UK's Wireless Networks Open to Attack
By Cpp, PRNEWednesday, October 13, 2010
YORK, England, October 14, 2010 - Nearly half of home wi-fi networks can be hacked in less than five
seconds, according to a new study.
In an 'ethical hacking' experiment conducted across six UK cities, nearly
40,000 networks were revealed as high-risk, opening up the personal data of
thousands of individuals (1).
The study, commissioned by life assistance company CPP (
www.cpp.co.uk/), lifts the lid on wi-fi insecurity across Britain
ahead of National Identity Fraud Prevention Week.
An ethical hacker roamed Britain's cities using specially developed,
freely available software identifying insecure networks.
According to the findings, nearly a quarter of private wireless networks
has no password whatsoever attached, making them immediately accessible to
criminals. This is despite majority (82 per cent) of Brits mistakenly
thinking their network is secure.
And even password-protected networks are not secure. A typical password
can be breached by hackers in a matter of seconds.
Hacking into a private network not only allows unscrupulous individuals
to 'cloak' criminal activities such as purchasing illegal pornography or
selling on stolen goods. It also allows them to view the private transactions
made by individuals over the network, accessing passwords and usernames which
can then be used to impersonate the victim and commit identity fraud and
other illegal activity. Worryingly, only one in 20 people knows for certain
that their network has been used without their permission, indicating that
the vast majority remain ignorant of the risk.
The study also reveals the dangers of accessing the internet over
publicly available networks. While nearly one in five wireless users (16 per
cent) say they regularly use public networks, hackers were able to 'harvest'
usernames and passwords from unsuspecting people at a rate of more than 350
an hour, sitting in town-centre coffee shops and restaurants. In addition,
the experiment showed that more than 200 people unsuspectingly logged onto a
fake wi-fi network over the course of an hour, putting themselves at risk
from fraudsters who could harvest their personal and financial information.
Identity fraud expert from CPP (www.cpp.co.uk/), Michael Lynch,
said: "This report is a real eye-opener in highlighting how many of us have a
cavalier attitude to wi-fi use, despite the very real dangers posed by
unauthorised use. We urge all wi-fi users to remember that any information
they volunteer through public networks can easily be visible to hackers. It's
vital they remain vigilant, ensure their networks are secure and regularly
monitor their credit reports and bank statements for unsolicited activity."
Ethical hacker and Senior Vice President of CRYPTOCard Jason Hart, who
carried out the experiments said: "When people think of hackers they tend to
think of highly organised criminal gangs using sophisticated techniques to
crack networks. However, as this experiment demonstrates, all a hacker
requires is a laptop computer and widely available software to target their
victims.
"With the growth in the number of smartphones and wireless networks, it
has become far easier for hackers to crack usernames and passwords, allowing
them access to emails, social networks, and online banking sites and even to
assume the online identity of their victim. It's vital that both businesses
and individuals think very carefully about network security and what
information they provide when going online."
Table for the number of most unsecured networks in UK cities:
City Number of networks Number of unsecured networks
identified
London 14908 4746
Cardiff 11375 1409
Bristol 3323 916
Birmingham 3753 910
Manchester 2894 870
Edinburgh 1956 398
Public Wireless Hotspots
City Number of wireless users logging-on to
fake network
London 115
Birmingham 103
Manchester 72
Bristol 41
Edinburgh 31
Cardiff 29
CPP's (www.cpp.co.uk/) top tips on using wireless networks safely:
1) Use encryption on your wireless access points (WAP) - Make
sure you have Wi-Fi Protected Access 2 (WPA2) - the latest security
standard introduced by global, non-profit industry association, the Wi-Fi
Alliance
2) By implementing a Virtual Private Network (VPN) you can
create a secure wireless network. This is achieved by encrypting all of
the data that passes over the 'insecure' network so that it cannot be
accessed by an eavesdropper
3) Install a firewall on any network you use (an electronic
barrier that sits on a network server and protects the PCs hidden behind)
4) All wireless routers should have obscure IDs. Rather than
put in any real information that can make it clear who owns the
connection or that can reveal your location or business name, use
something common like "wireless" or "router 1" that doesn't give away
anything critical
5) Try to position access points, which transfer data between
your devices, away from the outside wall of your building to minimise
leakage of radio signals. This limits the chances of interception from
outside
6) If you run a business, don't allow employees to add access
points without your authorisation
7) Be aware of what information you are accessing online,
specifically when using public hotspots. Remember that any information
you submit, including usernames and passwords, can be read by others
Make sure you check your bank statements regularly to
monitor for suspicious transactions
9) Remember the Golden Rule: Identity thieves are experts at
spotting an opportunity to steal your identity and only need a few
personal details
10) If you want more information on how to protect yourself or
see how these experiments worked, please visit www.cpp.co.uk
Notes to editor
(1) Ethical hacker Jason Hart travelled within the main arterial routes
of each city within a four-mile radius, using basic 'WarDriving' equipment.
