Ethical hacker Jason Hart travelled within the main arterial routes of each city within a four-mile radius, using basic 'wardriving' equipment. The aim was to identify networks that emanated wireless signals excessively into a public place, but he did not connect to any of these networks or crack any associated passwords.
According to the findings, nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals. This is despite majority (82 per cent) of Brits mistakenly thinking their network is secure. And even password-protected networks are not secure. A typical password can be breached by hackers in a matter of seconds.
Hacking into a private network not only allows unscrupulous individuals to 'cloak' criminal activities such as purchasing illegal pornography or selling on stolen goods. It also allows them to view the private transactions made by individuals over the network, accessing passwords and usernames which can then be used to impersonate the victim and commit identity fraud and other illegal activity. Worryingly, only one in 20 people knows for certain that their network has been used without their permission, indicating that the vast majority remain ignorant of the risk.
The study also reveals the dangers of accessing the internet over publicly available networks. In order to review the potential issues around public hotspots, Jason used a portable wireless network router to attract users to connect with their wireless devices to see whether they would trust existing wireless connections and understand what potential information they were exposing.
While nearly one in five wireless users (16 per cent) say they regularly use public networks, hackers were able to 'harvest' usernames and passwords from unsuspecting people at a rate of more than 350 an hour, sitting in town-centre coffee shops and restaurants. In addition, the experiment showed that more than 200 people unsuspectingly logged onto a fake wi-fi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.
The study was commissioned by life assistance company CPP, who offer the following tips on using wireless networks safely:
- Use encryption on your wireless access points (WAP) - Make sure you have Wi-Fi Protected Access 2 (WPA2) - the latest security standard introduced by global, non-profit industry association, the Wi-Fi Alliance
- By implementing a Virtual Private Network (VPN) you can create a secure wireless network. This is achieved by encrypting all of the data that passes over the 'insecure' network so that it cannot be accessed by an eavesdropper
- Install a firewall on any network you use
- All wireless routers should have obscure IDs. Rather than put in any real information that can make it clear who owns the connection or that can reveal your location or business name, use something common like "wireless" or "router 1" that doesn't give away anything critical
- Try to position access points, which transfer data between your devices, away from the outside wall of your building to minimize leakage of radio signals. This limits the chances of interception from outside
- If you run a business, don't allow employees to add access points without your authorization
- Be aware of what information you are accessing online, specifically when using public hotspots. Remember that any information you submit, including usernames and passwords, can be read by others
- Make sure you check your bank statements regularly to monitor for suspicious transactions
- Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.