Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hijacking an Airport express

A

asxtb

macrumors 6502
Original poster
Sep 1, 2005
322
0
I just bought an Airport Express for my iBook and it made me thinking about security. I've currently set it up for the WPA2 personal security. Is that the best one or another one better?

But my main question is what if someone is using an Airport Express/extreme and doesn't know anything about the security feature. Could someone walking by be able to hijack the internet and then set up a password so the actual owner can no longer access the internet without the password?

I am NOT doing this. I just started thinking about it since I bought mine.
 
WPA2 is considered secure for any household and other than a VPN connections (not something you can do yourself, requires dedicated servers) there isn't much more you can do to secure the network.

And for the second question, yes, that is very easy to do. However, if the owner finds out it can be stopped. Since they have physical access to the Express all they have to do is disconnect it and reset it back to factory settings to regain control again. I don't know if the Airport Express has it but on all wireless routers I have seen there is a reset button that will force this no matter what.
 
asxtb said:
I just bought an Airport Express for my iBook and it made me thinking about security. I've currently set it up for the WPA2 personal security. Is that the best one or another one better?

But my main question is what if someone is using an Airport Express/extreme and doesn't know anything about the security feature. Could someone walking by be able to hijack the internet and then set up a password so the actual owner can no longer access the internet without the password?

I am NOT doing this. I just started thinking about it since I bought mine.
Click to expand...
WPA2 is, I believe, the strongest form of security currently available... but not all devices support WPA2. If they don't, you'll need to drop down to WPA or WEP, which is the most commonly-supported form of security. (Even WEP is pretty damn strong. You're not going to casually break WEP.)

As long as you choose a good, impossible-to-guess password, no one should be able to hijack your AE. If they DO somehow guess your password, they could take over your AE (although I'm sure there's a factory-reset process for it). Just make sure you pick a good random password... and write it down somewhere.
 
Thanks for the reply. Just got my thinking. And I looked, yes the express does have a reset button.

Edit: thanks for the replies
 
clayj said:
(Even WEP is pretty damn strong. You're not going to casually break WEP.)
Click to expand...
No. No. No. No. No.

WEP is totally and utterly cracked, and a hacker can access your traffic in matter of minutes...

Correction, within a minute:

Wikipedia said:
In 2006, Bittau, Handley and Lackey showed that the 802.11 protocol itself can be used against WEP to enable earlier attacks that were previously thought impractical. After eavesdropping a single packet, an attacker can rapidly bootstrap to be able to transmit arbitrary data. Then the eavesdropped packet can be decrypted a byte at a time (by transmitting about 128 packets per byte to decrypt) to discover the local network IP addresses. Finally if the 802.11 network is connected to the Internet, the attacker can use 802.11 fragmentation to replay eavesdropped packets while crafting a new IP header on to them. The access point can then be used to decrypt these packets and relay them on to a buddy on the Internet, allowing real-time decryption of WEP traffic within a minute of eavesdropping the first packet.
Click to expand...
Link

Use WPA (or WPA2 if you can) with a ~20 letter long non-dictionary alpha numeric password. Then you're as safe as can be. If you also hide your SSID and enable MAC filtering you reduce the chance of an attack further, but without really adding any security as both methods are easily circumvented...
 
Applespider said:
Just makes an excellent excuse to have to buy new stuff :D

Was talking to one of our IT guys today who said that when they did a minor security audit last week, 8 idiots in our office had 'password' as their password :eek:
Click to expand...
Well, in this case I'm thinking of my Roku SoundBridge Radio... they're still working on a firmware update to allow the use of WPA. (I just checked.) Right now it just supports WEP. I think the rest of my wireless gear (2 Macs, 1 Sony notebook, 2 Xbox 360s) supports WPA, but I'm not sure about my PSP (I think it does).

At any rate, situated where I am (roughly 60 feet above street level, in a steel and concrete building), I already know that my wireless signal doesn't reach the street... so I'm not that worried about my network being hacked.
 
clayj said:
Well, in this case I'm thinking of my Roku SoundBridge Radio... they're still working on a firmware update to allow the use of WPA. (I just checked.) Right now it just supports WEP. I think the rest of my wireless gear (2 Macs, 1 Sony notebook, 2 Xbox 360s) supports WPA, but I'm not sure about my PSP (I think it does).
Click to expand...

I know that the Macs and 360s do, but I have no clue on the sony notebook.

clayj said:
At any rate, situated where I am (roughly 60 feet above street level, in a steel and concrete building), I already know that my wireless signal doesn't reach the street... so I'm not that worried about my network being hacked.
Click to expand...

Your not? I suspect that at least the 3 people below you, 2 people on either side and 3 people above you can access your network if they really wanted to.
 
w_parietti22 said:
Your not? I suspect that at least the 3 people below you, 2 people on either side and 3 people above you can access your network if they really wanted to.
Click to expand...
And if they did, I'd catch it. I do keep an eye on my network, especially IP address allocation.
 
Lol... you'd have to be in the middle of a cow pasture to hijack my wireless network. And they you'd only have gotten yourself access to a dial-up network! How's that for security?

Oh, and the cows are onery. ;)
 
I use WEP but really its just to stop my neighbors from stealing my connection-ness. If somebody was parked out front leaching my signal I'd notice, and none of my neighbors ever noticed I was stealing THEIR signal (prior to me fixing our router) so I doubt they can hack mine.

Oh, and the PSP supports WPA.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back