There is no doubt we live in an increasingly mobile, fast-paced and complicated society. If you had asked the average person in the street five years ago how their identity could be stolen then bin raiding and theft of personal mail would certainly have
figured prominently. Today, ask the same question and you’re likely to get a multitude of responses including data leaks, institutional theft, bin raiding, phishing, Trojans, botnets, cold calling, social engineering and so on.
So the threat evolves and doesn’t stand still.
One area that has had limited public discussion so far in the mainstream media is the use of wireless networks and how secure these are. In order to look into this in more detail, CPP conducted a live experiment using the services of Jason Hart, Senior Vice
President of CRYPTOCard, across 6 UK cities and found that there was large-scale ignorance about what constituted a secure network, whether public networks can put your personal information at risk and how to identify a
rogue wireless network.
The key findings of the experiment showed:
- Across six UK cities we identified 38,209 home wireless networks as high-risk
- Of the total number, 9249 had no security, 5,523 used WEP encryption, 5,972 used WPA encryption and 14,138 WPA2 encryption
- In order to investigate potential issues around public hotspots i.e. coffee shops and public locations, we identified over 350 users within a one-hour period and calculated that 100% of these users had sensitive information that could have been captured
- Finally, we used a portable wireless network router connected to 3G broadband connection to set up a rogue network specially named to attract users to connect their wireless device to the network automatically. This was achieved by using different SSID
names. Over 200 people accessed within a one-hour time frame with a further 80 having devices that automatically connected.
At this point I should point out that the overall purpose of the experiment was to quantify the extent of the security problems and raise awareness of the issue – not hunt down targets. At no point during the experiment was any unauthorised access gained
to any user of any wireless network. The following were considered inappropriate:
- Sniffing of network traffic
- Connection to any of the detected networks
- Attempt to crack any encryption keys (WEP, WPA, WPA2)
- Targeting of ‘high profile’ businesses
- Installation and use of a high gain antenna
- Use of ‘cracking’ software to decrypt encryption keys
- Cracking of passwords, use of ‘cracking’ software
- The positive identification of networks was limited to the following information – wireless network SSID, wireless network name, encryption type used and wireless access point model
What makes this particularly concerning is that you have these visible networks and there is software ‘out there’ that can be used to crack wireless network encryption using brute force attack – only recently we’ve had news of software that can brute force
crack as many as 103,000 wireless network passwords per second, which equates to more than 6 million passwords a minute.
Aligned to this live experiment we questioned over 2,000 people separately and found that 82% of people think their wireless networks are secure and the majority don’t think their network has ever been used without their permission. Contrast this with the
live experiment that showed nearly a quarter of private wireless networks in the Wardrive experiment had no password attached, making them accessible to hackers.
We also asked people whether they had ever logged onto anyone else’s wireless network without their permission and the results showed that 20% said they had. When we asked why they had done this, over a third (36%) said because it was available, 32% because
it was convenient, 28% because it was easy to do, and 14% because they couldn’t access their own wireless networks. 5% admitted they had done it accidentally.
What the report clearly shows is that there seems to be a lack of awareness in relation to what encryption standard to use when deploying or using a wireless access point and more importantly of all, zero awareness when using public or rogue wireless access
points. And with the number of internet-based applications that rely on wireless applications increasing, and one-third of the world’s population forecast to be online by the end of the year, the opportunities for wireless network hacking will also increased.