In past Mobile & Wireless UPDATE newsletters and Windows & .NET Magazine columns, I've written about security concerns involving 802.11b Wi-Fi networks. Over the past couple of weeks, I've discovered that the problem is more serious than I thought. While testing a program called Mini Stumbler (more on this program shortly), I discovered more than a dozen Wi-Fi networks in a 2-mile radius of my house. Of those networks, only four have security enabled. A good half of them appear to be out-of-the-box Linksys wireless routers that were installed using default settings; I made this assumption because of the combination of the default router name (Linksys), default DHCP address range (192.168.0.100), and complete lack of security. I can also assume that most of these routers are running the default administrative password, but I haven't checked--that would be hacking, after all.
Mini Stumbler is a Pocket PC port of Network Stumbler, the popular freeware site-survey application. Written by Marius Milner, both Network Stumbler and Mini Stumbler are available at NetStumbler.com ( http://www.netstumbler.com ). Mini Stumbler's major limitation is that it supports only two wireless NICs: the Proxim ORiNOCO 802.11b CardBus Cards and the similar Compaq TK card. Milner didn't bother with a Pocket PC installation program; instead, the program's README file requires you to use Microsoft ActiveSync to copy the appropriate .exe file directly onto the device. I recommend copying the file to the Windows, Start Menu, Programs folder. Then, you can launch the application by clicking its icon.
Mini Stumbler provides an extremely simple UI, in which all detected Access Points (APs) are identified with a color-coded icon--green, yellow, and red for high, medium, and low signal strength, respectively--and a padlock if security is enabled. Mini Stumbler also records the media access control (MAC) address, Service Set Identifier (SSID), and a variety of other data, including latitude/longitude pairs if a Global Positioning System (GPS) device is connected to the Pocket PC's serial port.
All you need to do to find 802.11b networks in your vicinity is install Mini Stumbler on your Pocket PC, plug in a compatible Wi-Fi card, and go for a walk (in a building or local area) or drive (in a larger area). I drove a couple of miles each way on McHenry Avenue--Modesto's main drag--north and south of my house.
Until I took that drive, I honestly had no idea how common 802.11b networks are. Modesto isn't exactly a high-tech hotbed; it's a medium-sized agricultural town (200,000 population) in the California central valley. The city's largest employer is Gallo Wine, and seasonal unemployment runs in the 20 to 30 percent range. I would have expected the results I found (in terms of sheer numbers, at least) in Silicon Valley, not in Modesto. Evidently, the low cost of wireless APs and Wi-Fi cards (less than $100) has turned many novice users into Wi-Fi network administrators.
Should you care about these developments? If you have the necessary equipment, I urge you to use Mini Stumbler to carry out a site survey in your office. If wireless APs are as common as I've found in a place like Modesto, I'd be extremely surprised if equally unsecure APs weren't floating around most companies. Locating those APs should be pretty simple: Just walk around and watch the icon color change.
I'd like to hear from anyone who has performed such a survey--either in a corporate environment or in a neighborhood. Write to me at firstname.lastname@example.org.