Thieves tap WiFi.  Is BPL Next?

Today's NY Times has an excellent article on how thieves are using open-access WiFi systems to steal everything from credit card numbers to bank routing info, pitch fraudulent deals, and even are using it to make death threats.

WiFi Thieves Article

Apparently, they do everything from 'drive bys' to boldly connecting to some unsuspecting apartment dweller-neighbor with a wireless modem turned on.

The article goes on to say that there are more and more intentionally open networks at places like coffeehouses, cafes, and universities that invite anyone and everyone to connect.

There was even an example of some idiot who used such a drive-by connection to download child porn up in Toronto.  He got caught only because he was so crazed that he was headed the wrong way down a one way street.

If the FBI, Secret Service, and other agencies are concerned about WiFi being tapped by these types, it would seem that they also should be worried about the plethora of BPL signals beginning to be deployed.  With BPL's nature of being 'everywhere', even beyond where WiFi is, it will be so much simpler for such thieves and terrorists to establish unauthorized connections, do their dastardly deeds, and slip away unaprehended.  Sure, says the FCC, its illegal for someone 'unauthorized' to possess a BPL modem.  So, they demand that it won't be possible.  Ah, but the same goes for felons owning a gun, right?  Or, guns or other weapons in the hands of the wrong types, terrorists, etc.

As the officials said, it is almost impossible to catch them, unless they slip up and have illegally purchased items sent to their addresses, bank accounts and such.  But, how would they catch terrorists, who aren't simple-minded, careless thieves?

Perhaps, dear Michael Powell or one of his compatriots will read this and toss his or her quid pro quo and reconsider, before its too late.  Or, at least read the NY Times article and think about it.  Really, folks, the vulnerability of the Web to criminal invasion via BPL is a given.

73,

Lee
W6EM

 

Mike Powell has resigned.  However he is not gone.  Watch the business news as he will shortly be working as the CEO of a BPL equipment provider or a large power generation utility.

K2WH

BTW, your link goes to a Login Screen.

 

Maybe someone can answer a question I had. We know that weak signals propogate well on HF. What prevents the BPL signals from going thousands of miles? Could not someone literally sit many miles away in the propogation footprint and decode info?

 

Where $$$$ is involved, Common ( and other senses) take a back seat and amnesia sets in....

 

Wi-Fi can be made as safe as your home phone which is not safe. Those that want to plug and play (Wi-Fi) out of the box risk everything!Wi-Fi can be broken into as anything man made can be.To be secure on Wi-Fi just takes some extra time to set up.Think about what you here on ham radio.(personal information) Secure?Wi-Fi theft can be tracked its not rocket science.

 

Funny you mention that.

A while back, I learned that most Access BPL systems feed one of the top wires of the power line as a balanced dipole, instead of using two wires like a transmission line!

So I did an antenna analysis of a typical BPL "power line antenna" installation, and found that the pattern had up to +12dB gain in the skywave signal on some frequencies.

According to FCC guidelines, BPL systems are supposed to measure their radiated signal at street level (coincidentally where their antenna pattern is between -12dB and -20dB negative gain). So, even if the BPL system is adjusted to legally comply with FCC worst case radiated guidelines, it still could be broadcasting as much as +24dB to +32dB over the limit in the skywave. This may be a clue to why the FCC told BPL they were not allowed to transmit in the Aeronautical Bands! Although, most of the present BPL systems are exceeding the FCC Part 15 limits and transmitting in the Aero bands, anyway.

I've started an effort to collect BPL signal fingerprints and some of us are actively DXing the BPL systems on HF/VHF. Who will be first to get a BPL DX QSL? Maybe we will pick up the Mexican and Brazilian BPL systems (now under construction), since they have no need for such pesky FCC measurements.

Bonnie KQ6XA

 

Just think. The first time a Congressman is overheard because of BPL skywaves the US Congress will outlaw the manufacture of any scanners and transceivers capable of receiving BPL. Recall it didn't take long before they required scanners have frequency blocks for the cell phone bands after Newt was overheard.

Ed AE4TM

 

I suspect the BPL providers would do a better job of network security than Bob 6-pack that want's to surf the web from the comfort of his easy chair.

However, as you all know, I have been wrong in the past

 

Where there is a will, there is a way. There is far less of a risk of your BPL connection being tapped than there is for Wi-Fi.

First, Wi-Fi gear is made for wireless connection and by default most consumer gear will accept all connections. Next, just having a BPL modem will not allow you tap any connection you like. There are some other deeper technical issues to snooping on a BPL connection - such as TCP/IP basics, routing, and limits.

If you have Wi-Fi at home or work, take the well know steps to lock in down. If you have BPL, wait and see - there is nothing to worry about right now.

Van Eck phreaking is something that is technically possible yet rarely ever seen. When was the last time you bought a peice of gear that conforms to the Tempest specs, or wrapped your house in brass/copper mesh.

There a much bigger things to worry about now. Such as all the havoc BPL is causing.

Have fun, flame away.

 

Wow.

 

Hi EM and all,

Mentioning Wi-Fi is bad enough but the mere THOUGHT of BPL and how the ignorant come out of the woodwork! OK, here comes another round of enlightenment in hopes at least some of this ignorance is dispelled.

It's been WELL KNOWN the inherent flaws in Wi-Fi, the news media has sure been beating us over the head with it since it's inception and now the "theory" is being applied to BPL.

Take it from one cruising silently in hacker circles (a non-participant), ANY computer can be hacked with the proper knowlege and tools like the strongest safe can be opened. Like the man from New York said, "FO-GITABOUTIT!"

Just use a good firewall, up to date anti-spyware, anti-virus and a whole lot of common sense AND KNOW HOW TO USE ALL OF THEM and you're safe from the kid down the block hacker wannabe and even some of the pros BUT NOT ALL.

C'mon guys, lay the baby to rest already and focus on important issues like Rochester's setting precidence in case law. The only reason I'm here is for YOUR benefit and enlightenment, the only cure for ignorance is education. Otherwise I couldn't care less.

73 de Warren with fire extinguisher handy KB2VXA

 

This is nothing new.

There are ways of having secure, and insecure wifi networks. I disagree with the previous posts - I think a lot of the security is going to be on the end user, not necessarily the provider.

Doing information security - I have known a lot of people that are salivating at the opportunity to take a crack at BPL - individuals that aren't even hams, just for the challenge.

I think it's going to be massively insecure - but lets see if the major media will write stories about BPL hacks like they do wifi - I doubt it, but I can be wrong.

Jonathan

 

Well seeing as how connecting to an open network is not illegal, I can see where the problems develop. Now cracking a network on the other hand is illegal as is rifling through someones files. But as stated, So many networks are intentionally left open, There is no way to tell if it is user error or they actually want to share bandwidth. I know people that do leave them open for open connections and some even have monitoring software that lets them know when someone connects. Using a msg program lets them tell the user they know they are there, Just to not do anything illegal and they are being watched.

 

Thievery is the nature of being connected to the internet, no matter how it's done.  FIREWALL FIREWALL FIREWALL!  Protect yourself.
Also, do not reply to any e-mails with personal information or passwords. Most of them are "Phishing" for info to be used in identity theft.

 

WiFi networks CAN be made secure IF the person setting up the router takes the time to set up the WEP encryption built into the router. Those who get their networks broken into deserve it if they are too lazy to take 10 minutes of time to properly set up the WEP on their router! Its the same thing as leaving the front door to your house wide open and unlocked, nobody in their right mind would do that would they?