A quarter of WiFi networks unsecured, finds survey
Users connect to anything they can
By John E Dunn | Techworld | Published: 13:03, 14 October 2010
Years after WiFi security was supposed to have gone ‘critical’, a quarter of access points in the UK remain open and unsecured, a new ‘wardriving’ survey has discovered.
Worse, large numbers of people will happily log on to an open ‘rogue’ access point in city centres, no questions asked, opening themselves to the risk of serious data theft.
This first disturbing aspect of the ethical hacking survey on behalf of financial firm CPP was its size, taking in nearly 40,000 access points in London, Edinburgh, Birmingham, Cardiff, Manchester and Bristol. The claim that WiFi security is a problem is no mere statistical spin.
Related Articles on Techworld
In London, 4,746 out of 14,908 surveyed were open, in Birmingham it was 910 out of 3,753, and in Manchester, 870 out of 2,894. Assuming the access points weren’t left open for a reason, such as public use, encryption still has some way to go in the UK.
The naive behaviour of WiFi users in public spaces is probably the biggest worry, with many willing to connect to a test access point set up in an open state. In London, the test found 155 ‘victims’, in Birmingham 103, and in Manchester 72, with the overall rate equivalent overall to around 350 per hour.
If the access point had been a genuine rogue, any users who decided to use their credit card online while connected to it would have been risking a nasty shock when the statement arrived.
“When people think of hackers they tend to think of highly organised criminal gangs using sophisticated techniques to crack networks. However, as this experiment demonstrates, all a hacker requires is a laptop computer and widely available software,” said CryptoCard’s Jason Hart, the white hat hacker who conducted the wardriving.
Part of the problem with users and open networks could be down to smartphone users who mistakenly assume WiFi security to be a laptop problem.
Hart recommends that business employees who need to use open access points in public places do so via VPN. This supplies an encrypted tunnel to compensate for the access point’s lack of the same. At least one public WiFi operator offers just such a technology as part of its service.
There are plenty of WiFi tools for securing computer connections in public places. Consumers might not realise that they are spoilt for choice.
Comments
Ed Gould said: I believe the numbers in this article are dramatically understated Example Chicago street called Western AveIn a course of 5 miles on Western Avenue there showed up 93 WIFI networks of those fully 85 were unprotected public Granted I do not know if this is true for the rest of the country but it seems to come up with high numbers here in Chicago