New BBC investigation reveals insecurity of publicly available WiFi

News by Dan Raywood

A BBC investigation has revealed that the UK's top three WiFi providers are all susceptible to attack by hackers.

A BBC investigation has revealed that the UK's top three WiFi providers are all susceptible to attack by hackers.

The report by Watchdog revealed that BT Openzone, The Cloud and T-Mobile are all susceptible to attack by hackers - leaving tens of thousands of users at risk of fraud.

Using equipment readily available on the internet to hijack wireless traffic at a variety of hotspots, the Watchdog team were able to access the email accounts of two members of the Watchdog audience viewing everything the users were doing online, including their email and social networking activities.

Colin Woodland, EMEA director of field operations with IronKey, said: “Entertaining though the Watchdog programme was, I think they got it wrong when they said that securing a laptop WiFi session was technically tricky. Laptop security technology is no longer the domain of the techies as the technology is now easy to install and use for most laptop users.”

The Watchdog report claimed that one way of protecting WiFi connections at public hotspots is to use a virtual private network (VPN) and while BT Openzone, The Cloud and T-Mobile all suggest using VPNs, only T-Mobile offers them as a software download when users log on.

Following Watchdog's investigation, the three big hotspot providers told the programme that they would do more to encourage the use of VPNs to protect WiFi users.

However Woodland claimed that the use of a VPN is one solution to the problem of WiFi session eavesdropping and interception, but many solutions are a lot simpler than that.

“Laptop WiFi users simply need to use technologies such as a secured and trusted web browser, hardware-based session encryption, virtual keyboards and two-factor authentication or similar authentication technologies to ensure you - and only you - can log into a web-based email session, with no chance of being intercepted,” said Woodland.

All of the three providers offered statements on the findings which are published on the BBC website.

BT Openzone said that it offers encryption at login, and to help customers receive a safe, reliable and robust WiFi service it advises using up-to-date firewall and anti-virus software to guard against most attacks.

It also said: “We have always strongly recommended a secure remote access virtual private network (VPN) to protect against data interception. The industry as a whole has a responsibility to give users the option to choose to keep their sessions secure.

“We constantly review our approach to security and there will now be a direct link to security guidance from the BT Openzone landing page. We are also reviewing our proactive approach to providing secure and user friendly authentication."

The Cloud said that it takes ‘security very seriously and adhere to all of the current industry standards and protocols to run our networks'.

It claimed that: “Wireless communication in a public place however is intrinsically subject to threats and malicious security attacks. The use of private keys, such as WEP (Wired Equivalent Privacy) and more recently, the not entirely secure WPA (WiFi Protected Access) protocols, are not suitable for public hotspots particularly when using mobile and hand-held devices, as the users would have to obtain security credentials before being able to access the network. This would make accessing the internet beyond the skill levels of ordinary consumers.

“The Cloud has put in place a number of features which allows safer internet access. These are within the limitation of using unencrypted channels for wireless transmission between the user's computer and the Wireless Access Point.”

Finally T-Mobile said: “While most of the time customers don't experience problems, T-Mobile takes steps to offer protection to users of WiFi hotspots. On the landing page of the hotspot service, advice is prominently displayed alerting customers they should use free software provided by T-Mobile.

“This VPN software encrypts the radio link between the laptop and the hotspot, providing a level of security typically enjoyed by business users.

“While T-Mobile takes all reasonable steps to ensure the security of its infrastructure, security is also dependent on users taking care to protect their information. Basic best practice includes checking the privacy and security settings of their computers and that virus protection is in place.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews