Study Finds Wireless Networks are Wide Open to Hackers

by Jan Legnitto

Do you think most wireless networks are safe from hackers? If you do, the results of a recent ethical hacking experiment might change your mind. At home and at hotspots, it found that WiFi use can be risky business.

Nearly 40,000 wireless networks run a high risk of being penetrated by hackers, according to the new study commissioned by the British life assistance company CPP.

The company hired ethical hacker and Senior Vice President of Cryptocard Jason Hart to travel around six British cities. Hart used basic wardriving equipment – a laptop and widely available software – to identify unsecured private wireless networks. What he found was shocking. Almost a quarter of the WiFi networks had no passwords at all, making them immediately accessible to hackers.

Even password protected wireless networks with the old WEP encryption standard are not secure. They can be hacked in a matter of minutes. Despite that, 82% of Brits believe their WiFi networks are protected.
If penetrated, the wireless networks could be used for everything from buying pornography to selling stolen goods and accessing victims’ personal information to commit identity theft and credit fraud.

We wondered whether home wireless network security is any better on this side of the ocean. The answer wasn’t reassuring. “CPP’s road survey findings are consistent with what I’ve seen while performing informal scans across the U.S. over the years,” says Lisa Phifer, president of Core Competence, a network security consulting company. “Although the percentage of wireless networks using security has grown, the WiGLE.net wireless network database indicates that one third of them still don’t use encryption.” Phifer says one in ten operate with default settings, which makes hacking easy.

The CPP study also revealed the dangers of using public WiFi networks to go online. Ethical hackers were able to “harvest” user names and passwords from unsuspecting WiFi users at coffee shops and restaurants at the rate of 350 an hour.

The experiment found that 200 people unknowingly logged on to fake WiFi networks within an hour, risking the exposure of their personal financial information to hackers.

Phifer has found similar wireless security issues in the U.S. “When I’ve tested mobile WiFi access points in public places like cafes and conference centers, I often see users immediately trying to connect to my wireless network,” she says. According to Phifer, that’s because WiFi enabled devices are far too friendly to strangers. “Many users have no idea what their laptops and smartphones are trying to connect to without any prompting or permission,” she says.

How to Protect Yourself at Home and at Hotspots

Use WPA instead of no encryption or WEP encryption. The old WEP (Wired Equivalency Privacy) encryption has weaknesses that make it an easy target for hackers. WPA (Wi-Fi Protected Access), or even better, WPA2 has stronger encryption.
Change the default wireless network name and administrative password. Network devices generally come with default names and passwords which are easy for hackers to find online.
Make sure your firewall is turned on and your antivirus software is up to date. It can reduce the damage hackers can inflict if they try to access your network.
Only allow authorized users to access your network. Restrict access by filtering MAC (Media Access Control) addresses. This will discourage accidental connections from neighbors, but not serious attacks by sophisticated hackers.
Turn off wireless connectivity when you’re not using it.
Disable printer and file sharing options when you’re at a hotspot.
Avoid logging into public hotspots that don't have secure login pages, (indicated by the padlock in your browser and "https" in the URL).
Use a VPN (virtual private network) like Private WiFi to insure that your information is transmitted through an invisible secure tunnel.

Jan Legnitto is an investigative journalist and documentary producer who writes about criminal justice and intelligence issues. Jan is also a frequent contributor to the Private-i blogs.