Forgot your password?
typodupeerror
Security The Internet United Kingdom Wireless Networking News

Home WiFi Network Security Failings Exposed 161

Posted by CmdrTaco
from the passwords-are-for-suckers dept.
An anonymous reader writes "The shocking state of home wireless (Wi-Fi) network security in the UK has been revealed by a life assistance company study. CPP used an 'ethical hacker,' Jason Hart, to test thousands of Wi-Fi networks across six UK cities, including London. He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."
This discussion has been archived. No new comments can be posted.

Home WiFi Network Security Failings Exposed

Comments Filter:
  • by Sockatume (732728) on Thursday October 14, 2010 @11:19AM (#33895782)

    If you were in any doubt as to why they were sponsoring a study which discovered something scary about the intertrons.

  • by Omnifarious (11933) * <eric-slash@omnif ... s.org minus city> on Thursday October 14, 2010 @11:20AM (#33895808) Homepage Journal

    My Wi-Fi has no password, and that's a purposeful choice. While evaluating the passwords on WiFi that does have a password is a reasonable analysis, it's not reasonable to call any WiFi without a password as unsecured.

    • by Sockatume (732728)

      MAC filtering, right? A surprising number of generic routers from telecom companies do some MAC-based authentication, I've found. I was surprised to discover that my aunt's Orange router made you switch it into a pairing mode by holding a button on the side before it'd let an unfamiliar device actually use the network. So even though this amazing hacker could get through the WEP password in 5 seconds, he wasn't going anywhere.

      • by rotide (1015173) on Thursday October 14, 2010 @11:31AM (#33895990)
        Frankly, spoofing wireless MAC addresses are easier than cracking WEP. Hell, one of the first steps in using backtrack, etc, is to spoof your mac before associating with the AP.
        • Re: (Score:3, Funny)

          by sjames (1099)

          On the other hand, simple MAC based filtering is a perfectly effective way of making it clear that the Wifi is not intended for public use. It's not a half bad option if you don't really care much but want to let normal polite people know your intentions.

          It will also keep MOST people looking for free Wifi out.

          The ideal MAC filtering sends all un-approved devices to the MITM box to log their facebook credentials and post really awkward messages on their page.

          • I'm sure most people here have already seen this, but just because it's relevant, I'll post itt again: http://www.ex-parrot.com/pete/upside-down-ternet.html [ex-parrot.com]
        • Re: (Score:2, Interesting)

          by Albanach (527650)

          Spoofing is misdescribing things a bit. It's not like spoofing an IP address where you present an address diffferent to that you're actually using and which can cause issues with a lack of return traffic (data being sent to the spoofed IP).

          Usually your MAC address can be user set using ifconfig - something like

          ifconfig eth0 hw ether 00:01:02:03:04:05

          That then becomes your MAC address. It's not being spoofed, it's the address your card has and will present when connected to a network.

          • by Elshar (232380)

            No. Technically it is spoofing. Every network adapter has a unique address assigned to it, typically stored in some firmware within the NIC itself. The whole purpose is to make that particular interface globally identifiable.

            Now, if you change your NIC's MAC to someone ELSE'S MAC, you are spoofing their MAC. IE, you are pretending that your NIC is in fact someone else's, even though it's not. For the sole purpose of attempting to gain access while masquerading as the other device.

            That's pretty much the de

            • by Albanach (527650)

              I'm not sure if you didn't read or didn't understand my post.

              What I did was point out the fundamental difference between spoofing a MAC address and an IP address.

              Once you change the MAC address, it becomes the address of the card. Sure you could use that to spoof the identity of another device on the network, but that's a consequence of your intent, not of changing the MAC address.

              When spoofing an IP address, that act itself fits your definition of spoofing.

              You may wish to use one term for two very differen

      • I do MAC filtering, yes, but I also do all of my communications over the wireless with an SSH tunnel. I'm only relying on the MAC filtering for a very limited and spoofable form of access control.

        No, it's open because I want it open. One of these days I'll get some traffic prioritization set up and merely categorize by MAC address. Anybody can use my wireless connection, but I get first dibs on all the bandwidth to the outside world.

    • by Anonymous Coward on Thursday October 14, 2010 @11:27AM (#33895938)

      You seem to be confusing "unsecured" with "insecure". They do not mean the same thing.

      Unsecured WIFI means you have no password..

      Just because it's intentionally unsecured doesn't mean it's not unsecured.

