Quarter of home Wi-Fi networks have no password
Many home Wi-Fi networks are completely unprotected and half can be hacked in fewer than five seconds, an “ethical hacking” experiment has revealed.
Anti-fraud company CPP set ethical hacker Jason Hart loose on the streets of UK cities to test the security of wireless networks.
He found a quarter of home wireless networks have no password at all, while those that are protected with a basic password can still be cracked in seconds.
“Not all had set up a basic password,” said CPP’s head of identity protection Michael Lynch. “But what Jason Hart was using was a simple bit of software that works around passwords to see anything not encrypted.”
Still, Lynch said password protecting a wireless network was the first step to take. “Although that can be breached, at least you’re given that first level of protection,” he told PC Pro, advising users to use encryption on their networks and install firewalls.
London and Manchester had the highest proportion of unsecured networks at almost a third, while Cardiff was the most secure with only 12% lacking a password. In Bristol, 28% weren’t secured, while in Birmingham a quarter weren’t and in Edinburgh one in five were without protection.
While Lynch admitted such hacking attacks weren’t yet widespread, he said it was “difficult to quantify as victims weren’t really aware” how their accounts were hacked.
The experiment also showed how using public networks wasn’t secure if users aren’t paying attention to the network they sign into.
For example, Hart would sit outside a café and set up a network named after the establishment. Users would assume it was the café’s own network and log on, with as many as 200 people connecting each hour, letting Hart monitor what sites they visited and passwords they entered.
“He could monitor what you were doing on a machine, install a keylogger, see transactions being carried out, get passwords, install viruses – all the same things spyware can do,” said Lynch.
It wasn’t only people sitting in the café on their laptops that Hart could infect, but mobile phone users picking up the network as they walked by. Lynch noted that people will piggy-back on Wi-Fi networks with smartphones to avoid mobile data charges or if they don’t have 3G signal, but warned they should be more careful.
“If you don’t know whose it is, leave it alone,” he advised.
He also called for anyone operating a public wireless network – from cafés to hotels to governments – to be more careful with how they protect their networks and give users clear details to logon with, so there’s less chance them getting caught out by criminals.