Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

Once again WiFi security is in the news, this time a new report in the UK shows that almost half of UK home WiFi networks could be compromised within 5 seconds.

While that sounds a little dramatic it wouldn’t surprise me if a lot still have no WEP key at all. And even if they have a WEP key with the tools available for WEP cracking now – it wouldn’t take that long to hammer it down – especially on a high traffic network.

From the study it seems that about 25% of networks are totally password free, I’m not sure how far they went though in terms of trying to connect. Perhaps a lot are public wifi spots that employ proxy services and require you to ‘login’, perhaps some are using MAC address white-listing.

Nearly half of all home Wi-Fi networks in the UK could be hacked within five seconds, according to CPP. The life assistance company employed the services of ethical hacker Jason Hart to roam six major cities across the UK and use specially developed software to identify home networks that were at risk of ‘Wi-Fi jacking’.

Wi-Fi jacking see hackers piggybacking on a net connection and allows them to illegally download files, purchase illegal goods or pornography or even sell on stolen goods, without being traced. It also allows them to view the private transactions made over the net, providing them with access to passwords and usernames that can subsequently be used to commit identity fraud. CPP’s research, which has been conducted ahead of National Identity Fraud Prevention Week, revealed 40,000 home Wi-Fi networks were at risk.

CPP also said that despite the fact 82 percent of web users believe their Wi-Fi connection is secure, nearly a quarter of private wireless networks are not password protected

It’s also interesting the amount of web users that use public or wifi-jacked networks without using encrypted connections. Grabbing login and password combos at a rate of 350 per hour is a LOT of passwords.

If they also recorded the associated services that could be a massive stash of credentials. It just goes to show if you do a little war-driving, what kind of goodies you can go home with.

Furthermore, nearly one in five (16 percent) of web users say they regularly use public networks. During his research, Hart was able to ‘harvest’ usernames and passwords from user of the public Wi-Fi networks at a rate of more than 350 an hour.

He also revealed more than 200 web users unsuspectingly logged onto a fake Wi-Di network over the course of an hour, during the experiment, putting themselves at risk from fraudsters who could harvest their personal and financial information.

“This report is a real eye-opener in highlighting how many of us have a cavalier attitude to Wi-Fi use, despite the very real dangers posed by unauthorised use,” said CPP’s identity fraud expert Michael Lynch.

“We urge all Wi-Fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It’s vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.”

Hart warned both businesses and individuals to “think very carefully about network security and what information they provide when going online”.

As with most things this is not a technical issue, there are plenty of security options for home Wi-Fi setups, they are well documented and all new modems/routers come with filtering, white-listing and WEP/WPA encryption built in.

With a combination of these factors anyone can set up a secure WAP at home.

Oh well, it looks like things are going to change for a while.

Source: Network World

Posted in: Networking Hacking, Privacy, Wireless Hacking

, , ,

Latest Posts:

Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.

One Response to Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

  1. Jason October 15, 2010 at 8:13 pm #

    I live in the US and many of the access points over here are very vulnerable to hacking as well. I wouldn’t be surprised to learn that it’s to an even greater extent than the UK. I know there are several other sites out there with similar content but I have created a sort of one-stop-shop for helping less computer savvy users secure their networks. The address is http://wifisec.freeiz.com. My goal with the site is to provide concise, and easy to understand steps for securing all types of home routers as well as to help people understand why securing their home router is important. Please feel free to pass the link along to anyone you feel could use the information!