      • by Klync (152475)

        Yes, but if we're going to parse the words that closely, I'll jump in on the side of the OP. Perhaps it's true to say, strictly speaking, that the WAP itself is "unsecured". But if the WAP is unsecured by design (i.e. the design of the *network*), than I'd say it's inaccurate to say that "the network is unsecured".

        I leave my AP open to the public on purpose. I have no less fear of an attack on one of the machines hosted on that network through the wireless interface on the router than I do through the WAN i

        • You are confusing the network with the machines on the network. A unsecured network simply means you are able to send and receive packets on the network that other devices (if any) on the network can (if they chose to) accept, and/or respond to.

          If the WAP in unsecured by design, the network is unsecured (assuming normal things like the WAP actually routes packets to and from the wired network OR to and from other wireless devices OR both).

    • by MoonBuggy (611105)

      Exactly. Some of us are quite happy to provide a little bit of free access to those who need it. All the machines on my network are secured, the network itself is deliberately open.

      • Re: (Score:3, Interesting)

        by gmack (197796)

        Do you filter outgoing mail and do you take any measures to prevent forum spamming?

        • by Kludge (13653)

          Do you really think someone is going to sit outside his home with a laptop for an extended period of time just to post crap on some forums? Why would a spammer do that if he can just use the botnet from the comfort of his home?
          You are paranoid.
          I leave my wireless open. No, people who connect cannot access the rest of the machines on my network except through ssh. All my friends and visitors find it convenient, and probably some strangers too, just as I find other peoples' open networks convenient.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Some of us are quite happy to provide a little bit of free access to those who need it.

        also, it helps to have a little bit of plausible deniability when ACS:Law come calling...

      • by MikeURL (890801)
        I'm sorry but that is just foolish. For starters anything that is done on your network is going to be tracked right back to you. If someone leeches your internet to grab child porn or to communicate with terrorists then you are on the hook.

        But beyond just that there are always 0-day hacks out there and letting someone freely roam your LAN is like begging to be compromised. This is particularly true if you leave the network unsecured long-term and it becomes a "known" open AP.
        • So are hotels and libraries and coffee shops "on the hook" for terrorism and child pr0n too?
          • by tepples (727027)
            Ideally, hotels, libraries, and coffee shops should offer Wi-Fi credentials (the WPA key and a one-time-use activation code on the captive portal) only to customers who have paid or otherwise identified themselves.
        • by mcgrew (92797) *

          If someone leeches your internet to grab child porn or to communicate with terrorists then

          When they confiscate and examine your computer they will find no evidence of child porn or terrorist emails. Plus, there's relatively damned little of that going on; your risk is zilch.

          But beyond just that there are always 0-day hacks out there and letting someone freely roam your LAN is like begging to be compromised.

          There's damned little of that as well. Your fear is unwarranted; you're more likely to lose your data

      • by avm (660)

        Or some of us have enough space between neighbors that it's not particularly critical. My nearest neighbor is separated from my wifi network by 10 acres of aspen and pine trees.

    • Umm, no. (Score:5, Insightful)

      by schon (31600) on Thursday October 14, 2010 @11:33AM (#33896048)

      My Wi-Fi has no password, and that's a purposeful choice.

      Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.

      Supposed you have a bicycle. You chain it to a lamppost. It is now secured.
      Supposed you take the same bicycle and decide purposely to not chain it to anything. Just because you decided not to chain it doesn't make it magically secured. It's still unsecured, you just made the decision not to secure it.

      • Re: (Score:3, Insightful)

        by sjames (1099)

        However, in the latter case, you can no longer be said to have failed somehow.

      • But there are other ways to secure a bicycle like... ok, the metaphor is breaking down so I'm going back to reality. MAC filtering, guest SSIDs, or firewalls are all valid ways to secure your network while not encrypting the signal.

      • You don't need to password protect your wifi to secure your network. If you have it properly firewalled after the AP there's no need to secure the connection at all. Since Wifi security is pretty much worthless anyway, why bother? If someone connects to my AP they will get a big fat nothing. No internet connection, no access to the internal lan, nothing.
      • Re: (Score:3, Insightful)

        by Abcd1234 (188840)

        Which doesn't mean it's not unsecured. It just means that it's unsecured on purpose.

        Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.

        • Not quite. I have two WAPs, one with WPA2-PSK connected to my internal LAN with a ridiculously long key, another open and isolated in a DMZ with very limited access to my LAN. As such, while the WAP isn't locked down, I'd argue it is secured.

          Which is just how all WAP's should come out of the box:

          MyNetwork SSID w/ WPA2 for LAN connectivity - include a couple keychain tags with the default 'AOL-style' password on it
          GuestAccess SSID w/ no 'wire' encryption or local access controls

    • If I wanted to leave my wi-fi open and unsecured, what steps should I take to protect my computer? I have a mac, OS 10.6.

      Thanks

      • Well, my wifi is sitting on one zone of a multizone firewall I have set up using a Linux box. I also run web servers, mail servers, and some other stuff, so I've made an attempt to harden my network a bit against people trying to break in.

        I treat the wifi zone the same way as I treat the external Internet zone, except they get to talk to my DHCP server and use my caching relay DNS server and the rest of the world doesn't.

  • by kherr (602366) <kevin AT puppethead DOT com> on Thursday October 14, 2010 @11:23AM (#33895856) Homepage

    There is no way to know if the open wifi networks are open intentionally or not. Just ask Bruce Schneier [schneier.com]. Saying they're "open to criminals" is biased, maybe "open to visitors" would be more appropriate. How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?

    • by houghi (78078)

      In the real life, the people will have no idea that the wireless from they got from their ISP is insecure. That is why they payed money for it in the first place, because they have no idea how to do it themselves.

      And sure, the coffee place might have the modem to standard login and password, so I would take another coffee while I played with their system, but in reality I know better and you know as well.

    • by hedwards (940851)
      If you want it to be open for visitors and whoever else wants in, there's solutions for that. Open mesh [open-mesh.com] includes the possibility, although at this point, they don't seem to allow a proper way of securing it other than just putting in a long passphrase of gibberish and not telling people what it is.
    • by tepples (727027)

      How come coffee shops and other businesses with open wifi aren't called out for letting criminals access the network?

      As I understand it, solely because there hasn't yet been a widely publicized child porn conviction involving coffee shop Wi-Fi.

    • by petes_PoV (912422)
      Maybe commercial premises don't require password access. However that doesn' t make them secure. Only a fool would use one of those locations without securing an HTTPS connection to (say) their bank. Because, guess what? Yes - the wifi is insecure.
    • by shentino (1139071)

      All that matters is that the RIAA is going to come after YOU if someone ELSE uses YOUR network.

  • OT Question (Score:3, Interesting)

    by rotide (1015173) on Thursday October 14, 2010 @11:29AM (#33895958)

    Honest question here. Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house? Yes, I'm in the US. I know I can use the TOR network, but frankly, I'd rather not. Is there any legal way I can share my network connection to those that need it without setting myself up for a world of hurt?

    Again, I realize this is OT, but it's an honest question.

    • Re:OT Question (Score:5, Interesting)

      by mellon (7048) on Thursday October 14, 2010 @11:36AM (#33896130) Homepage

      Yes. Vote in the November election. Lobby your congresscritters to keep the common carrier defense applicable to the Internet.

      • Re: (Score:3, Interesting)

        by bsDaemon (87307)

        Leaving your wireless AP open doesn't make you a common carrier. From Title II of the Communications Act of 1934:

        (h) "Common carrier" or "carrier" means any person engaged as a common carrier for hire, in interstate or foreign communication by wire or radio or in interstate or foreign radio transmission of energy, except where reference is made to common carriers not subject to this Act; but a person engaged in radio broadcasting shall not, insofar as such person is so engaged, be deemed a common carrier.

        Running an AP basically makes you a person engaged in radio broadcasting, and as we see, that is explicitly not covered. Likewise, if you're not carrying traffic for hire and aren't under an FCC license, then you are also not covered.

        But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.

        • But then again, this is Slashdot, where people keep repeating things they heard whether they actually know what they're talking about or not.

          Your right, you don't know what you are talking about. An AP is NOT radio broadcasting in the scope of the regulation you posted.

          • Re:OT Question (Score:4, Interesting)

            by bsDaemon (87307) on Thursday October 14, 2010 @01:11PM (#33897916)

            Not in the sense of a W or a K station, but its still broadcasting radio traffic. It still doesn't make you a common carrier due to other restrictions. Most things people think are common carriers aren't and never were. Likewise, "safe harbor" means that if the carrier meets the requirements for compliance with CALEA, that they can't be held liable for not being able to do anymore.

            Either way, the end case is the same. Neither of these constructs have anything AT ALL to do with whether or not you're going to get boned if someone jumps on your AP and starts committing crimes.

            • Re: (Score:3, Insightful)

              Thanks for responding in a civil manner even though I was a bit snarky.

