Test of London's WiFi networks shows lack of security

News by SC Staff

A quarter of London's WiFi hotspots have been found to have poor, or no security.

A quarter of London's WiFi hotspots have been found to have poor, or no security.

Research by Sophos into nearly 107,000 wireless hotspots in the capital found that eight per cent of the hotspots used no encryption and appeared to be both home and business networks, while 19 per cent of the hotspots used ‘WEP' encryption, while the other 81 per cent used WPA or WPA2 encryption.

Sophos' director of technology strategy, James Lyne conducted the experiment by equipping a bike with dynamos and solar panels to power a computer designed to scan for wireless networks, a technique known as ‘wardriving' or in this case ‘warbiking'. In addition, a GPS-enabled device allowed the creation of a ‘heat' map, depicting levels of security of wireless networks around central London.

Of the overall number of networks, nine per cent were using default network names with no random element, such as 'default' or the vendor name, therefore allowing password hacking to be even faster. This figure increased to 21 per cent if networks used the default name but had some random element per device.

Lyne said: “Pretty much every wireless device can be configured to use secure wireless networking out of the box, so poorly configured devices show a lack of awareness rather than a lack of capability to be secure.

“It's easy to take simple steps to protect your wireless network, making it a far less attractive target for anyone trying to snoop on your internet activities or steal personal information. If an attacker gains access to a wireless network they can cause a lot of damage, such as intercepting usernames/passwords, taking control of computers on the network, changing browsing to websites (for example to deliver malware or capture credentials) or using the network to perform any manner of anonymous or illegal activities.”

In the experiment, Sophos only collected high-level data within the confines of the law and it has not way of testing the strength of the passwords used, as no attempt was made to access any of them.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews