Slashdot Mirror

← Back to Stories (view on slashdot.org)

Home WiFi Network Security Failings Exposed

Posted by CmdrTaco on from the passwords-are-for-suckers dept.

An anonymous reader writes "The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."

9 of 161 comments (clear)

  1. No password may be a feature not a bug by kherr · · Score: 4, Interesting

    There is no way to know if the open wifi networks are open intentionally or not. Just ask Bruce Schneier. Saying they're "open to criminals" is biased, maybe "open to visitors" would be more appropriate. How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?

  2. OT Question by rotide · · Score: 2, Interesting

    Honest question here. Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house? Yes, I'm in the US. I know I can use the TOR network, but frankly, I'd rather not. Is there any legal way I can share my network connection to those that need it without setting myself up for a world of hurt?

    Again, I realize this is OT, but it's an honest question.

    1. Re:OT Question by mellon · · Score: 5, Interesting

      Yes. Vote in the November election. Lobby your congresscritters to keep the common carrier defense applicable to the Internet.

    2. Re:OT Question by bsDaemon · · Score: 2, Interesting

      Leaving your wireless AP open doesn't make you a common carrier. From Title II of the Communications Act of 1934:

      (h) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this Act; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.

      Running an AP basically makes you a person engaged in radio broadcasting, and as we see, that is explicitly not covered. Likewise, if you're not carrying traffic for hire and aren't under an FCC license, then you are also not covered.

      But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.

    3. Re:OT Question by bsDaemon · · Score: 3, Interesting

      Not in the sense of a W or a K station, but its still broadcasting radio traffic. It still doesn't make you a common carrier due to other restrictions. Most things people think are common carriers aren't and never were. Likewise, "safe harbor" means that if the carrier meets the requirements for compliance with CALEA, that they can't be held liable for not being able to do anymore.

      Either way, the end case is the same. Neither of these constructs have anything AT ALL to do with whether or not you're going to get boned if someone jumps on your AP and starts committing crimes.

  3. Lets face it... by Darkness404 · · Score: 4, Interesting

    Lets face it, yeah, wi-fi routers can be hacked, yeah, a lot of people don't have secure wi-fi, but in all honesty does it matter to most people? Credit card information already should be encrypted with HTTPS so that wouldn't be sniffed, most sites let you use security to log in, etc.

    --
    Taxation is legalized theft, no more, no less.
  4. Re:No password WiFi != unsecured by gmack · · Score: 2, Interesting

    Do you filter outgoing mail and do you take any measures to prevent forum spamming?

  5. Re:Slow take up of WPA by VJ42 · · Score: 2, Interesting

    Why is it so hard for industry (default configurations) to move from open or WEP to WPA? Sure, WPA isn't perfect, but it does represent a significant increase in difficulty for hackers.

    I use WEP+MAC filtering because I have a really old WiFi card that doesn't handle WPA and no reason to replace it.And to be blunt, that's just fine; it deters the neighbors enough to stop them using my 'net connection. It won't stop a determined hacker, but exactly when is that going to be a problem?

    --
    If I have nothing to hide, you have no reason to search me
  6. Re:No password WiFi != unsecured by Albanach · · Score: 1, Interesting

    Spoofing is misdescribing things a bit. It's not like spoofing an IP address where you present an address diffferent to that you're actually using and which can cause issues with a lack of return traffic (data being sent to the spoofed IP).

    Usually your MAC address can be user set using ifconfig - something like

    ifconfig eth0 hw ether 00:01:02:03:04:05

    That then becomes your MAC address. It's not being spoofed, it's the address your card has and will present when connected to a network.