The BBC's Watchdog consumer affairs TV show last night revealed that three of the UK's top wireless ( Wi-Fi Hotspot ) broadband operators , including BT Openzone , The Cloud and T-Mobile , are vulnerable to hacking attacks. Internet security firm Garlik states that, over the last year, there has been a 207% increase in 'account takeover fraud', where criminals access existing accounts rather than using stolen identities.
The TV show used equipment readily available on the internet to hijack wireless traffic at a variety of hotspots, while experts working with the programme-makers could have been able to take control of other hotspot users' Internet accounts. The situation is similar to a recent study by TalkTalk , which highlighted the ease of hijacking Wi-Fi connections for illegal downloads (here).
All of the operators highlighted in Watchdog's report recommended using a secure remote access virtual private network (VPN) to protect against data interception, though an average Joe surfer is unlikely to be familiar with this solution. The operators are now working to better educate their users.
It's also good practice to use WPA2 encryption on your network and a longer passkey that mixes numbers and letters. Admittedly if the Wi-Fi Hotspot does not support WPA2 then there is not much you can do except complain in the hope of getting that changed. Our 2008 'Top 10 Wireless (Wi-Fi) Security Tips' article also includes some additional tips.
The TV show used equipment readily available on the internet to hijack wireless traffic at a variety of hotspots, while experts working with the programme-makers could have been able to take control of other hotspot users' Internet accounts. The situation is similar to a recent study by TalkTalk , which highlighted the ease of hijacking Wi-Fi connections for illegal downloads (here).
BT Openzone Statement:
"BT Openzone offers encryption at log-in, a standard used by all global Wi-Fi operators. To help customers receive a safe, reliable and robust Wi-Fi service we also advise using up to date firewall and anti-virus software to guard against most attacks. We have always strongly recommended a secure remote access virtual private network (VPN) to protect against data interception. The industry as a whole has a responsibility to give users the option to choose to keep their sessions secure."
"BT Openzone offers encryption at log-in, a standard used by all global Wi-Fi operators. To help customers receive a safe, reliable and robust Wi-Fi service we also advise using up to date firewall and anti-virus software to guard against most attacks. We have always strongly recommended a secure remote access virtual private network (VPN) to protect against data interception. The industry as a whole has a responsibility to give users the option to choose to keep their sessions secure."
The Cloud Statement:
"The Cloud welcomes the opportunity to respond to the questions posed by Watchdog regarding the security aspects of public Wi-Fi networks. We take security very seriously and adhere to all of the current industry standards and protocols to run our networks. The Cloud operates an Open (unencrypted) Wi-Fi network in the UK. It is the industry standard for Wi-Fi Internet Service Providers and is adopted by the vast majority of operators worldwide."
"The Cloud welcomes the opportunity to respond to the questions posed by Watchdog regarding the security aspects of public Wi-Fi networks. We take security very seriously and adhere to all of the current industry standards and protocols to run our networks. The Cloud operates an Open (unencrypted) Wi-Fi network in the UK. It is the industry standard for Wi-Fi Internet Service Providers and is adopted by the vast majority of operators worldwide."
T-Mobile Statement:
"T-Mobile takes the security and privacy of its customers seriously, especially as broadband internet has become an essential tool for many people. Wherever people are accessing the internet, whether at home or on the move, there are a small number of hackers who will use their specialist knowledge to take advantage of others by accessing their information. While most of the time customers don't experience problems, T-Mobile takes steps to offer protection to users of Wi-Fi HotSpots."
"T-Mobile takes the security and privacy of its customers seriously, especially as broadband internet has become an essential tool for many people. Wherever people are accessing the internet, whether at home or on the move, there are a small number of hackers who will use their specialist knowledge to take advantage of others by accessing their information. While most of the time customers don't experience problems, T-Mobile takes steps to offer protection to users of Wi-Fi HotSpots."
All of the operators highlighted in Watchdog's report recommended using a secure remote access virtual private network (VPN) to protect against data interception, though an average Joe surfer is unlikely to be familiar with this solution. The operators are now working to better educate their users.
It's also good practice to use WPA2 encryption on your network and a longer passkey that mixes numbers and letters. Admittedly if the Wi-Fi Hotspot does not support WPA2 then there is not much you can do except complain in the hope of getting that changed. Our 2008 'Top 10 Wireless (Wi-Fi) Security Tips' article also includes some additional tips.
Tweet
Comments: 1
John BullPosted: 30 October, 2009 - 3:37 PM
Link to comment
What they demonstrated has NOTHING to do with wireless encryption or the hotspot ISP in use.
They were on the SAME network, sniffed the traffic and grabbed the cookie. The clue was when they were talking about logging off the site so that the session (and therefore the cookie) was not left open.
Even if the public wireless hotspot was encrypted, they would have to give the key out to anybody wanting it. That's the whole point of a public hotspot.
The attacker would still be on the same network as the victim, sniffing packets going across it and hijacking the cookie.
This is about Google and Hotmail securing it by using using SSL (https://). Not for just logging in either, but for the whole time a user is reading their email until they logout and the cookie expires.
I believe that Gmail has an option to do this in its settings, have a look and switch it on!
Generated in 1.01432 seconds.
DB queries: 8
Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Live Chat & Website Rules).