23 November 2007 | 16,000 views

Wi-Fi Jacking Extremely Common (45% of People Do!)

Check For Vulnerabilities with Acunetix

It seems Wi-Fi is actually extremely common, in fact in a recent poll up to 45% do it! I guess most people here have, I admit I do even with my phone when I’m out and about I’ll use any WiFi point that works.

We can blame it on the manufacturers for having lax default security settings, but they have to do it because if they enforced WEP for example by default..most people wouldn’t be able to connect and would most likely return it to the shop claiming that it’s ‘broken’.

Sophos has revealed new research into the use of other people’s Wi-Fi networks to piggyback onto the internet without payment. The research shows that 54 percent of computer users have admitted breaking the law, by using someone else’s wireless internet access without permission.

According to Sophos, many internet-enabled homes fail to properly secure their wireless connection properly with passwords and encryption, allowing freeloading passers-by and neighbours to steal internet access rather than paying an internet service provider (ISP) for their own.

As for the legal and ethical side, it’s hard to say. In most countries it’s still a fairly grey area – if you don’t do anything illegal with the connection (sniffing, cracking, hacking, DoS etc.) and you don’t use enough bandwidth to cause a problem it’s hard to say it’s illegal.

Stealing Wi-Fi internet access may feel like a victimless crime, but it deprives ISPs of revenue. Furthermore, if you’ve hopped onto your next door neighbours’ wireless broadband connection to illegally download movies and music from the net, chances are that you are also slowing down their internet access and impacting on their download limit. For this reason, most ISPs put a clause in their contracts ordering users not to share access with neighbours – but it’s very hard for them to enforce this.

The contract clause is interested but as mentioned, extremely hard to enforce.

I guess Wifi jacking will continue and as more mobile devices support Wifi (n95, E61i, PSP, iPhone etc) it will get even more common.

Source: Net Security



Recent in Legal Issues:
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- Teen Accused Of Hacking School To Change Grades
- Royal Canadian Mounted Police Arrest Heartbleed Hacker

Related Posts:
- FireCAT 1.5 Released – Firefox Catalog of Auditing Extensions
- Twitter ClickJacking Vulnerability
- Dutch Court Rules Wi-Fi Hacking Legal In Holland

Most Read in Legal Issues:
- Class President Hacks School Grades - 80,533 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,440 views
- One Of The World’s Most Prolific Music Piracy Groups Busted - 43,461 views

Low-cost VPS Hosting

20 Responses to “Wi-Fi Jacking Extremely Common (45% of People Do!)”

  1. GeS 23 November 2007 at 12:28 pm Permalink

    While using open residential connections, be courteous, less the jacked become wise and secure the connection. At that point it becomes a complete waste of time to do any wep guessing due to a lack of activity.

  2. Doug Woodall 23 November 2007 at 5:57 pm Permalink

    Its too bad that so many uses dont take the time to educate themselves about their puters security issues.
    Most have no idea what a WEP even is.

  3. Arley 23 November 2007 at 7:10 pm Permalink

    Plp dont realize that using someone else

  4. GeS 23 November 2007 at 9:07 pm Permalink

    Arley, good point. Some victims just don’t think about that sort of thing when doing banking, email and the such. I think it is interesting to setup an unsecured wap just to sniff those that in fact connect to do there browsing, email and whatever else. In addition to that, I wonder if there is a way to be secure while jacking.

  5. dirty 23 November 2007 at 9:09 pm Permalink

    Arley:
    I think there is a very small margin of unsecured access points that are run by mischievous people hoping to do all you that you listed. The gain from such would be too little in my opinion to waste your time with but there probably are a few of them out there.

  6. GeS 23 November 2007 at 9:21 pm Permalink

    dirty, people go to a coffee shop that has free unsecured wifi and run ettercap while sipping on your own coffee. Better yet, they do this at airports. The information gathered is quite interesting. I say that to say the idea is certainly relative, but at a smaller scale (such as residential).

  7. midnitesnake 24 November 2007 at 12:16 am Permalink

    Where I live a lot of families own a Nintendo DS, the DS is incompatible with higher security implementations like WPA. Even though users know WEP or OPEN is insecure, they leave their APs that way to keep themselves/their children happy. So manufactures’ like Nintendo must get their act together. In my view I blame the manufactures, not adhering to best security practices. BT is another fine example, who uses WEP on their AP’s when their AP’s support the stronger WPA2 implementation.

