bit-tech.net

Study warns of UK Wi-Fi risk

Study warns of UK Wi-Fi risk

A new study by CPP suggests that nearly half of UK Wi-Fi networks can be hacked in under 5 seconds.

A recent study of UK Wi-Fi networks has highlighted that almost half of all access points can be hacked in less than five seconds, potentially putting the personal data of thousands of individuals at risk.

Despite modern routers shipping with reasonable passwords and WPA-level encryption, a study commissioned by life assistance company CPP suggests that there hasn't been much improvement since the bad old days of WEP.

Using the services of 'ethical hacker' Jason Hart, the study was able to identify over 40,000 networks at high risk of attack across six UK cities: London, Cardiff, Bristol, Birmingham, Manchester, and Edinburgh.

Capital city London was by far the worst offender, with 4,746 badly configured networks ripe for the picking, followed by Cardiff with 1,409. Each network could be accessed in under five seconds, giving fraudsters a quick and easy route into a company or individual's private network.

Michael Lynch, CPP's identity fraud expert, described the study as 'a real eye-opener in highlighting how many of us have a cavalier attitude to Wi-Fi use, despite the very real dangers posed by unauthorised use,' and advised Wi-Fi users to 'remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.'

As well as a study of badly-secured networks, CPP also had Hart place fake access points in public areas to harvest usernames and passwords which were then discarded after incrementing a counter. Doing this, Hart was able to retrieve 391 username and password combinations from those who believed themselves to be logging in to genuine networks.

While the data gathered by Hart was discarded, the study provides a reminder that data transmitted over Wi-Fi isn't necessarily private. While CPP's advice on protection your own network, which includes using WPA2 security and having an obscure SSID, will help to keep ne'er-do-wells off your network, avoiding malicious public hotspots is somewhat harder.

Are you shocked to see just how many networks are still not using WPA2, or is CPP using flawed methodologies to push its fraud protection products? Share your thoughts over in the forums.

27 Comments

Discuss in the forums Reply
liratheal 15th October 2010, 11:36 Quote
Is.. That really a surprise?

A wifi borrowing newbie like myself is quite capable of perusing networks in city centres.
wuyanxu 15th October 2010, 11:53 Quote
WPA2 AES long non-dictionary password with Mac address filtering and all DHCP assigned IP have restricted local access (DHCP start at 100, all my machines use the ones under 10).

surely it's secure enough.


the way i see it, those people who don't make their network secure are probably people who don't relay on their network as infrastructure to share stuff. they are not very tech savvy. so a hacked network does not compromise as much as tech savvy people who relay on their network to provide data such as data from their NAS.
javaman 15th October 2010, 12:20 Quote
what wuyanxu said. Home wifi wouldnt be worth hacking in a lot of cases. Whos gonna drive into a random housing area and decide "this router looks like a good hack" considering my next door neighbour has his unlocked ^^ Chances of it are remote either way. NOTE: If I do get hacked I will promply eat my words and find a corner to lie in and cry myself to death unworthy of browsing these forums ;)
koli 15th October 2010, 12:23 Quote
Is setting up a list of allowed mac addresses safe? Does anybody know if the wifi network protected like that can be compromised?
Phalanx 15th October 2010, 12:28 Quote
I use WPA2 with Mac address filtering. So far, so good :)
Unknownsock 15th October 2010, 12:31 Quote
I'm probably on that list :p
Can't say i store any delicate data.
MSHunter 15th October 2010, 12:50 Quote
If you need security in your home network or don't like the idea that Any one can drive by and have a peak then the only secure network is hardwired. Most people here can use a drill and "hot Glue" so it's really a moot point.

Even if you use the "best" private encryption available and have a 16 character or longer password you can use GPGPU brute force software to hack it in minutes! FACT.
Burnout21 15th October 2010, 13:02 Quote
I am curious to test my own network now, but what software would I need?
kosch 15th October 2010, 13:17 Quote
MAC address filtering will only slow someone down a little so much as the addresses can be sniffed out and then easily spoofed/cloned.

http://en.wikipedia.org/wiki/Wireless_security#Identity_theft_.28MAC_spoofing.29
lacuna 15th October 2010, 13:22 Quote
Quote:

Capital city London was by far the worst offender, with 4,746 badly configured networks ripe for the picking, followed by Cardiff with 1,409

Err, not really comparable though are they since the population of London is more than 20 times greater than that of Cardiff. That obviously paints a far worse image of Cardiff but I strongly doubt the statistics are accurate . Only 4746 badly secured networks in London? I doubt that
tad2008 15th October 2010, 13:59 Quote
Obscure your SSID, like thats going to help with readily available tools that show SSID's regardless of whether they are hidden or not and not to mention that Vista for one has problems connecting to networks with hidden SSID's and it would cause users a lot more headaches and make no difference to any hacker.

Using cables, WPA2 and MAC Address filtering all help, though MAC Addresses can still be spoofed, so aren't foolproof.

A long secure key will however make a world of difference, using number letters and symbols in a completely random pattern rather than just a standard pass phrase like the ones used over on the grc.com website https://www.grc.com/passwords.htm
wuyanxu 15th October 2010, 14:34 Quote
MAC address filtering will help if the wireless device is "off the air" (as said on wiki)

if you only use your wifi for your smartphones, like me, you should be able to get away with a weaker encryption.

as said in this thread, connect by wire is still the best method. i do it with all my computers currently (although only living in a flat) and only use wifi for my iphone, so shouldn't be any problems. hopefully no one is interested in using GPGPU to Brut force hack me :) (if they are that despite, my NAS can be accessed online, with 3 password attempts allowed every month)
barrkel 15th October 2010, 15:03 Quote
I run one of my wifi APs unencrypted and firewalled attached to one of my servers. Much handier for visitors who want Internet access, or even the neighbours if they're having trouble.

Frankly, I find it offensive to buy into the line the government (and others who would control you) peddles, namely, that all endpoints must be used only by explicitly authorized users so that they can reliably associate an IP address with a person. I think the Internet is like air: it is the transmission medium of information (speech), and people who would control access to it are fundamentally illiberal.
Burdman27911 15th October 2010, 15:25 Quote
Quote:
Originally Posted by barrkel
I run one of my wifi APs unencrypted and firewalled attached to one of my servers. Much handier for visitors who want Internet access, or even the neighbours if they're having trouble.

Frankly, I find it offensive to buy into the line the government (and others who would control you) peddles, namely, that all endpoints must be used only by explicitly authorized users so that they can reliably associate an IP address with a person. I think the Internet is like air: it is the transmission medium of information (speech), and people who would control access to it are fundamentally illiberal.

I'm not opposed to letting people use my internet, but I MUST know who they are before letting them do so. I don't really want a ton of strangers using up by bandwidth for free, and then also all of their actions point back to me (my IP addy). Therefore, I use encryption and BSSID (no MAC filtering since I do let people I know join when they are around).
gabe777 15th October 2010, 17:37 Quote
Could someone point me in the direction of instructs for filtering MACs ? I have a BT Home Hub.

Thank you in advance.
TheStockBroker 15th October 2010, 18:02 Quote
One word.

Backtrack.

Open it in a virtual machine, and off you go!

That, and any processor Core Duo (1)+ will bring WEP to it's knees in seconds. (Spoonwep for noobs)

even a recent laptop with a mobile cpu: i3, i5 will crack a reasonable WPA key given a few minutes.

and once we get to talking current desktops - O/c'd i7 with accompanying GPGPU, even the most secure WPA networks can be compromised fairly quickly.

WPA2, AES, with a long non-dictionary password is the only way to go.

Hidden SSID, MAC address filtering, are overcome in a mere few key presses and are useless. Don't think I'm talking about a 'determined hacker' either. The above software makes it childs' play.

Someone mentioned DHCP assigned IPs being given limited local access? - Potentially clever, but how do you separate your DHCP clients from your 'fixed' clients? - MAC address, which when spoofed will allow full access. One would simply just de-authenticate the 'real' 'fixed' client(s) and authenticate him or herself as the fixed client through MAC spoofing.

As someone said, wired is the only 'safe' option. Especially if you have a large number of, not necessarily clients, but opening authentications 'Handshakes' on WPA1 which is how they are hacked. Or if you stream a lot of data over your network in WEP. (susceptible to more or less, volume data analysis.)

TSB
shanky887614 15th October 2010, 18:10 Quote
wpa is good enough considering that most people dont know how to get on it anyway

and if you want to really block everybody add mac address filtering. simple
bobwya 15th October 2010, 20:09 Quote
Gbit ethernet FTW. WiFi is for people who want brain tumours.
thehippoz 15th October 2010, 20:51 Quote
yeah wpa2, aes, good password and don't broadcast your ssid

at least that will keep you off the radar when your wifi is not being used
Waynio 15th October 2010, 21:29 Quote
First thing I did on my modem was disable wireless, it's a tech I don't understand & I'm not very well up on the network side of computers so I don't trust wireless, I feel it's a possible gigantic security flaw if your doing any online purchases, I like solid ethernet cables & always will :).
Cleggmeister 16th October 2010, 19:01 Quote
You don't necessarily need the most perfect security; yours just needs to be better than your neighbours (in my opinion)...
jimmyjj 16th October 2010, 21:22 Quote
Quote:
Originally Posted by Cleggmeister
You don't necessarily need the most perfect security; yours just needs to be better than your neighbours (in my opinion)...

Ha ,yes. I do not need to run faster than the lion, just faster than you!
Cthippo 17th October 2010, 04:50 Quote
So how would this work out for me (Not that I'm concerned about it)?

I have a wireless router so my upstairs neighbors can use my internet, but it's in AP only mode and the actual DHCP is done by my wired router. Does that make any difference?
NethLyn 19th October 2010, 02:24 Quote
Quote:
Originally Posted by Waynio
First thing I did on my modem was disable wireless, it's a tech I don't understand & I'm not very well up on the network side of computers so I don't trust wireless, I feel it's a possible gigantic security flaw if your doing any online purchases, I like solid ethernet cables & always will :).

I did the same but that was on my old router which died a week ago, am waiting on the replacement from the ISP and I hope I have the choice once again.

The stopgap I have at the moment doesn't go up to Wireless N, so it's going back to the shop for a replacement - although setting up the wireless as intended was good practice. There's a theoretical risk to all this stuff but I try to stay sensible and have only banked online with a wireless connection the once, when up against a deadline, at this time of night and cleared the browser cache and run disk cleanup straight afterwards. There was just as much risk when paying bills or banking online over a wired network at the time, you need to be vigilant on security all the time.

It's more annoying that to get anywhere near to wired performance for gaming, the bigger name wireless routers seem a lot dearer.
dark_avenger 19th October 2010, 02:57 Quote
Already been said but i'll say it again MAC address filtering and hiding the SSID does NOTHING.
There are many programs out there that will list all the MAC addresses connected to the AP and will find hidden AP's in seconds.
WPA2 and a good password 10+ letters, numbers and symbols to make brute force take more time than it's worth.
Spreadie 25th October 2010, 15:39 Quote
Hmm, interesting and potentially very valuable thread.

I had thought that WPA2 and MAC filtering offered reasonable protection from a determined attack. Little did I know.

I think I shall gather up a few of these apps and use one of my laptops to test my wireless security.
Fizzban 25th October 2010, 17:24 Quote
I'm still shocked by the sheer number of wireless networks that have no password protection at all.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums