Posted: 16th Mar, 2011 By: MarkJ

The
Information Commissioner’s Office (ICO), an independent authority that was set up by the UK government to uphold information rights in the public interest, has revealed that 40% of people who have wireless networks ( Wi-Fi ) at home
do not understand how to change the security settings and related features.
The survey itself, which was carried out by YouGov, also found that 16% of the people with a home Wi-Fi network were either unsure or are already aware that they are using an unsecured network.
In order to help tackle this
the ICO has today released new guidance, which we've linked at the bottom. The guidance aims to help people protect themselves against the dangers of cyber crime and identity theft through unsecured Wi-Fi.
Steve Wood, Head of Policy at the ICO, said:
"People wouldn’t go out and leave their front door unlocked, but many are still surfing the internet without adequate protection for their personal information. The fact that Google’s Street View cars were able to pick up payload data from unsecured Wi-Fi networks as a by-product of their signals mapping exercise has further highlighted that more people need to take their Wi-Fi security settings seriously.
Leaving your Wi-Fi connection unsecured allows people easy access to your network. This increase in traffic could reduce the speed of your connection or cause you to exceed a data cap imposed by the service provider.
However even more worryingly, it also leaves you open to the actions of rogue individuals who may be using your Wi-Fi to carry out potentially criminal actions without your knowledge. Today’s new guidance aims to get people thinking about whether they are doing enough to ensure their wireless networks are secure."
The ICO claims that most broadband ISPs now setup and install their customers’ Wi-Fi security settings for them, although this only applies if your package comes with a preconfigured router.
However, many routers do not ship with the
toughest WPA2 encryption enabled by default, which could cause compatibility problems but is also a security risk; WPA is not perfect and the weakest WEP was cracked a long time ago.
The ICO has subsequently called for Internet Service Providers (ISPs), retailers and manufacturers to make sure the guidance supplied with their Wi-Fi equipment is clear to the end user and fully explains the risks of people using an unsecured connection.
The situation is particularly worrying because it means that a vast swathe of wireless networks could be unwittingly exposing their broadband connections to potential abuse. UK ISP TalkTalk estimated in 2009 (
here) that
7 Million homes and businesses were vulnerable to WiFi hijacking (
Wi-jacking,
WarDriving) and, under the new
Digital Economy Act (DEA) anti-piracy proposals, potentially at risk of being wrongly disconnected from the Internet.
A separate "
ethical hacking" study by security experts at CPP last year (
here), which was conducted across six UK cities, found that almost
40,000 private home WiFi networks lacked adequate protection and nearly a quarter had no password whatsoever.
ICO Guidances on WiFi Security
http://www.ico.gov.uk/for_the_public/topic_specific_guides/wifi_security.aspx