Slashdot Mirror

← Back to Stories (view on slashdot.org)

Home WiFi Network Security Failings Exposed

Posted by CmdrTaco on from the passwords-are-for-suckers dept.

An anonymous reader writes "The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."

30 of 161 comments (clear)

  1. "Life assistance" = identity theft protection by Sockatume · · Score: 3, Informative

    If you were in any doubt as to why they were sponsoring a study which discovered something scary about the intertrons.

    --
    No kidding!!! What do you say at this point?
  2. No password WiFi != unsecured by Omnifarious · · Score: 5, Informative

    My Wi-Fi has no password, and that's a purposeful choice. While evaluating the passwords on WiFi that does have a password is a reasonable analysis, it's not reasonable to call any WiFi without a password as unsecured.

    --
    Need a Python, C++, Unix, Linux develop
    1. Re:No password WiFi != unsecured by rotide · · Score: 3, Informative

      Frankly, spoofing wireless MAC addresses are easier than cracking WEP. Hell, one of the first steps in using backtrack, etc, is to spoof your mac before associating with the AP.

    2. Re:No password WiFi != unsecured by gmack · · Score: 2, Interesting

      Do you filter outgoing mail and do you take any measures to prevent forum spamming?

    3. Re:No password WiFi != unsecured by JayJay.br · · Score: 5, Informative

      Not if the communication is not encrypted and there is any traffic at the time.

    4. Re:No password WiFi != unsecured by sjames · · Score: 2, Funny

      On the other hand, simple MAC based filtering is a perfectly effective way of making it clear that the Wifi is not intended for public use. It's not a half bad option if you don't really care much but want to let normal polite people know your intentions.

      It will also keep MOST people looking for free Wifi out.

      The ideal MAC filtering sends all un-approved devices to the MITM box to log their facebook credentials and post really awkward messages on their page.

    5. Re:No password WiFi != unsecured by Anonymous Coward · · Score: 2, Insightful

      Some of us are quite happy to provide a little bit of free access to those who need it.

      also, it helps to have a little bit of plausible deniability when ACS:Law come calling...

    6. Re:No password WiFi != unsecured by Anonymous Coward · · Score: 2, Insightful

      Even if it is encrypted, you'll see the MAC in the clear.

  3. No password may be a feature not a bug by kherr · · Score: 4, Interesting

    There is no way to know if the open wifi networks are open intentionally or not. Just ask Bruce Schneier. Saying they're "open to criminals" is biased, maybe "open to visitors" would be more appropriate. How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?

  4. Re:No password WiFi == unsecured by Anonymous Coward · · Score: 4, Insightful

    You seem to be confusing "unsecured" with "insecure". They do not mean the same thing.

    Unsecured WIFI means you have no password..

    Just because it's intentionally unsecured doesn't mean it's not unsecured.

  5. OT Question by rotide · · Score: 2, Interesting

    Honest question here. Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house? Yes, I'm in the US. I know I can use the TOR network, but frankly, I'd rather not. Is there any legal way I can share my network connection to those that need it without setting myself up for a world of hurt?

    Again, I realize this is OT, but it's an honest question.

    1. Re:OT Question by mellon · · Score: 5, Interesting

      Yes. Vote in the November election. Lobby your congresscritters to keep the common carrier defense applicable to the Internet.

    2. Re:OT Question by bsDaemon · · Score: 2, Interesting

      Leaving your wireless AP open doesn't make you a common carrier. From Title II of the Communications Act of 1934:

      (h) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this Act; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.

      Running an AP basically makes you a person engaged in radio broadcasting, and as we see, that is explicitly not covered. Likewise, if you're not carrying traffic for hire and aren't under an FCC license, then you are also not covered.

      But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.

    3. Re:OT Question by Lumpy · · Score: 2, Informative

      ipcop firewall with a red green and blue interface. run them on the blue interface and run dans guardian on it as well as limit the bandwidth and ports allowed.

      20 minutes work. and less than $60.00 if you find a Nokia IP130 firewall used.

      --
      Do not look at laser with remaining good eye.
    4. Re:OT Question by bsDaemon · · Score: 3, Interesting

      Not in the sense of a W or a K station, but its still broadcasting radio traffic. It still doesn't make you a common carrier due to other restrictions. Most things people think are common carriers aren't and never were. Likewise, "safe harbor" means that if the carrier meets the requirements for compliance with CALEA, that they can't be held liable for not being able to do anymore.

