WiFi in homes demonstrated to be generally unsecure as files are downloaded

News by Dan Raywood

The amount of people who do not protect their home WiFi has been demonstrated by service provider TalkTalk.

The amount of people who do not protect their home WiFi has been demonstrated by service provider TalkTalk.

With residents' permission, TalkTalk security expert Matt Roxburgh visited a residential street, The Highway in Stanmore, Middlesex, and within a couple of hours he had identified 23 wireless connections which were unsecured.

From these he downloaded music files from two connections, including Barry Manilow's hit Mandy and the soundtrack to the 1992 film Peter's Friends.

Andrew Heaney, executive director of strategy and regulation at the TalkTalk Group, said: “Of the 68 WiFi connections on the road only one used the strongest available security (WPA2). The majority (65 per cent) used WPA security, which may become hackable in the future. Indeed, a vulnerability has already been discovered.

“Scarily, The Highway is actually comparatively well protected. Our expert conducted a WiFi survey of central Ealing in West London on 11th October and found that 41 per cent of 1,083 WiFi networks were vulnerable to unauthorised use.”

TalkTalk also claimed that Lord Mandelson's proposals to cut off file sharers will leave millions at risk of ‘superhighway robbery', as the ability to download music files shows how vulnerable people are to unauthorised file sharing.

Heaney said: “Connecting to a WiFi network is just one way that illegal file sharers can use other people's internet connections, leaving innocent people vulnerable to disconnection. PC hijacking is another.

“The clear implication is that millions of people would be at risk of ‘superhighway robbery' under Mandelson's plans. The risk of innocent people being disconnected is not hypothetical. Consumer organisations such as Which? have been contacted by hundreds of people who have been wrongly accused of file sharing using a similar method to the one Mandelson is suggesting.

“This is why we think the Mandelson scheme is wrong-headed and naïve. The lack of presumption of innocence and the absence of judicial process combined with the prevalence of WiFi hijacking will result in innocent people being disconnected.”

Heaney also claimed that the plan will not work in practice, as it will encourage offenders to use WiFi and PC hijacking more frequently and so increase the chances of innocent users being falsely accused and disconnected.

“TalkTalk acknowledges that there is a problem with illegal file sharing and that solutions must be found. First and foremost the content industry must develop new business models to make content more easily available and more affordable,” said Heaney.

Leslie Forbes, technical services manager for UK and Ireland at F-Secure, claimed that the best advice for users with WEP-only devices is to get an extra router and have WEP and WPA WiFi access points.

Forbes said: “It is not so much about users not being aware, but they have this technology – lots of it deployed two or more years ago when WiFi started to take off. Default settings then were WEP, and some devices only offered WEP. Some manufacturers have since released Firmware updates which might add WPA, and in some cases it was already available, but negotiating most router interfaces is beyond the average user without guidance.

“Users will be contacting their ISP asking for advice (when they hear about the dangers) and either the ISP will send them a new router, or just advise that the user purchase their own new router.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews