Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

Once again WiFi security is in the news, this time a new report in the UK shows that almost half of UK home WiFi networks could be compromised within 5 seconds.

While that sounds a little dramatic it wouldn’t surprise me if a lot still have no WEP key at all. And even if they have a WEP key with the tools available for WEP cracking now – it wouldn’t take that long to hammer it down – especially on a high traffic network.

From the study it seems that about 25% of networks are totally password free, I’m not sure how far they went though in terms of trying to connect. Perhaps a lot are public wifi spots that employ proxy services and require you to ‘login’, perhaps some are using MAC address white-listing.

Nearly half of all home Wi-Fi networks in the UK could be hacked within five seconds, according to CPP. The life assistance company employed the services of ethical hacker Jason Hart to roam six major cities across the UK and use specially developed software to identify home networks that were at risk of ‘Wi-Fi jacking’.

Wi-Fi jacking see hackers piggybacking on a net connection and allows them to illegally download files, purchase illegal goods or pornography or even sell on stolen goods, without being traced. It also allows them to view the private transactions made over the net, providing them with access to passwords and usernames that can subsequently be used to commit identity fraud. CPP’s research, which has been conducted ahead of National Identity Fraud Prevention Week, revealed 40,000 home Wi-Fi networks were at risk.

CPP also said that despite the fact 82 percent of web users believe their Wi-Fi connection is secure, nearly a quarter of private wireless networks are not password protected

It’s also interesting the amount of web users that use public or wifi-jacked networks without using encrypted connections. Grabbing login and password combos at a rate of 350 per hour is a LOT of passwords.

If they also recorded the associated services that could be a massive stash of credentials. It just goes to show if you do a little war-driving, what kind of goodies you can go home with.

Furthermore, nearly one in five (16 percent) of web users say they regularly use public networks. During his research, Hart was able to ‘harvest’ usernames and passwords from user of the public Wi-Fi networks at a rate of more than 350 an hour.

He also revealed more than 200 web users unsuspectingly logged onto a fake Wi-Di network over the course of an hour, during the experiment, putting themselves at risk from fraudsters who could harvest their personal and financial information.

“This report is a real eye-opener in highlighting how many of us have a cavalier attitude to Wi-Fi use, despite the very real dangers posed by unauthorised use,” said CPP’s identity fraud expert Michael Lynch.

“We urge all Wi-Fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It’s vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.”

Hart warned both businesses and individuals to “think very carefully about network security and what information they provide when going online”.

As with most things this is not a technical issue, there are plenty of security options for home Wi-Fi setups, they are well documented and all new modems/routers come with filtering, white-listing and WEP/WPA encryption built in.

With a combination of these factors anyone can set up a secure WAP at home.

Oh well, it looks like things are going to change for a while.

Source: Network World

Posted in: Networking Hacking Tools, Privacy, Wireless Hacking

, , ,

Latest Posts:

OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.

One Response to Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

  1. Jason October 15, 2010 at 8:13 pm #

    I live in the US and many of the access points over here are very vulnerable to hacking as well. I wouldn’t be surprised to learn that it’s to an even greater extent than the UK. I know there are several other sites out there with similar content but I have created a sort of one-stop-shop for helping less computer savvy users secure their networks. The address is http://wifisec.freeiz.com. My goal with the site is to provide concise, and easy to understand steps for securing all types of home routers as well as to help people understand why securing their home router is important. Please feel free to pass the link along to anyone you feel could use the information!