      Either way, the end case is the same. Neither of these constructs have anything AT ALL to do with whether or not you're going to get boned if someone jumps on your AP and starts committing crimes.

    5. Re:OT Question by IndustrialComplex · · Score: 2, Insightful

      Thanks for responding in a civil manner even though I was a bit snarky.

      When you get down to it, any 'radio' is broadcasting if you define the area of measurement narrowly enough.

      --
      Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
  6. Re:Default password security by indros · · Score: 2, Informative

    Unfortunately that only changes the login for your router admin page. That has nothing to do with WEP/WPA/WPA2.

  7. Umm, no. by schon · · Score: 4, Insightful

    My Wi-Fi has no password, and that's a purposeful choice.

    Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.

    Supposed you have a bicycle. You chain it to a lamppost. It is now secured.
    Supposed you take the same bicycle and decide purposely to not chain it to anything. Just because you decided not to chain it doesn't make it magically secured. It's still unsecured, you just made the decision not to secure it.

    1. Re:Umm, no. by sjames · · Score: 2, Insightful

      However, in the latter case, you can no longer be said to have failed somehow.

    2. Re:Umm, no. by Abcd1234 · · Score: 2, Insightful

      Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.

      Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.

  8. Lets face it... by Darkness404 · · Score: 4, Interesting

    Lets face it, yeah, wi-fi routers can be hacked, yeah, a lot of people don't have secure wi-fi, but in all honesty does it matter to most people? Credit card information already should be encrypted with HTTPS so that wouldn't be sniffed, most sites let you use security to log in, etc.

    --
    Taxation is legalized theft, no more, no less.
  9. 5 seconds? by cfc-12 · · Score: 5, Funny

    He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."

    I'm impressed. I can't connect to my own wireless network in less than 5 seconds.

  10. Not Shocking by timeOday · · Score: 5, Insightful
    I hate the alarming tone of these passe "war driving" articles. A car or home can be broken into in 5 seconds by breaking a window. Most mailboxes where I live (including mine) are just boxes with a little non-locking door on the front that anybody can open.

    And yet, the world keeps on turning.

    Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.

    1. Re:Not Shocking by Nidi62 · · Score: 3, Insightful

      Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.

      But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  11. Rubbish. by Curmudgeonlyoldbloke · · Score: 3, Informative

    "* We found that nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals."

    So that's not just home networks then, that includes businesses deliberatly running open wifi as a service to visitors, and all sorts of commercial access points that are "open" in that they get you to a login provider for the service, which you then have to log in to? How many these "private wireless networks" are adhoc wireless on one PC connected to nothing in particular?

    The first link is just an advert selling snake-oil, the second contains no information to speak of. No link to any "report" at all.

  12. So cute... by twebb72 · · Score: 2, Insightful

    Its so cute how kids today think 'hacking' is obtaining access to an unprotected WAP.

  13. If it only takes 5 seconds to 'break in' by jenningsthecat · · Score: 2, Insightful

    ... then it's not called 'hacking', it's called 'connecting to an open access point'. Next thing you know, sticking a DVD in your computer's drive and installing software will be called 'hacking'. Have we fallen so far?

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
  14. Re:Slow take up of WPA by VJ42 · · Score: 2, Interesting

    Why is it so hard for industry (default configurations) to move from open or WEP to WPA? Sure, WPA isn't perfect, but it does represent a significant increase in difficulty for hackers.

    I use WEP+MAC filtering because I have a really old WiFi card that doesn't handle WPA and no reason to replace it.And to be blunt, that's just fine; it deters the neighbors enough to stop them using my 'net connection. It won't stop a determined hacker, but exactly when is that going to be a problem?

    --
    If I have nothing to hide, you have no reason to search me
  15. Re:Default password security by master0ne · · Score: 2, Informative

    This points out a major issue, many non technical users often do not know the difference between security of the router and security of the wifi signal itself. Many people just change the router's password and think they are "safe".

    --
    Noone writes jokes in base 13!
  16. Re:Mine doesn't by MillionthMonkey · · Score: 2, Funny

    I was passing the time on the bus the other day with a smartphone watching people's networks fade in and out of range. Most are called "2WIRE_565" or something dull like that, but the bus passes by some dickhead who calls his network "MineAndNotYours" and other people broadcasting "CowboysFan" etc. Someone on my street is broadcasting an SSID of "hornygirl", so I have to bring my smartphone trick-or-treating this Halloween.