UK's Wireless Networks Open to Attack

Oct 14, 2010, 03:00 ET from CPP

YORK, England, Oct. 14 /PRNewswire/ -- Nearly half of home wi-fi networks can be hacked in less than five seconds, according to a new study.

In an 'ethical hacking' experiment conducted across six UK cities, nearly 40,000 networks were revealed as high-risk, opening up the personal data of thousands of individuals (1).  

The study, commissioned by life assistance company CPP, lifts the lid on wi-fi insecurity across Britain ahead of National Identity Fraud Prevention Week.

An ethical hacker roamed Britain's cities using specially developed, freely available software identifying insecure networks.

According to the findings, nearly a quarter of private wireless networks has no password whatsoever attached, making them immediately accessible to criminals. This is despite majority (82 per cent) of Brits mistakenly thinking their network is secure.

And even password-protected networks are not secure. A typical password can be breached by hackers in a matter of seconds.

Hacking into a private network not only allows unscrupulous individuals to 'cloak' criminal activities such as purchasing illegal pornography or selling on stolen goods. It also allows them to view the private transactions made by individuals over the network, accessing passwords and usernames which can then be used to impersonate the victim and commit identity fraud and other illegal activity. Worryingly, only one in 20 people knows for certain that their network has been used without their permission, indicating that the vast majority remain ignorant of the risk.

The study also reveals the dangers of accessing the internet over publicly available networks. While nearly one in five wireless users (16 per cent) say they regularly use public networks, hackers were able to 'harvest' usernames and passwords from unsuspecting people at a rate of more than 350 an hour, sitting in town-centre coffee shops and restaurants. In addition, the experiment showed that more than 200 people unsuspectingly logged onto a fake wi-fi network over the course of an hour, putting themselves at risk from fraudsters who could harvest their personal and financial information.

Identity fraud expert from CPP, Michael Lynch, said: "This report is a real eye-opener in highlighting how many of us have a cavalier attitude to wi-fi use, despite the very real dangers posed by unauthorised use.  We urge all wi-fi users to remember that any information they volunteer through public networks can easily be visible to hackers. It's vital they remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity."

Ethical hacker and Senior Vice President of CRYPTOCard Jason Hart, who carried out the experiments said: "When people think of hackers they tend to think of highly organised criminal gangs using sophisticated techniques to crack networks. However, as this experiment demonstrates, all a hacker requires is a laptop computer and widely available software to target their victims.

"With the growth in the number of smartphones and wireless networks, it has become far easier for hackers to crack usernames and passwords, allowing them access to emails, social networks, and online banking sites and even to assume the online identity of their victim. It's vital that both businesses and individuals think very carefully about network security and what information they provide when going online."

Table for the number of most unsecured networks in UK cities:


City

Number of networks identified

Number of unsecured networks

London

14908

4746

Cardiff

11375

1409

Bristol

3323

916

Birmingham

3753

910

Manchester

2894

870

Edinburgh

1956

398




Public Wireless Hotspots


City

Number of wireless users logging-on to fake network

London

115

Birmingham

103

Manchester

72

Bristol

41

Edinburgh

31

Cardiff

29




CPP's top tips on using wireless networks safely:

  1. Use encryption on your wireless access points (WAP) - Make sure you have Wi-Fi Protected Access 2 (WPA2) - the latest security standard introduced by global, non-profit industry association, the Wi-Fi Alliance
  2. By implementing a Virtual Private Network (VPN) you can create a secure wireless network.  This is achieved by encrypting all of the data that passes over the 'insecure' network so that it cannot be accessed by an eavesdropper
  3. Install a firewall on any network you use (an electronic barrier that sits on a network server and protects the PCs hidden behind)
  4. All wireless routers should have obscure IDs. Rather than put in any real information that can make it clear who owns the connection or that can reveal your location or business name, use something common like "wireless" or "router 1" that doesn't give away anything critical
  5. Try to position access points, which transfer data between your devices, away from the outside wall of your building to minimise leakage of radio signals. This limits the chances of interception from outside
  6. If you run a business, don't allow employees to add access points without your authorisation
  7. Be aware of what information you are accessing online, specifically when using public hotspots. Remember that any information you submit, including usernames and passwords, can be read by others
  8. Make sure you check your bank statements regularly to monitor for suspicious transactions
  9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details
  10. If you want more information on how to protect yourself or see how these experiments worked, please visit http://www.cpp.co.uk

Notes to editor

(1) Ethical hacker Jason Hart travelled within the main arterial routes of each city within a four-mile radius, using basic 'WarDriving' equipment. The aim was to identify networks that emanated wireless signals excessively into a public place. All information received beyond the type of network and level of security was deleted. In addition, Jason Hart did not connect to any of these networks or crack any associated passwords.

In order to review the potential issues around public hotspots, Jason used a portable wireless network router to attract users to connect with their wireless devices to see whether they would trust existing wireless connections and understand what potential information they were exposing. Beyond the number of users and the location, no data gained from the experiment was stored and permission was sought from the individuals beforehand.

Research Methodology

ICM interviewed a random sample of 2,022 adults aged 18+ online between 16 - 19 September 2010.  Surveys were conducted across the country and the results have been weighted to the profile of all adults.  ICM is a member of the British Polling Council and abides by its rules.  Further information at www.icmresearch.co.uk  

A live "wi-jacking" experiment was also carried out between 1 September – 4 October 2010 in Birmingham, Bristol, Cardiff, Edinburgh, London and Manchester to determine the number of accessible wireless networks in each city. The experiment consisted of two separate aspects:

  • Wardriving: CPP's ethical hacker drove around each of the different cities, looking for wireless networks, using special software on a laptop computer. This was done in both residential and business areas. Following the wardrive, CPP's ethical hacker monitored the number of visible networks and what security settings were in place
  • Creating fake wireless hubs: The second aspect of the experiment involved going into public places and creating rival wireless routers to capture people logging on to free wi-fi. Using specialist software, CPP's ethical hacker recorded the number of people logging-on to the rival wireless hub and what passwords and usernames they were using.

Corporate Background Information

The CPPGroup Plc

The CPPGroup Plc (CPP) is an international marketing services business offering bespoke customer management solutions to multi-sector business partners designed to enhance their customer revenue, engagement and loyalty, whilst at the same time reducing cost to deliver improved profitability.  

This is underpinned by the delivery of a portfolio of complementary Life Assistance products, designed to help our mutual customers cope with the anxieties associated with the challenges and opportunities of everyday life.

Whether our customers have lost their wallets, been a victim of identity fraud or looking for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to enjoy life. Globally, our Life Assistance products and services are designed to simplify the complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live life and worry less.

Established in 1980, CPP has 10 million customers and more than 200 business partners across Europe, North America and Asia and employs 1,900 employees who handle millions of sales and service conversations each year.

In 2009, Group revenue was 292.1 million pounds Sterling, an increase of more than 12 per cent over the previous year.

In March 2010, CPP debuted on the London Stock Exchange (LSE).

What We Do:

CPP provides a range of assistance products and services that allow our business partners to forge closer relationships with their customers.

We have a solution for many eventualities, including:

  • Insuring our customers' mobile phones against loss, theft and damage
  • Protecting the payment cards in our customers' wallets and purses, should these be lost or stolen
  • Providing assistance and protection if a customer's keys are lost or stolen
  • Providing advice, insurance and assistance to protect customers against the insidious crime of identity fraud
  • Assisting customers with their travel needs be it an emergency (for example lost passport), or basic translation service
  • Monitoring the credit status of our customers
  • Provision of packaged services to business partners' customers

CPP is an award winning organisation:

  • Winner in the European Contact Centre Awards, Large Team of the Year category, 2010
  • Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010
  • Finalist in the National Sales Awards, Contact Centre Sales Team of the Year category, 2010
  • Finalist in the National Insurance Fraud Awards, Counter Fraud Initiative of the Year category, 2009
  • Finalist in the European Contact Centre Awards, Large Team and Advisor of the Year categories, 2009
  • Named in the Sunday Times 2008 PricewaterhouseCoopers Profit Track 100
  • Finalists in the National Business Awards, 3i Growth Strategy category, 2008
  • Finalist in the National Business Awards, Business of the Year category, 2007, 2009 and Highly Commended in 2008
  • Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top Track 250 companies
  • Regional winner of the National Training Awards, 2007
  • Winner of the BITC Health, Work and Well-Being Award, 2007
  • Highly Commended in the UK National Customer Service Awards, 2006
  • Winner of the Tamworth Community Involvement Award, 2006. Finalist in 2008
  • Highly Commended in The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007
  • Finalist in the National Business Awards, Innovation category, 2005

For more information on CPP click on www.cppgroupplc.com

SOURCE CPP



RELATED LINKS

http://www.cpp.co.uk