without permission...  lyndaj70@... | 11/21/07
RE: Is it ethical to turn on wireless security for an open access point?  vmcginnis69@... | 11/19/07
Don't mince words.  dave.leigh@... | 11/19/07
Really?  YngAcct | 11/20/07
its ppl like you  pcguy777 | 11/20/07
The question should be phrased  grail@... | 11/20/07
Wait a minute!  Uncle Buck | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  mysterious1der | 11/19/07
What if...  rapson | 11/19/07
This was open wireless and open password  georgeou | 11/19/07
NO NO NO  JakAttak | 11/19/07
I understand what you are saying, but consider the alternative  georgeou | 11/19/07
Re: I understand what you are saying, but consider the alternative  none none | 11/19/07
I never said it's legal or wise  georgeou | 11/19/07
Well...  none none | 11/19/07
How ehtical is it...  bigsibling | 11/20/07
The comparison to a doctor isn't even remotely close  georgeou | 11/20/07
What if the router is open for reason?  bportlock | 11/19/07
You still missed the point. I'm not talking about having an open Wi-Fi  georgeou | 11/19/07
default paswords  taskman | 11/20/07
I think if they would put unique default password and WPA-PSK on a sticker  georgeou | 11/20/07
It's just not right  don3605 | 11/20/07
Height of arrogance...  Raymond Danner | 11/20/07
Two different things  don3605 | 11/20/07
That would require hacking their desktop  georgeou | 11/20/07
Arrogance?  handydan918 | 11/21/07
Consider this  Larry the Security Guy | 11/20/07
I don't think you understood what I said  georgeou | 11/20/07
i have a feeling the majority of the poster  pcguy777 | 11/20/07
Re: i have a feeling the majority of the poster  none none | 11/20/07
So what?  rapson | 11/19/07
Not disagreeing with you, but I think you missed my point  georgeou | 11/19/07
No, YOU miss the point.  dave.leigh@... | 11/19/07
Again, I did not disagree and I would never do it myself  georgeou | 11/19/07
Interesting  TripleII | 11/19/07
Triplell: Good Samaritan  rapson | 11/20/07
Good Samaritan Laws  frgough | 11/20/07
Can't eat your cake and have it, too.  Larry the Security Guy | 11/20/07
Let me offer a more realistic scenario if I were the victim  georgeou | 11/20/07
Again...  YngAcct | 11/20/07
No confusion.  dave.leigh@... | 11/21/07
YOUR WRONG DAVE  pcguy777 | 11/20/07
NO I'M NOT!  dave.leigh@... | 11/21/07
No Real Downside?  megansbay@... | 11/20/07
There is no downside if a note was left to the owner with the new password  georgeou | 11/20/07
Sorry, but it's ALL downside & NO upside  rmazzeo | 11/20/07
Wrong issue, then.  JDThompson | 11/20/07
Saving people from themselves  frgough | 11/20/07
disagree  pcguy777 | 11/20/07
I hope you turned him in or at least his email address...  mrOSX | 11/19/07
Re: I hope you turned him in.  tgolden | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  none none | 11/19/07
RE: Is it ethical to turn on wireless security for an open access point?  msnet02@... | 11/19/07
RE: Is it ethical to turn on wireless security for an open access point?  Ngallendou | 11/19/07
Just like...  rmazzeo | 11/20/07
Righteous busybody!  fad1956@... | 11/19/07
Want to Share? Use FON  radmoose | 11/19/07
Open Access Point  bfilipiak@... | 11/19/07
RE: Is it ethical to turn on wireless security for an open access point?  BaltimoreBarry | 11/19/07
likewise... its  pcguy777 | 11/20/07
Better to correct that person...  rmazzeo | 11/20/07
Laws are wierd  kd5auq | 11/19/07
Try talking next time  tonymcs@... | 11/19/07
Is it illegal...  itpro_z | 11/19/07
The watchman...  Raymond Danner | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  Technogeez | 11/19/07
Help them to help themselves  Jason Etheridge | 11/19/07
Most people are layman  jackcloe@... | 11/19/07
The point is...  rmazzeo | 11/20/07
Changing the WPA key is lame  nucrash | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  Fly_n_A@... | 11/20/07
WOW what a serious crime tying to protect someone  pcguy777 | 11/20/07
not quite right  don3605 | 11/20/07
Again...  YngAcct | 11/20/07
But opening the car door is probably not a crime.  klibaner@... | 11/20/07
He did a little more  don3605 | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  kenni39 | 11/20/07
RE: The bottom line here is  onedavester@... | 11/20/07
Is it ethical to turn on wireless security for an open access point?  Mjones@... | 11/20/07
That is a better analogy  don3605 | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  rstehlik | 11/20/07
if you neighbors were on vacation.. and their front door poped open  pcguy777 | 11/20/07
ok... ok... thats popped open .... lol  pcguy777 | 11/20/07
One small problem with your analogy....  mrOSX | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  debalsi1938@... | 11/20/07
Ethical? No  GreyTech | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  jemhardt@... | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  IT_Guy_z | 11/20/07
Unethical or illegal  tgolden | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  Akumal | 11/20/07
Good point, but have you considered...  tgolden | 11/20/07
A Legal Solution Exists  nucrash | 11/20/07
the same is true with a phone call  Akumal | 11/20/07
of course you let your neighbours close your door  Akumal | 11/20/07
don't even bother with the note  Akumal | 11/20/07
How about if I?  nucrash | 11/20/07
happy holidays  Akumal | 11/23/07
RE: Is it ethical to turn on wireless security for an open access point?  hmoulding@... | 11/20/07
Right, but altering the router itself?  nucrash | 11/20/07
I lived in a town where no one locked their doors...  acwhite86@... | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  paul.racicot@... | 11/20/07
I hope  don3605 | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  drabarno@... | 11/20/07
meanwhile, back at the front, lol.  TripleII | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  jamesjmcginnis@... | 11/20/07
security  highjacker@... | 11/20/07
In Britain its illegal to use someone else's wireless (without permission)  simple simon | 11/20/07
I encountered who actually preferred to have their networks open  ∞Dilemma | 11/20/07
Yes but leaving the router password open so that others can change it?  georgeou | 11/20/07
The question is, is it unethical to have an open network?  ∞Dilemma | 11/20/07
It is neither legal, nor ethical  TheTinker | 11/20/07
I'm sorry but I must comment on this one  aussievic | 11/21/07
Progress...  yid_witch@... | 11/20/07
This is wrong  John Musbach | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  davo-8@... | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  brian@... | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  brian@... | 11/20/07
All these posts gave me an idea :?)  Uncle Buck | 11/20/07
That might cause them to use someone else's "Linksys" network  georgeou | 11/20/07
They Have no clue  steve_m29169 | 11/20/07
You Can't Legislate Stupidity Out of Stupid People  joep1701 | 11/20/07
RE: Is it ethical to turn on wireless security for an open access point?  so96813 | 11/21/07
Anything being broadcasted in the airwaves.......  SirCatlord | 11/21/07
RE: Is it ethical to turn on wireless security for an open access point?  markrusso@... | 11/21/07
Trolling for secure networks.  softwareFlunky | 11/21/07
How do you know where they live?  Al S Cook | 11/21/07
Ethics, Legality, Morality  Dr_Zinj | 11/21/07
quotation  inventingtech@... | 11/21/07
Leave a note, tell them what to do--BUT HANDS OFF!  pgf_666@... | 11/21/07
The equivalent...  n00b-herder | 11/21/07
Vista has been a greeeeaaat help here. (NOT)  ken_jennings@... | 11/21/07
Reset  shineon4me | 11/22/07
RE: Is it ethical to turn on wireless security for an open access point?  papgas@... | 11/22/07
Forget ethics: this is illegal  kckn4fun | 11/24/07
RE: Is it ethical to turn on wireless security for an open access point?  ncq39@... | 11/24/07
Unethical because they were destructive  tomam | 11/27/07
RE: Is it ethical to turn on wireless security for an open access point?  mwagner@... | 11/28/07
Maybe it's just me, but...  jeffdickey | 12/09/07
Like finding car keys, tossing them in the car, and locking the door  johnduncan10@... | 12/18/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    Meet Doc