Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

Once again WiFi security is in the news, this time a new report in the UK shows that almost half of UK home WiFi networks could be compromised within 5 seconds.

While that sounds a little dramatic it wouldn’t surprise me if a lot still have no WEP key at all. And even if they have a WEP key with the tools available for WEP cracking now – it wouldn’t take that long to hammer it down – especially on a high traffic network.

From the study it seems that about 25% of networks are totally password free, I’m not sure how far they went though in terms of trying to connect. Perhaps a lot are public wifi spots that employ proxy services and require you to ‘login’, perhaps some are using MAC address white-listing.

Nearly half of all home Wi-Fi networks in the UK could be hacked within five seconds, according to CPP. The life assistance company employed the services of ethical hacker Jason Hart to roam six major cities across the UK and use specially developed software to identify home networks that were at risk of ‘Wi-Fi jacking’.

Wi-Fi jacking see hackers piggybacking on a net connection and allows them to illegally download files, purchase illegal goods or pornography or even sell on stolen goods, without being traced. It also allows them to view the private transactions made over the net, providing them with access to passwords and usernames that can subsequently be used to commit identity fraud. CPP’s research, which has been conducted ahead of National Identity Fraud Prevention Week, revealed 40,000 home Wi-Fi networks were at risk.

CPP also said that despite the fact 82 percent of web users believe their Wi-Fi connection is secure, nearly a quarter of private wireless networks are not password protected

It’s also interesting the amount of web users that use public or wifi-jacked networks without using encrypted connections. Grabbing login and password combos at a rate of 350 per hour is a LOT of passwords.

If they also recorded the associated services that could be a massive stash of credentials. It just goes to show if you do a little war-driving, what kind of goodies you can go home with.

Furthermore, nearly one in five (16 percent) of web users say they regularly use public networks. During his research, Hart was able to ‘harvest’ usernames and passwords from user of the public Wi-Fi networks at a rate of more than 350 an hour.

He also revealed more than 200 web users unsuspectingly logged onto a fake Wi-Di network over the course of an hour, during the experiment, putting themselves at risk from fraudsters who could harvest their personal and financial information.

“This report is a real eye-opener in highlighting how many of us have a cavalier attitude to Wi-Fi use, despite the very real dangers posed by unauthorised use,” said CPP’s identity fraud expert Michael Lynch.

“We urge all Wi-Fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It’s vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.”

Hart warned both businesses and individuals to “think very carefully about network security and what information they provide when going online”.

As with most things this is not a technical issue, there are plenty of security options for home Wi-Fi setups, they are well documented and all new modems/routers come with filtering, white-listing and WEP/WPA encryption built in.

With a combination of these factors anyone can set up a secure WAP at home.

Oh well, it looks like things are going to change for a while.

Source: Network World

Posted in: Networking Hacking, Privacy, Wireless Hacking

, , ,

Latest Posts:

RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.

One Response to Half Of Home Wi-Fi Networks In The UK Vulnerable to Hacking/WiFi-Jacking

  1. Jason October 15, 2010 at 8:13 pm #

    I live in the US and many of the access points over here are very vulnerable to hacking as well. I wouldn’t be surprised to learn that it’s to an even greater extent than the UK. I know there are several other sites out there with similar content but I have created a sort of one-stop-shop for helping less computer savvy users secure their networks. The address is http://wifisec.freeiz.com. My goal with the site is to provide concise, and easy to understand steps for securing all types of home routers as well as to help people understand why securing their home router is important. Please feel free to pass the link along to anyone you feel could use the information!