              When you get down to it, any 'radio' is broadcasting if you define the area of measurement narrowly enough.

        • by mellon (7048)

          Sorry, I didn't mean to imply that merely keeping the status quo on common carrier would work for this case. But turning around the general trend that we've been seeing of making everybody liable for everything would be a step in the right direction. It's a damned shame that the old days of open WiFi everywhere are largely gone.

      • Vote in the November election.

        For one Republicrat or the other Republicrat? As I understand it, child pornography and terrorism are not issues whose policies vary between the respective platforms of the two major U.S. parties.

        Lobby your congresscritters

        How do you propose to outlobby the "for the children" crowd and the Motion Picture Association of America?

    • Get a VPS in another country. Establish a VPN connection from your router to your VPS. Route all traffic from the open AP through the VPN.

    • by garyok (218493)

      Say I wanted to setup and open a WiFi AP for neighbors to check email, etc, when their connection is down. How can I do that and not get screwed if they download kiddie porn or send a threatening letter to the white house?

      If you're really worried that they're going to download CP or troll the POTUS, then you probably just shouldn't do it at all. Yeah, the internet is epoch defining communication tool and a great source of entertainment but I seriously doubt your neighbours' lives are going to grind to a halt if they can't browse Craiglist for the next single woman to keep in their chest freezer.

    • Re: (Score:3, Informative)

      by Lumpy (12016)

      ipcop firewall with a red green and blue interface. run them on the blue interface and run dans guardian on it as well as limit the bandwidth and ports allowed.

      20 minutes work. and less than $60.00 if you find a Nokia IP130 firewall used.

    • by Hatta (162192)

      Not possible. If a letter threatening the President comes from your IP, you will be investigated by the Secret Service. Even if you segregate your public wifi from your private wifi, that does not clear you from suspicion. There's nothing stopping you from connecting to your own public wifi and pretending to be a neighbor.

    • Is the leasst you should do ...

  • Lets face it... (Score:5, Interesting)

    by Darkness404 (1287218) on Thursday October 14, 2010 @11:36AM (#33896140)
    Lets face it, yeah, wi-fi routers can be hacked, yeah, a lot of people don't have secure wi-fi, but in all honesty does it matter to most people? Credit card information already should be encrypted with HTTPS so that wouldn't be sniffed, most sites let you use security to log in, etc.
    • by ledow (319597)

      Because on MOST home setups, access to the network is raw access to the machines. Access to the router setup (compromise and redirect EVERYTHING, bypass IE security zones, etc.), access to the local printers, access to the filesharing ports on the computers, etc. It's a bit more serious than just "could theoretically read all incoming/outgoing unencrypted data".

      There is rarely a firewall for a wirelessly connected user (because it's seen as a trusted network once you're on it), thus a simple "net use \\ip

  • 5 seconds? (Score:5, Funny)

    by cfc-12 (1195347) on Thursday October 14, 2010 @11:41AM (#33896236)

    He found that many didn't even have a password and roughly half of home UK Wi-Fi networks could be hacked in less than 5 seconds."

    I'm impressed. I can't connect to my own wireless network in less than 5 seconds.

    • I'm not. I don't think his set up requires him to click three buttons and wait for internet explorer to load. He's most likely just establishing the connection through some kind of scripted command-line utility, and then just issuing a ping to a well-known fast-loading web site.
  • Not Shocking (Score:5, Insightful)

    by timeOday (582209) on Thursday October 14, 2010 @11:46AM (#33896340)
    I hate the alarming tone of these passe "war driving" articles. A car or home can be broken into in 5 seconds by breaking a window. Most mailboxes where I live (including mine) are just boxes with a little non-locking door on the front that anybody can open.

    And yet, the world keeps on turning.

    Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.

    • Re:Not Shocking (Score:4, Insightful)

      by Nidi62 (1525137) on Thursday October 14, 2010 @12:03PM (#33896716)

      Hopping onto somebody's wifi doesn't mean anything. It doesn't mean you can get their personal documents, or banking info, or anything else.

      But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.

      • Now if only judges and juries could be convinced that is a likely scenario, maybe we could finally move past all the nonsense.
        • by cdrguru (88047)

          When they seize the computer in the house and find the downloaded music on it the argument becomes rather difficult.

          Nobody has gotten any fines or judgements without having their computer seized and examined.

        • I'm not sure judges and juries can't be convinced it's a likely scenario. I don't offhand know of any conviction simply from net traffic, without supporting evidence, such as what's on the computer. On the other hand, I don't like the idea that somebody uses my connection for something bad, and the police haul off the family computers for an undefined period of time.

      • by amorsen (7485)

        This HAS [torrentfreak.com] been used successfully in a file sharing defence.

      • by rtechie (244489)

        But you CAN download music on their network and ruin them for life if the RIAA/MPAA finds out.

        This is actually less likely than people seem to think. Courts (and more importantly, police) have tended to allow for the unsecured/cracked wifi defense because hackers/bad people tend to use them. For example, Downloading child porn. Botnets. etc. The innocent bystander defense usually works.

        If someone has vacant rental home and meth heads break in and set up a secret lab to "cook" meth, the homeowner is not responsible for their actions. He's as much a victim as anyone else.

    • by Lumpy (12016)

      But we need more people AFRAID.. the world is better with rampant fear....

      LOOK OUT! ther's terrorists hiding in the bushes behind you!

    • The scary part though is that a determined thief could be monitoring your traffic and you would never know. If someone smashes a window and breaks into your house you will know about it. If someone is monitoring my traffic while I'm trying to file my tax returns, for example, they might have all sorts of valuable information about me and I would never know. Especially if I am the sort of under-experienced user that leaves my wi-fi open.

    • there's a subbtle diference :

      - a burglar can only be physically in one home at a time
      So your possesions are at risk only if he broke specifically in *your* house. If the burglar is in neigbours' - your possessions are safe (for now)

      - whereas, a war-driver can usually see a smal city block while sitting comfortably in his/her car (even farther using special antenas)
      So your local network (if WiFi isnt'correctly segregated) is at risk,as soon as an evil-hackerdrives in the neighbourhood. Both your local netwo

  • Rubbish. (Score:4, Informative)

    by Curmudgeonlyoldbloke (850482) on Thursday October 14, 2010 @11:51AM (#33896450)

    "* We found that nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals."

    So that's not just home networks then, that includes businesses deliberatly running open wifi as a service to visitors, and all sorts of commercial access points that are "open" in that they get you to a login provider for the service, which you then have to log in to? How many these "private wireless networks" are adhoc wireless on one PC connected to nothing in particular?

    The first link is just an advert selling snake-oil, the second contains no information to speak of. No link to any "report" at all.

  • So cute... (Score:2, Insightful)

    by twebb72 (903169)
    Its so cute how kids today think 'hacking' is obtaining access to an unprotected WAP.
  • by jenningsthecat (1525947) on Thursday October 14, 2010 @12:16PM (#33896952)
    ... then it's not called 'hacking', it's called 'connecting to an open access point'. Next thing you know, sticking a DVD in your computer's drive and installing software will be called 'hacking'. Have we fallen so far?
    • by rnelsonee (98732)

      RTFA, it's even in bold:

      According to CPP a typical password can be breached by hackers in a matter of seconds

      So this isn't open access points - it's networks that are locked down (with WEP)

      • by Fusen (841730)
        In that case then the 5 second claim is basically rubbish. Even with injecting your own packets to speed up the total IVs collected, it's going to take about 20-30 seconds and that is also with legitimate users on the network actually transferring packets so you get an even larger pool. 5 seconds would explain connecting to an open network, not WEP cracking. Even setting up the most common method of cracking wep which is using some variant of aircrack takes at least half a minute.
  • Where's the software suite that lets me set up P2P software, a giant list of usenet down- or uploads, or any task for later execution, then constantly searches for open wi-fi, connects, and does the task(s)? Surely someone has written something simple to set up that works automatically.

    It sure would be nice if EvilMe (tm) had a VM on my laptop that was constantly doing all my EvilDeeds (tm) in the background.

  • I wish that "ethical hacker" clown had kept his head down and his mouth shut. Given how far down the road the UK has already gone toward a society like Big Brother's wet dream, relatively easy access to Wi-Fi without some government snoop leaning over your shoulder might be one of the few remaining freedoms.

  • I thought the present state of the art was that WiFi "security" was impossible - any system, including WPA2, could be hacked in less than an hour. WEP goes down in seconds. WPA in minutes. MAC address filtering is just a DOS - when the hacker uses your MAC address you are blocked because of a duplicate MAC address on the same network.

    So why is anyone concerned about security on a WiFi network? How could there possibly be any security at all?

  • Turn the wireless off and plug in some Cat 5. Problem solved.

No man is an island if he's on at least one mailing list.

Working...