Receive new posts as email.
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator.
Entire site and all contents except otherwise noted © Copyright 2001-2009 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
The new firmware can be installed over the VxWorks operating system found in the Linksys WRT54G version 5 router: This router caused some irritation among those who wanted to use it with modified firmware that worked in version 4 and earlier, which relied on embedded Linux and contained double the volatile and flash memory. Linksys says it shaved costs on memory because the Linux they used couldn't be shrunk enough. (For more on this, see this very long set of comments on a thread I started after having reproducible, continuous problems with two newer Linksys devices that use VxWorks.)
Linksys did recognize the interest among the open-source and community wireless movement, and added the WRT54GL to its line-up, which is essentially the WRT54G v4--and which sells for about $20 more than the v4 and v5.
This latest wrinkle allows a non-reversible installation of a very compact version of the DD-WRT distribution. However, this is clearly a step along the road to more functionality. Making code smaller is always tricky because it often means stepping down below high-level programming languages to optimize inefficient libraries, which in turn requires much more testing and is harder to debug. (Take it from a guy who cut his teeth on 6502 machine language.)
Details are few because the researchers are withholding the goods until an Aug. 2 presentation at the Black Hat USA 2006 conference: The two researchers--one with ISS and the other at the US Naval postgrad school--say that they have uncovered techniques that allow them to hack into a laptop through flaws in the driver software that manages the way in which the radio interprets signals and passes them to the operating system. Most horrifying? Half the flaws they found don't require the Wi-Fi adapter to be connected to a network--just active.
Let's trust their reporting, but it's an informal record: A team in Venezuela went up a mountain and came down the unofficial holders of the longest Wi-Fi link record at 167 miles. They used Linksys WRT54G using open-source firmware (DD-WRT) using retrofitted satellite parabolic dishes.
When I read this story initially I thought, well they may have used Wi-Fi protocols, but this isn't Wi-Fi in the sense of regulation-conforming unlicensed use within the signal limits. The last Wi-Fi distance winner, Cincinnati teenagers who created a 125-mile link for DefCon's Wi-Fi Shootout, clearly exceed Part 15 rules, but claim they were using Part 97 (amateur radio) rules. Part 97 ain't regular Wi-Fi.
But I ran the math for the South American claim of 279 kilometers (167 miles), and it seems to check out under FCC Part 15 rules. I don't know whether Venezuela is regulated in the same fashion, however.
They said they were using 100 mW output from the Linksys WRT54G with a very short cable to reduce signal loss. Their antennas they calculate at 32 dBi, although that's a rough number. That gives them an extremely high EIRP (effective isotropic radiated power) of 158 W, which seems very high. I went to look up the FCC Part 15 rules and found that rule 15.247 allows a 30 dBi antenna with a 22 dBm or 158 mW power-at-antenna signal. With no amplifier between the Linksys and the antenna, I believe they qualify there. So they might be slightly over on the antenna gain, but this allows them an EIRP of up to 158. So far, so good.
The next question would be link budget: with two identical setups over the 270 kilometers of the test they set up with an unimpeded Fresnel zone--no obstacles through the entire spread beam between the two locations--they have a pretty clear formula. Assuming 20 dBm (100 mW) at the Linksys, a very small -3 dB cable loss, two 30 dBi antennas, and a 149 dB of free-space loss, with a receiver sensitivity of -85 dBm (which checks out with what they saw)...they have a 10 dB link budget. Which should be sufficient for a test.
If any of these numbers are off by a relatively small percentage, they'd be violating the law or the test wouldn't work. But it's a fairly impressive link at the edges of what (at least in the US) is legal and certainly what's possible.
I'm not an engineer, and thus I may have made errors in my assumptions. Please add notes in the comments if you'd like to correct my math or figures. (I used this WLAN Link Planner for link budget, this reference for Part 15.247, and this EIRP calculator.)
The Linux flavor of the WRT54G is still in production, despite newer VxWorks-based version: Good news for the community of hackers, developers, and experimenters who rely on the Linksys WRT54G to power their projects: while the product sold under this model number will no longer use the Linux operating system as its basis, Linksys has created an offshoot model that will continue down the Linux path under the name WRT54GL.
The WRT54G in versions 1 through 4 used free and open-source software components for its embedded operating system and most of its functions. After some negotiation a few years ago, Cisco's Linksys division released all the code they had modified as they were ostensibly required to under the terms of the GPL (General Public License) and other software licenses for components they had used. Wireless hackers immediately figured out how to replace the baked-in firmware with their own firmware images to take advantage of the WRT54G's low cost and high availability. This appeared to end with the November 2005 release of v5, which switched to a proprietary OS while halving the RAM in the unit.
The new Linksys WRT54GL, however, is the v4 version of WRT54G stabilized on Linux. It will list for $79 MSRP (Amazon.com has it in stock for $71) and Linksys expects to sell 10,000 of them per month. The firmware for the WRT54GL (version 4.30.0) is already up on the Linksys GPL Code Center. Some folks on Slashdot have complained about the price difference between this perpetuated Linux model and the cheaper proprietary OS WRT54G--but that's how the market economy works. With 120,000 potential sales per year or $8,500,000 in gross retail sales, a competitor could engineer a better box for that market.
In an interview with Linksys, they told me that they had this model in the works for some time, but didn't want to tip their hand until shipping product was available in the channel. Company spokespeople emphasized that while the "GL" model can be flashed, they don't support any firmware but what Linksys officially releases. Still, they've kept a Linux model because the market is there for it. Linksys confirmed what some analysis firms have been saying: to their knowledge, the WRT54G is the single bestselling model of Wi-Fi gateway in the world. I'm not sure what model gets the No. 2 nod.
Peter Rysavy wrote in Network Computing today about his disappointment with the disappearance of the Linux-based WRT54G--he didn't get feedback from Linksys before he filed his piece--and what he sees as the lower-stability of the licensed VxWorks operating system that underlies the v5 release of the gateway. (I've heard this from others, including a colleague as recently as yesterday.) VxWorks is a closed-source system that Linksys told LinuxDevices.com uses half the RAM of the embedded Linux OS. This lets them conserve costs in a commoditized market in which they sell hundreds of thousands of WRT54Gs per month--every dollar saved is millions a year recouped.
Linksys, by the way, didn't develop their embedded Linux, but in turn licensed it from Broadcom, who created the Linux-based code for its reference design. Reference designs are built by chipmakers to provide a ready-to-go product that incorporates their chips. They can often be bid out and built without much effort beyond designing a case and customizing or replacing an installation wizard.
Treo 650 users don't need to wait to use Wi-Fi: PalmOne promised Wi-Fi drivers for their Wi-Fi SD card at some point, but a developer hacked a Tungsten driver to give that functionality now. [via Engadget]
The Virginia Journal of Law & Technology has published an article about wardriving: I confess that I haven't had the chance to read the whole piece, but the author concludes that wardriving is legal and that hackers are informally developing an ethical code that demarcates between essentially identifying hotspots and stealing information transmitted over the networks. The article cites some historical court cases surrounding wardrivers and looks at the positive changes in vendor security standards that wardrivers have affected.
World Wide Wardrive finds most access points unprotected: The fourth week-long international wardrive found 288,000 access points in their survey, more than 50 percent of which had no security enabled. Since these were passive scans, it's impossible to tell whether those access points were inside or outside corporate firewalls, and thus not open portals, but it's likely that the overwhelming majority were just plain open. Nearly 30 percent had the default SSID or network name set.
Watch out, houseboat dwellers and nearby shore residents: sniffing hits human-powered water vehicles!: In my hometown of Seattle, some intrepid souls pack their gear in plastic bags and kayak around Lake Union, a mid point in the connected bodies of water from Elliot Bay through to Lake Washington. Lake Union is home to high tech and biomed companies around the periphery and houseboats and marinas directly on it. The lake is a little dodgy--I wouldn't want to swim in it--but it's a pretty view from the shore or out in it.
Warkayaking is the latest variant in the war- prefix series of sniffing Wi-Fi signals from various places or indicating the presence of Wi-Fi through various means. There's been warflying, wardriving, warchalking, and even warwalking.
Wi-Fi isn't just for networking any more: devices hang off home networks for audio, video, voice: Julio Ojeda-Zapata files a round-up of the transformation of a home wireless network from an early adopter's geeky add-on to a mass-market offering with support from companies like Comcast and Qwest. Remember when cable firms threatened users who shared their network connections with their families?
Ojeda-Zapata notes the increasing variety of devices that can use Wi-Fi networks as their Internet or local network feed, including Apple's new AirPort Express for beaming music to home stereos, Microsoft's Media Center Extender for their home entertainment hub, and Gateway's streaming DVD player.
Long-awaiting update to NetStumbler appears: The program's developer notes using extreme understatement: Since I released NetStumbler 0.3.30, I have experienced birth, death, illness, new job, and increased bandwidth costs. None of these will be helped by the arrival of both NetStumbler and MiniStumbler versions 0.4. Download and enjoy. Sorry it took so long.
The NetStumbler (Windows) and MiniStumbler (Pocket PC) applications let you scan for access points and record information about them, such as their unique interface address and whether security is enabled. You can pair scans with a GPS to build location-based awareness. [link via Gizmodo]
Simultaneously, iStumbler 84 was released for Mac OS X 10.3.
AirDefense monitored the air at Wi-Fi Planet and found a huge number of security breaches: The company saw 21 attempted man-in-the-middle attacks, of which 16 were successful. The rest of the numbers are pretty shocking. In just one day, AirDefense also found 75 denial-of-service attacks targeted at APs, 125 attempted identity thefts by spoofing MAC addresses and 24 fake AP attacks.
With that kind of activity, you'd better use the best security options you've got. But most people didn't. Only 6 percent of corporate email downloads used a VPN and 89 laptops were configured to allow ad hoc networking. I think this kind of data is an argument for not using Wi-Fi in an environment like Wi-Fi Planet unless you know how to secure your laptop.
The cops late last week arrested a third man accused of breaking into Lowe's Wi-Fi network and stealing credit card numbers: This one is not released on bond because in 2000 he was one of the first to be charged under Michigan's computer crime law for hacking into a local ISP.
I'm still really curious to know how secure Lowe's network was. While clearly these guys shouldn't have done what they did, Lowe's has some responsibility for making the network at least reasonably secure. Otherwise, it's an attractive menace.
A couple guys got nailed for hacking into Lowe's national computer system using a Wi-Fi connection from the parking lot of one of the stores: They're accused of changing files, stealing credit card info and installing malicious software. TechDirt wonders if those accusations are unfounded and if the press is going to have a field day with this.
This may offer an interesting case to watch. The original story says that the guys have been charged with causing damage to a protected computer system. I wonder how the court will define a protected Wi-Fi network. Will WEP count?