The aim was to identify networks that emanated wireless signals excessively
into a public place. All information received beyond the type of network and
level of security was deleted. In addition, Jason Hart did not connect to any
of these networks or crack any associated passwords.
In order to review the potential issues around public hotspots, Jason
used a portable wireless network router to attract users to connect with
their wireless devices to see whether they would trust existing wireless
connections and understand what potential information they were exposing.
Beyond the number of users and the location, no data gained from the
experiment was stored and permission was sought from the individuals
beforehand.
Research Methodology
ICM interviewed a random sample of 2,022 adults aged 18+ online between
16 - 19 September 2010. Surveys were conducted across the country and the
results have been weighted to the profile of all adults. ICM is a member of
the British Polling Council and abides by its rules. Further information at
www.icmresearch.co.uk
A live "wi-jacking" experiment was also carried out between 1 September -
4 October 2010 in Birmingham, Bristol, Cardiff, Edinburgh, London and
Manchester to determine the number of accessible wireless networks in each
city. The experiment consisted of two separate aspects:
- Wardriving: CPP's ethical hacker drove around each of the
different cities, looking for wireless networks, using special software
on a laptop computer. This was done in both residential and business
areas. Following the wardrive, CPP's ethical hacker monitored the
number of visible networks and what security settings were in place
- Creating fake wireless hubs: The second aspect of the
experiment involved going into public places and creating rival
wireless routers to capture people logging on to free wi-fi. Using
specialist software, CPP's ethical hacker recorded the number of people
logging-on to the rival wireless hub and what passwords and usernames
they were using.
Corporate Background Information
The CPPGroup Plc
The CPPGroup Plc (CPP) is an international marketing services business
offering bespoke customer management solutions to multi-sector business
partners designed to enhance their customer revenue, engagement and loyalty,
whilst at the same time reducing cost to deliver improved profitability.
This is underpinned by the delivery of a portfolio of complementary Life
Assistance products, designed to help our mutual customers cope with the
anxieties associated with the challenges and opportunities of everyday life.
Whether our customers have lost their wallets, been a victim of identity
fraud or looking for lifestyle perks, CPP can help remove the hassle from
their lives leaving them free to enjoy life. Globally, our Life Assistance
products and services are designed to simplify the complexities of everyday
living whether these affect personal finances, home, travel, personal data or
future plans. When it really matters, Life Assistance enables people to live
life and worry less.
Established in 1980, CPP has 10 million customers and more than 200
business partners across Europe, North America and Asia and employs 1,900
employees who handle millions of sales and service conversations each year.
In 2009, Group revenue was GBP292.1 million, an increase of more than 12
per cent over the previous year.
In March 2010, CPP debuted on the London Stock Exchange (LSE).
What We Do:
CPP provides a range of assistance products and services that allow our
business partners to forge closer relationships with their customers.
We have a solution for many eventualities, including:
- Insuring our customers' mobile phones against loss, theft and damage
- Protecting the payment cards in our customers' wallets and purses,
should these be lost or stolen
- Providing assistance and protection if a customer's keys are lost or
stolen
- Providing advice, insurance and assistance to protect customers against
the insidious crime of identity fraud
- Assisting customers with their travel needs be it an emergency (for
example lost passport), or basic translation service
- Monitoring the credit status of our customers
- Provision of packaged services to business partners' customers
CPP is an award winning organisation:
- Winner in the European Contact Centre Awards, Large Team of the Year
category, 2010
- Finalist in the European Contact Centre Awards, Best Centre for
Customer Service, Large Contact Centre of the Year categories, 2010
- Finalist in the National Sales Awards, Contact Centre Sales Team of the
Year category, 2010
- Finalist in the National Insurance Fraud Awards, Counter Fraud
Initiative of the Year category, 2009
- Finalist in the European Contact Centre Awards, Large Team and Advisor
of the Year categories, 2009
- Named in the Sunday Times 2008 PricewaterhouseCoopers Profit Track 100
- Finalists in the National Business Awards, 3i Growth Strategy category,
2008
- Finalist in the National Business Awards, Business of the Year
category, 2007, 2009 and Highly Commended in 2008
- Named in the Sunday Times 2006, 2007, 2008 and 2009 HSBC Top Track 250
companies
- Regional winner of the National Training Awards, 2007
- Winner of the BITC Health, Work and Well-Being Award, 2007
- Highly Commended in the UK National Customer Service Awards, 2006
- Winner of the Tamworth Community Involvement Award, 2006. Finalist in
2008
- Highly Commended in The Press Best Link Between Business and Education,
2005 and 2006. Winner in 2007
- Finalist in the National Business Awards, Innovation category, 2005
For more information on CPP click on www.cppgroupplc.com
For more information or to arrange a time for interview with CPP's identity fraud expert, Michael Lynch, please call Band & Brown Communications: - Eoghan Hughes - +44(0)20-7419-6976 / +44(0)7852-881-983; - Sarah Davidson - +44(0)20-7419-7346 / +44(0)7731-462451
Tags: Cpp, England, October 14, United Kingdom, York
