Privacy issues with airport express?

Discussion in 'Mac Basics and Help' started by Officefan90, Sep 15, 2009.

  1. Officefan90 macrumors newbie

    Joined:
    Sep 15, 2009
    #1
    Hi, this is probably a stupid question but i have to know lol!

    I just bought a macbook a few months ago and I'm still new to it. My roommate has one as well, although he's had his for a while. We use airport express for wireless internet for our apartment. Someone told me that when you use an airport express, whoever else is using it too can see what files you have on your computer, or they can see what websites you're currently looking at... is that true?? Because that's pretty creepy! If it is true, is there any way I can block him from seeing all the websites I go to and the files on my computer??

    Sorry if this is a dumb question but I didn't know if it was true or not! Thank youu!
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
  3. broken-chaos macrumors regular

    broken-chaos

    Joined:
    Sep 2, 2009
    Location:
    Toronto, Ontario
    #3
    It is partially true in a very limited fashion.

    Seeing what websites you visit is a "no". The only way to do that would be to physically put a device that does packet (internet traffic) capturing between the Airport Express and the internet connection.

    Accessing your files is a "partially, under some circumstances". Namely, if you have File Sharing enabled in your System Preferences (Sharing preference pane), then others may be able to access some files of yours, most notably anything in your "Public" folder, or anything in your user folder if they have your password. This is a feature, mind you - the easy sharing of files between computers on a network. As long as you keep a reasonably good password on your computer, and only put files into the "Public" folder that you want to share or transfer, you'll be perfectly fine.
     
  4. ziggyonice macrumors 68020

    ziggyonice

    Joined:
    Mar 12, 2006
    Location:
    Rural America
  5. Officefan90 thread starter macrumors newbie

    Joined:
    Sep 15, 2009
    #5
    Wow, thank you guys so much! I figured that wasn't true, but maybe I go that whole thing mixed up with the public sharing thingie in the System Preferences you were talking about. I'm very bad with computers so i just wanted to make sure lol!

    Does that also apply to external harddrives? Like, if I plug in my external, can they access all those files through their computer? I have many conversations in there that I would like to keep private lol.

    thanks again guys :)
     
  6. CountBrass macrumors regular

    Joined:
    Mar 17, 2009
    #6
    I'm sorry but the other answers in this thread are simply wrong.

    1. Someone else connecting into your Airport Express could sniff every single packet you send and receive. So yes they could see everything you see on the web. (I use nmap and wireshark when I go sniffing: both are free as in speech and beer).

    2. Yes they could connect to your Mac and see stuff on your hard drive, connected drives etc. How much they can see depends a lot on how good your password is and how much you are sharing (by default OSX doesn't share a lot).

    Ones you didn't think of:

    3. Could they take-over your Airport Express and lock you out? Yes they could.

    4. Could they down load kiddie porn using your connection, for which you would be blamed? Yes.

    5. Could they gobble up all your network bandwidth, perhaps sending out a ton of spam? Yes.

    Is it something your average user could or is likely to attempt? No probably not. Is it something someone who is curious or malicious could do: yes definately and with the right tools they wouldn't even need much skill (or money).

    What you should do is enable WPA (ideally) or at least WEP (not really much use but it serves as a 'keep out' sign that a lot of people will respect) on your Airport Express and make sure you have a password set on your Airport Express.

    Use Applications -> Utilities -> Airport Utility to configure the Airport Express, before someone else does.

    Make sure you have a decent password set for your account.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    That is total BS! I dare you or any hacker to try to do any of the things you described on my network! It'll be a cold day in hell before you succeed. I agree, having a very tough password is a good idea for ANY password you use for anything, but the other things you described simply are untrue. A user would have take multiple extra steps to make their network and their Mac so vulnerable.
     
  8. CountBrass macrumors regular

    Joined:
    Mar 17, 2009
    #8
    Try it yourself. Connect any other computer to your wireless network and do something that will generate some network download traffic: downloads, streaming video whatever.

    Fire up another computer with wireshark, nmap and stumbler (all free tools, available on every platform).

    If you bothered to secure you wireless network, run stumbler until it cracks your WEP or WPA key. Use the key to connect. You can skip this step if it's an unsecured wlan, which is the case here.

    Now you're in.

    First thing you do is connect to the unprotected Airport Express and you set your own password. You now own the Airport Express. (You could, if you wanted to, lock the owner out of his own network now, but we want to carry on being stealthy so we won't do that).

    Without doing anything else you can download kiddie porn, set up a spam bot, start sharing whatever files you want - and if anyone finds out, it won't be you that gets the blame.

    Or, you could set up your own wireless access point, with the same SSID as the one you've just taken over. Turn off the Airport Express. The unsuspecting mark will now connect to your access point. You can now intercept all of his traffic. He's connecting to his banking web site? Great, put up a fake, collect his credentials, pass them on to the real site and present the web page back. You now have access to his bank account and he has no clue.

    Perhaps the Airport Express is bridging you to another network: eg the guy has his computer connected to both the Airport Express *and* a wired network. Fire up nmap and wait and you'll find what's out there. Perhaps it's the entire corporate LAN or the University LAN. And you're in.

    Or perhaps you don't want to do any of that: you just want to see what this guy is up to. Perhaps you're a PI hired to investigate a cheating husband? Fire-up wireshark and you can capture *everything* that goes over the Airport Express: email generally isn't encrypted so *bang* you can capture every email conversation he has with his mistress. You can snoop every dating web site he visits. You'll also get to record his SSL transactions with his banking web site for later decrypting (SSL is not very secure).

    A lot of sites and most email servers do not encrypt username and password information sent to them. So you now have usernames and passwords to a bunch of services they use. Most people use the same username and password for *everything*. So there's a pretty good chance you just got their OSX username and password.

    I believe the expression is 'pwnd'.

    So, once again:

    - Setup WEP (or WPA) on your wireless LAN. It's not great but most people casually scanning for wireless lans will pass you by because either they see it as a no entry sign, or because they know there are plenty of unsecured wlans around.

    - Don't turn on sharing.

    - Make sure you have a good password. Ideally, don't use the same username and password all over the place.
     
  9. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    The wireless WPA2 network has a password.
    The AirPort Express has a password, so it's not "unprotected".
    My Admin password is required to access any AirPort settings.
    Nothing is shared.
    All the passwords are different.
    All passwords are very long, with numbers, upper and lowercase letters, and special characters.
    All passwords are changed on a regular basis.

    Good luck!
     

Share This Page