By: MarkJ - 14 October, 2010 (12:12 PM)
uk wireless wifi network security piracy p2pSecurity experts at CPP, a life assistance company, have conducted an "ethical hacking" experiment across six UK cities and found that almost 40,000 private home Wi-Fi networks lacked adequate protection and nearly a quarter had no password whatsoever. It also found that roughly half of home Wi-Fi networks could be hacked in less than 5 seconds.

The situation is particularly worrying because it means that a vast swathe of wireless networks have unwittingly exposed their broadband connections to potential abuse. UK ISP TalkTalk estimated last year (here) that 7 Million homes and businesses were vulnerable to Wi-Fi hijacking (Wi-jacking, WarDriving) and, under the new Digital Economy Act 2010 (DEA) anti-piracy proposals, at risk of being wrongly disconnected from the Internet.

CPP's Identity fraud expert, Michael Lynch, said:

"This report is a real eye-opener in highlighting how many of us have a cavalier attitude to wi-fi use, despite the very real dangers posed by unauthorised use. We urge all wi-fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It's vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity."

Ethical hacker and Senior Vice President of CRYPTOCard, Jason Hart, added:

"When people think of hackers they tend to think of highly organised criminal gangs using sophisticated techniques to crack networks. However, as this experiment demonstrates, all a hacker requires is a laptop computer and widely available software to target their victims.

With the growth in the number of smartphones and wireless networks, it has become far easier for hackers to crack usernames and passwords, allowing them access to emails, social networks, and online banking sites and even to assume the online identity of their victim."
Key findings from the report

* We found that nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals.

* Hackers were able to ‘harvest’ usernames and passwords from unsuspecting people using public networks at a rate of more than 350 an hour, sitting in town-centre coffee shops and restaurants. Nearly 16% say they regularly use public networks.

* More than 200 people unsuspectingly logged onto a fake Wi-Fi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.
The study was conducted ahead of National Identity Fraud Prevention Week by ethical hacker Jason Hart using specially developed, freely available software to identify insecure networks.


However the majority (82%) of Brits still mistakenly think their wireless network is secure. Only 1 in 20 people were found to know for certain that their network has been used without their permission, indicating that the vast majority remain ignorant of the risk.

It should be noted that even password-protected networks are not secure, especially if they use the old WEP method of encryption or a simple password (e.g. 'cat') that is incredibly easy to bypass. According to CPP a typical password can be breached by hackers in a matter of seconds. Admittedly that does rather depend on your definition of "typical".

The report concludes by recommending that home users adopt the most secure Wi-Fi Protected Access 2 (WPA2) method of encryption (sadly many older routers and other wireless networking devices do not support this).

It also suggests implementing a Virtual Private Network (VPN) to create a secure wireless zone, using a firewall, avoid putting identifying details into your wireless network name (SSID) and positioning Wi-Fi routers so that the signal doesn't bleed outside your home. Check our 'Top 10 Wireless (Wi-Fi) Security Tips' article for some more ideas.
Share: Slash., Stumble, Facebook, Digg, Blink, Reddit, Delicious, Diigo
Option: Link | Search

Comments: 15

asa logotimeless
Posted: 14 October, 2010 - 2:25 PM
Link to comment

you done know what your talking about.. being anon on the net wont help you, an open wireless means your computer is accessible without much effort at all hell WEP is just the same, if your computer is accessible from a hacker because your wireless is insecure then a VPN wont help you.
asa logoSkip
Posted: 14 October, 2010 - 5:08 PM
Link to comment

Actually it would. A vpn provides an encrypted tunnel from your computer to the vpn server. Up to 2048 bit encryption. Its a safe way to use open public wifi networks and would protect you from the open username / password grabbing being conducted in these attacks
asa logoQuantamm
Posted: 14 October, 2010 - 5:39 PM
Link to comment

Actually, the first post is spammer selling VPNs for pirate use.

It's just coincidental that the comment-spam happened to be relevant to the article.
asa logoCommunity_friendly
Posted: 14 October, 2010 - 5:40 PM
Link to comment

Some of us choose to leave our networks open on purpose as a free community resource. We are leaving our networks unsecured on purpose.

I live in a street that has an open field at the end of the road that the council leaves purposefully unlocked as well so people can use that freely without a login or identity process before usage.

Depends on your philosophy of life and how you want resources to be made available.
asa logoRealist
Posted: 14 October, 2010 - 6:08 PM
Link to comment

Mr. Friendly - If someone chose to use your open field to host public orgies, would you still look upon it as community friendly? Because that's what they'll likely do with your open wireless internet... And as an added bonus, since the IP address leads back to you - guess who gets to explain any illegal activity originating from your community friendly IP!

