Years after WiFi security was supposed to have gone ‘critical’, a quarter of access points in the UK remain open and unsecured, a new ‘wardriving’ survey has discovered. Worse, large numbers of people will happily log on to an open ‘rogue’ access point in city centres, no questions asked, opening themselves to the risk of serious data theft.
This first disturbing aspect of the ethical hacking survey on behalf of financial firm CPP was its size, taking in nearly 40,000 access points in London, Edinburgh, Birmingham, Cardiff, Manchester and Bristol. The claim that WiFi security is a problem is no mere statistical spin.
In London, 4,746 out of 14,908 surveyed were open, in Birmingham it was 910 out of 3,753, and in Manchester, 870 out of 2,894. Assuming the access points weren’t left open for a reason, such as public use, encryption still has some way to go in the UK.
The naive behaviour of WiFi users in public spaces is probably the biggest worry, with many willing to connect to a test access point set up in an open state. In London, the test found 155 ‘victims’, in Birmingham 103, and in Manchester 72, with the overall rate equivalent overall to around 350 per hour.
If the access point had been a genuine rogue, any users who decided to use their credit card online while connected to it would have been risking a nasty shock when the statement arrived.
“When people think of hackers they tend to think of highly organized criminal gangs using sophisticated techniques to crack networks. However, as this experiment demonstrates, all a hacker requires is a laptop computer and widely available software,” said CryptoCard’s Jason Hart, the white hat hacker who conducted the war-driving.
Part of the problem with users and open networks could be down to smartphone users who mistakenly assume WiFi security to be a laptop problem.
Hart recommends that business employees who need to use open access points in public places do so via VPN. This supplies an encrypted tunnel to compensate for the access point’s lack of the same. At least one public WiFi operator offers just such a technology as part of its service.
There are plenty of WiFi tools for securing computer connections in public places. Consumers might not realise that they are spoilt for choice.