Half of wi-fi users leave the front door open for hackers!
Oliver Moody Published at 12:01AM, June 10 2013
More than half of wi-fi networks are so insecure that they can be hacked within minutes and leave users open to fraud and identity theft, a cyber-security expert has warned.
Some common password-protected systems would take even an amateur only a second to crack, according to James Lyne, director of technology strategy at Sophos, a computer safety company. He urged households to switch to stronger protection that can be downloaded free.
A wi-fi access point in a house lets a number of devices, such as computers and playstations, go online in different rooms without cables. They communicate with aerials on the access point, which is wired to the internet.
The range can be up to 300 yards and unless the network is protected by a password any wireless device close enough can join it.
In preparation for a talk at The Times Cheltenham Science Festival, Mr Lyne cycled 30 miles around the town with a device for detecting wi-fi access points.
He found almost 14,000, of which more than 1,600 were completely open, while 1,243 were using a vulnerable system called WEP and 4,721 were on WPS, a slightly stronger shield that can nevertheless be broken in an hour.
Hackers could easily have entered 55 per cent of the networks. A study of 107,000 networks in London found that slightly more of them had WPS.
“If you’re a consumer or a small business and your network is wide open, anyone can connect to your network, and once they’ve got their foot in the door they can launch potential attacks where they can get the username and password for your email in your browser, and in some scenarios bank details and other personal data,” Mr Lyne said.
The network owner can be legally responsible if someone uses it to commit crime, he added. “One old couple had their door knocked down in the middle of the night by a SWAT team,” he said. “Their next-door neighbour had been using their wireless network to threaten violence online.” “Piggybacking” somebody else’s network is illegal, but very hard to trace.
Wireless Equivalent Privacy (WEP) was one of the first wi-fi security systems and is still used by about a tenth of households. Mr Lyne said it could be hacked using readily available software in two or three minutes.
Wi-fi Protected Setup (WPS), introduced in 2007 and now one of the most widespread forms of protection, is more sophisticated but can be broken relatively quickly. “WPS is a convenience technology, because people don’t like long, complex passwords,” Mr Lyne said. It uses a seven-digit PIN to unlock an 80-digit PIN, and while the number of combinations is many millions, a flaw reduced it to 11,000, and with modern computer speeds it can be cracked within an hour.
He urged households to upgrade to two more powerful systems, WPA and WPA2. Most wi-fi users can download them and secure a business or home computer for free. Always be aware of the fact that Wi-fi networks can be quite insecure and may be open to computer fraud.