A VPN can help if you're using a hotspot, or any sort of public internet - but that's only if ALL traffic is routed through it. Many VPNs only secure traffic to resources on the VPN itself, not traffic going out to the internet (it's called split tunelling).

Best bet is to not login to sensitive websites (like your bank) on public networks or computers. Use pass phrases instead of passwords when possible, and never expect anything to be 100% secure... Even wireless keyboard signals can be intercepted!
asa logospongeybob
Posted: 14 October, 2010 - 6:58 PM
Link to comment

If you dont need wi-fi dont use it most hubs give the option to turn wi-fi off both mine and my wifes computers are online without wi-fi and I love playing online games & banking knowing that no one can hack my broadband via wi-fi and my firewall takes care of the rest the only solution to the wi-fi problem is to disable it
asa logoJason
Posted: 14 October, 2010 - 7:38 PM
Link to comment

http://allthatiswrong.wordpress.com/2010/02/27/is-making-use-of-unprotected-wi-fi-stealing/
asa logooutgoing
Posted: 14 October, 2010 - 8:07 PM
Link to comment

Realist/Horrible Person

Personally, I think orgies are very friendly. I'd be happy to host them in the field down the street from my place. Are you suggesting that the possibility that something bad may happen is a good reason to take something away entirely?

Roads gone because of auto crashes? The government gone because of poorly constructed laws? The French because they may re-elect Sarkozy (though this problem may take care of itself with the 3 strikes law)?

Realists don't assume bad things, they look at the good at the bad and try to optimise for good. You, sir, are not a realist. You are simply a fearmonger in the guise of a rational person.
asa logodeveloper
Posted: 14 October, 2010 - 8:07 PM
Link to comment

@ realist: it's called plausible deniability, good sir. i run an open wifi access point, and if malicious activity originates from my ip, i give the (useless) router log files to the authorities and tell them to take a hike. i share my wifi because i know that even WPA2 can be broken with aircrack-ng, or a nice pre-computed pile of PMKs using pyrit. nothing is safe, so why should i guard my resources instead of giving them away for free? don't be stupid or greedy, realist.
asa logoJake
Posted: 14 October, 2010 - 8:28 PM
Link to comment

WPA2 can only be cracked by "brute-forcing" the password. Don't talk nonsense about topics you aren't qualified to comment on.
asa logodeveloper
Posted: 14 October, 2010 - 8:40 PM
Link to comment

@ jake: if you read my post, i said "pre-computed pile of PMKs" which for technically-inept people like yourself means "precomputing passwords for ESSIDs" kinda sad to think that you're ridiculing someone because you don't understand what they're talking about. pick up a dictionary son, and try not to talk smack about what your brain can't pick apart. if you want, here's a nice demo video on what i'm talking about if you care to gain some knowledge. P.S. jake i feel bad for you. =]

http://www.youtube.com/watch?v=yw32xeDKM_Y&feature=related
asa logoSteve
Posted: 14 October, 2010 - 10:42 PM
Link to comment

developer: Even with precomputed hashes, brute forcing the password is only plausible if the pass phrase is weak.
asa logoDF
Posted: 14 October, 2010 - 11:32 PM
Link to comment

@Jason Hart,

Seriously, if you are going to go wardriving, you shouldn't be using an active tool like NetStumbler, there are much better passive open source alternatives. Did you even wonder why you didn't see any networks without a hidden SSID?

I'm also just wondering what wireless network protection you are cracking in 5 seconds? MAC address filtering? 5 minutes I could understand for WEP and WPA (with a weak PSK) if you are any good at wireless cracking, but you are a joke mate. Maybe you should stick to your field of specialty, "password cracking"...BTW, installing and using Cain and Able doesn't make you a password cracking specialist.

DF
asa logoWilliam M
Posted: 21 October, 2010 - 3:22 PM
Link to comment

This is exactly why we need VPN providers to secure wireless connections. It's the easiest way to secure yourself even on unencrypted networks.

Here is a list of some good VPN providers:

http://www.privateinternetaccess.com/
http://www.madvpn.com/
http://www.strongvpn.com/
asa logoRiceJoann24
Posted: 11 March, 2012 - 12:34 AM
Link to comment

Some time ago, I did need to buy a car for my firm but I didn't have enough money and couldn't purchase something. Thank God my dude adviced to try to get the <a href="http://goodfinance-blog.com/topics/personal-loans">personal loans</a> at reliable creditors. Therefore, I did that and was satisfied with my short term loan.



Generated in 0.75602 seconds.
DB queries: 8

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Live Chat & Website Rules).