Posted: 14th Oct, 2010 By: MarkJ
Security experts at
CPP, a life assistance company, have conducted an "
ethical hacking" experiment across six UK cities and found that almost 40,000 private home Wi-Fi networks lacked adequate protection and nearly
a quarter had no password whatsoever. It also found that roughly half of home Wi-Fi networks could be
hacked in less than 5 seconds.
The situation is particularly worrying because it means that a vast swathe of wireless networks have unwittingly exposed their broadband connections to potential abuse. UK ISP TalkTalk estimated last year (
here) that
7 Million homes and businesses were vulnerable to
Wi-Fi hijacking (Wi-jacking, WarDriving) and, under the new
Digital Economy Act 2010 (DEA) anti-piracy proposals, at risk of being wrongly disconnected from the Internet.
CPP's Identity fraud expert, Michael Lynch, said:
"This report is a real eye-opener in highlighting how many of us have a cavalier attitude to wi-fi use, despite the very real dangers posed by unauthorised use. We urge all wi-fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It's vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity."
Ethical hacker and Senior Vice President of CRYPTOCard, Jason Hart, added:
"When people think of hackers they tend to think of highly organised criminal gangs using sophisticated techniques to crack networks. However, as this experiment demonstrates, all a hacker requires is a laptop computer and widely available software to target their victims.
With the growth in the number of smartphones and wireless networks, it has become far easier for hackers to crack usernames and passwords, allowing them access to emails, social networks, and online banking sites and even to assume the online identity of their victim."
Key findings from the report
* We found that nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals.
* Hackers were able to ‘harvest’ usernames and passwords from unsuspecting people using public networks at a rate of more than 350 an hour, sitting in town-centre coffee shops and restaurants. Nearly 16% say they regularly use public networks.
* More than 200 people unsuspectingly logged onto a fake Wi-Fi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.
The study was conducted ahead of
National Identity Fraud Prevention Week by
ethical hacker Jason Hart using specially developed, freely available software to identify insecure networks.
However the majority (82%) of Brits still mistakenly think their wireless network is secure. Only 1 in 20 people were found to know for certain that their network has been used without their permission, indicating that the vast majority remain ignorant of the risk.
It should be noted that even password-protected networks are not secure, especially if they use the old WEP method of encryption or a simple password (e.g. 'cat') that is incredibly easy to bypass. According to CPP a typical
password can be breached by hackers in a matter of seconds. Admittedly that does rather depend on your definition of "
typical".
The report concludes by recommending that home users adopt the most secure
Wi-Fi Protected Access 2 (WPA2) method of encryption (sadly many older routers and other wireless networking devices do not support this).
It also suggests implementing a
Virtual Private Network (VPN) to create a secure wireless zone, using a
firewall, avoid putting identifying details into your wireless network name (
SSID) and positioning Wi-Fi routers so that the signal doesn't bleed outside your home. Check our '
Top 10 Wireless (Wi-Fi) Security Tips' article for some more ideas.