  8. Nobody_Holme 24 November 2007 at 12:30 pm Permalink

    Another problem child is NTL (now known as virgin media officially, despite all their infrastructure still being tagged as NTL) who will set up your wireless for you for a nominal fee when you set up a broadband contract… and dont set any security. -.-

  9. cpj 25 November 2007 at 12:56 am Permalink

    wifi up the world and this wont be as much of a problem for the naive law-breaking user who didn’t realize what he/she was doing.

  10. Varun 25 November 2007 at 2:59 am Permalink

    Sophos has been known to spread FUD… I will not be surprised if this particular survey does not really reveal what it claims to reveal.

    Btw check this out http://www.xkcd.com/341/

    :-)

  11. Alden 25 November 2007 at 9:35 am Permalink

    The average computer user barely knows how to set up a firewall. If router set up was simplified, perhaps it would help reduce the number of unsecured wireless routers. Ideally they’d come with WEP turned on to a random key, and a setup disk which would automatically configure the right settings in Windows.

    Getting people to read the manual would be a good start too. :)

  12. Hunnter 25 November 2007 at 6:12 pm Permalink

    I admit i have before.
    I never used it to do anything secure, because it is always best to be safe rather than have your accounts (from banking to emails) screwed with (almost deserving though haha)

    I actually run a limited open wireless service (basically just port 80 and some other little things)
    I have “unlimited” bandwidth and 8mbit, and i barely use much of that speed most of the time, so why not, eh?

  13. midnitesnake 25 November 2007 at 6:42 pm Permalink

    quote: Alden:
    Ideally they

  14. Reticent 25 November 2007 at 9:44 pm Permalink

    where the hell did they do the poll? 45% of people wouldnt know what wifi was let along how to crack it. I’d say, generously, it would be 1 in 50.

  15. Alden 25 November 2007 at 10:27 pm Permalink

    WEP won’t stop a determined hacker, no, but out of 45% of “people” (I suspect they mean wireless users) probably only a handful are going to be determined enough to try to crack a secured network – the rest will just look for another unsecured network because it’s easier.

  16. Nobody_Holme 26 November 2007 at 11:16 am Permalink

    Thing is…. why would anyone with the skills to break even WEP bother when they could just use that unsecured network over there… Those skills are for when they’re going to be worthwhile, not for use just to get net access when your can get it anyway much more easily…

  17. dirty 26 November 2007 at 5:16 pm Permalink

    Reticent:
    I think I saw this poll a few weeks back…i believe it was was a UK based poll. Cant say for sure off the top of my head…

  18. Pantagruel 26 November 2007 at 9:54 pm Permalink

    While on vacation in any major city of our lovely planet you realy do NOT need to go to an internet cafe anymore. The amounts of open wirreless access points is disturbing, the mentioned 45% is to my own experience by far too little. More disturbing is the fact that it doesn’t always need to be some average Joe/Jane who doesn’t have the knowledge or isn’t willing to pay for a proper setup. Even larger companies simply forget to hire a pro and seal off there wireless appliances. WEP/PKA-PSK sound like buzz word of whom only a few seem to graps their value and given the number of wireless appliances in a household daddy sure doesn’t want to bother too much and doing without properly protecting his wlan seems to fit best to the childrens portable game stations, or even dad’s streaming device.

  19. Sir Henry 14 December 2007 at 6:04 pm Permalink

    This is something that will likely never go away. There will always be users who simply want things to work out of the box. For that reason, the default security will simply be no security at all. It is amazing that companies bend to the will of those who ultimately become the victims due to their ignorance of security. I know that if I am out and about and need to connect, that my ssh tunnel is the first thing to be established so that no prying eyes will be able to see what I am doing. My nefarious side thinks that routing those connected to the unsecured AP through Cain and Abel is a fun test in sociology.

  20. fever 10 April 2008 at 4:46 pm Permalink

    pretty difficult to have a secure wireless ap these days with out something that monitors and authenticates regularly.