Starting a new "WiFi Security" company

Thorn · 05-27-2004

Q: Due to the sheer number of unsecured AP's in my city I've decided to start a wireless security business. My intention is to locate open Access Points, advise the owner that their Wireless LAN is not secure, and collect a fat fee for securing it for them. After all, I've read the Linksys manual. I know how to turn on WEP.

I'll be rich!

Am I the first one to think of this? How are other people doing this?

A: You're not the first, by a long shot. (That’s why this is in the FAQs; it’s that frequent.)

First, rethink your premises.

Look at the "Go to Jail" thread in the WiFi FAQ Forum. You can see some stupid things done along these lines, specifically, the guy from South Carolina. He tried to show how insecure a medical office's WLAN was by demonstration. He should be out on parole now.

The issue isn't the reception of the signals. Under the FCC/CRTC (and most other country's) rules governing RF, reception of most signals is legal. (There are exceptions, usually reserved for telephone, police and military frequencies.)

The problem for you is: How do you determine the networks' owner? If the owner makes the SSID "75 Main" and it's coming from 75 Main St, then you're probably OK. If the owner names the SSID "jones" and you look in the phone book and Jim Jones lives at the address you're seeing the signal from, again, you're probably OK.

So far.

If the SSID is a default "linksys" or another default SSID (most of what you'll see), then how do you do it? Triangulation only will take you so far. If you start reading email packets to get a name, then that IS illegal. If you enter a network to find information on the owner, or even worse, you enter and leave a "warning' message, then THAT is certainly illegal. Actually, almost any action you take based on actively interpreting the signals can get you into trouble based on radio regulations.

But let's say you don't do that. For the sake of argument, let's say you triangulate a signal to a house or apartment or you had an SSID that gave you a good clue. You knock on the door, and say:

"You sir, have an open wireless computer network. If you don't change it, evil crackers will definitely attack you. Your checkbook will disappear, your credit will be ruined, and kiddie p0rn will fill up your hard drive. Your cat will become pregnant, too. Evil computer genius can do all that and more.

This will happen immediately, if I don't fix it for you. For a small fee."

Depending on how you say it, and the exact wording of the federal and state/provincial laws, there's a good chance you have just committed extortion. That may not be your intention, but it still is what you've done. In addition you may have also broken several nuisance laws, such as door-to-door peddling without a license.

All-in-all, you're treading on thin ice. The suggestion of knowledgeable people here is that you take out a newspaper advertisement, promoting your security services. It's a much more professional approach.

You also need to define the "services" you're going to perform. How secure are you making this? Are you just turning on WEP and turning off SSID broadcast? Or RADIUS authentication combined with RF signal shaping? What are you're qualifications to do these things? Have you spent 5 years working for a three-letter agency doing decrypts on criminal networks or did you just read the Linksys WAP manual? Along the way, you'd better know some pretty fine details. For example: Do you know how to get an ORiNOCO card to speak the same flavor of WEP as a Linksys AP, or what happens when you add a Mac card to a PC based WLAN.

Before you proceed, you should at least talk to an attorney. He can tell you exactly what it legal, and what is not, and advise you on any needed licenses, etc.

Also, consider business insurance. It is almost guaranteed that if a network gets attacked after you've "secured" it, you will be sued for not doing an adequate job. Even it has no relation to what you did, you may get dragged in.

IF you can think of a legal way, then go for it. These forums are full of computer cops and INFOSEC people who have a pretty good grasp of current computer/network laws. So far none of us have seen a plan to do this that is completely legal.

Some other suggestions for promoting a wireless security business legally:

-Work with a "big box" stores (CompUSA, Best Buy, etc.) The proper approach would be to push the "value added" of your presence to the products they are selling.
Things to consider with the stores:

Educate the staff on what you a doing. Including holding some seminars for the store staff.
Big "RTFM" stickers or brochures for stores to give to customers or to have at the checkout counter.

- Seek out media sources to run a positive story. This area can be problematic. Do so at your own discretion. You don't want to spread FUD. Remember that reporters love to 'spin' things; so don't give them any ammo. Doing so will result in more harm than good.

- Contact local Law Enforcement and educate them about these issues too. Some of the data you discover will be of interest to the authorities, (e.g. banks running unsecured WLANs.) Better that those companies and agencies be informed by or in conjunction with Law Enforcement, than by you alone.

audit, Chris and Renderman all contributed to this FAQ.

05-27-2004	#1 (permalink)
Thorn Did you do the math? Join Date: Apr 2002 Location: Villa Straylight Posts: 10,351	Starting a new "WiFi Security" company Q: Due to the sheer number of unsecured AP's in my city I've decided to start a wireless security business. My intention is to locate open Access Points, advise the owner that their Wireless LAN is not secure, and collect a fat fee for securing it for them. After all, I've read the Linksys manual. I know how to turn on WEP. I'll be rich! Am I the first one to think of this? How are other people doing this? A: You're not the first, by a long shot. (That’s why this is in the FAQs; it’s that frequent.) First, rethink your premises. Look at the "Go to Jail" thread in the WiFi FAQ Forum. You can see some stupid things done along these lines, specifically, the guy from South Carolina. He tried to show how insecure a medical office's WLAN was by demonstration. He should be out on parole now. The issue isn't the reception of the signals. Under the FCC/CRTC (and most other country's) rules governing RF, reception of most signals is legal. (There are exceptions, usually reserved for telephone, police and military frequencies.) The problem for you is: How do you determine the networks' owner? If the owner makes the SSID "75 Main" and it's coming from 75 Main St, then you're probably OK. If the owner names the SSID "jones" and you look in the phone book and Jim Jones lives at the address you're seeing the signal from, again, you're probably OK. So far. If the SSID is a default "linksys" or another default SSID (most of what you'll see), then how do you do it? Triangulation only will take you so far. If you start reading email packets to get a name, then that IS illegal. If you enter a network to find information on the owner, or even worse, you enter and leave a "warning' message, then THAT is certainly illegal. Actually, almost any action you take based on actively interpreting the signals can get you into trouble based on radio regulations. But let's say you don't do that. For the sake of argument, let's say you triangulate a signal to a house or apartment or you had an SSID that gave you a good clue. You knock on the door, and say: "You sir, have an open wireless computer network. If you don't change it, evil crackers will definitely attack you. Your checkbook will disappear, your credit will be ruined, and kiddie p0rn will fill up your hard drive. Your cat will become pregnant, too. Evil computer genius can do all that and more. This will happen immediately, if I don't fix it for you. For a small fee." Depending on how you say it, and the exact wording of the federal and state/provincial laws, there's a good chance you have just committed extortion. That may not be your intention, but it still is what you've done. In addition you may have also broken several nuisance laws, such as door-to-door peddling without a license. All-in-all, you're treading on thin ice. The suggestion of knowledgeable people here is that you take out a newspaper advertisement, promoting your security services. It's a much more professional approach. You also need to define the "services" you're going to perform. How secure are you making this? Are you just turning on WEP and turning off SSID broadcast? Or RADIUS authentication combined with RF signal shaping? What are you're qualifications to do these things? Have you spent 5 years working for a three-letter agency doing decrypts on criminal networks or did you just read the Linksys WAP manual? Along the way, you'd better know some pretty fine details. For example: Do you know how to get an ORiNOCO card to speak the same flavor of WEP as a Linksys AP, or what happens when you add a Mac card to a PC based WLAN. Before you proceed, you should at least talk to an attorney. He can tell you exactly what it legal, and what is not, and advise you on any needed licenses, etc. Also, consider business insurance. It is almost guaranteed that if a network gets attacked after you've "secured" it, you will be sued for not doing an adequate job. Even it has no relation to what you did, you may get dragged in. IF you can think of a legal way, then go for it. These forums are full of computer cops and INFOSEC people who have a pretty good grasp of current computer/network laws. So far none of us have seen a plan to do this that is completely legal. Some other suggestions for promoting a wireless security business legally: -Work with a "big box" stores (CompUSA, Best Buy, etc.) The proper approach would be to push the "value added" of your presence to the products they are selling. Things to consider with the stores: Educate the staff on what you a doing. Including holding some seminars for the store staff. Big "RTFM" stickers or brochures for stores to give to customers or to have at the checkout counter. - Seek out media sources to run a positive story. This area can be problematic. Do so at your own discretion. You don't want to spread FUD. Remember that reporters love to 'spin' things; so don't give them any ammo. Doing so will result in more harm than good. - Contact local Law Enforcement and educate them about these issues too. Some of the data you discover will be of interest to the authorities, (e.g. banks running unsecured WLANs.) Better that those companies and agencies be informed by or in conjunction with Law Enforcement, than by you alone. audit, Chris and Renderman all contributed to this FAQ. __________________ Thorn "Read Altas Shrugged. Compare it to today. Repeat as necessary"

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode