Home WiFi found to be generally unsecure, as white hat experiment finds 82 per cent of networks have no password
Almost half of home WiFi networks in the UK can be hacked in less than five seconds.
As part of a white hat experiment conducted by CPP, almost 40,000 networks were found to be at risk of potentially exposing the personal information of thousands of users. According to the research, nearly a quarter of private wireless networks have no password whatsoever attached. This is despite a majority (82 per cent) of Brits mistakenly thinking their network is secure.
Also, nearly one in five wireless users (16 per cent) said that they regularly use public networks. The experiment showed that more than 200 people unsuspectingly logged onto a fake WiFi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.
Michael Lynch, identity fraud expert at CPP, said: “This report is a real eye-opener in highlighting how many of us have a cavalier attitude to WiFi use, despite the very real dangers posed by unauthorised use. We urge all WiFi users to remember that any information they volunteer through public networks can easily be visible to hackers. It's vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.”
In order to carry out the research, Jason Hart, an ethical hacker, roamed Britain's cities using specially developed, freely available software identifying insecure networks.
Hart, now senior vice president of Europe at CryptoCard, said: “When people think of hackers they tend to think of highly organised criminal gangs using sophisticated techniques to crack networks. However, as this experiment demonstrates, all a hacker requires is a laptop computer and widely available software to target their victims.
“With the growth in the number of smartphones and wireless networks, it has become far easier for hackers to crack usernames and passwords, allowing them access to emails, social networks and online banking sites and even to assume the online identity of their victim. It's vital that both businesses and individuals think very carefully about network security and what information they provide when going online.”
Hart travelled within the main arterial routes of each city within a four-mile radius, using basic ‘Wardriving' equipment. The aim was to identify networks that emanated wireless signals excessively into a public place. All information received beyond the type of network and level of security was deleted, while he did not connect to any of the networks or crack any associated passwords.
Robert Chapman, CEO of Firebrand Training, said: “Even though Firebrand has trained hundreds of ethical hackers over the past decade, it appears this problem is still not being taken seriously by enough companies and individuals. One day - probably soon - there is going to be a security breach that does irreversible damage. Will it be only then that people wake up to this threat?”