More than one in four Wi-Fi networks in London are poorly secured or not secured at all, a scanning experiment by security firm Sophos has revealed.
The experiment was conducted over two days by the firm’s director of technology strategy, James Lyne, who cycled through the city with a computer set up to scan for wireless networks, using standard equipment, easily-available at a nominal cost to any would-be hacker.
He was also equipped with a GPS-enabled device to create a “heat map” showing comparative levels of security of wireless networks in central London.
Analysis of the data from more than 100,000 Wi-Fi networks detected on a 90-kilometre route reveals that residential areas largely had reasonable default configurations. Although many devices had default network names such as "SKY-XYZ123", they often had the strong WPA2 encryption standard enabled.
The worst offending areas – consistently across London – were streets with collections of small businesses.
Some 8% of the Wi-Fi networks detected used no encryption and included both home and business networks, but this figure excludes intentionally open networks such as hotel and coffee shop Wi-Fi hotspots.
Top tips to secure a Wi-Fi network
• Configure it to use WPA2
• Change your default SSID
• Use a secure password
The threat – for businesses in particular – is that if an attacker gains access to a wireless network, they can cause a lot of damage, such as intercepting usernames/passwords, taking control of computers on the network, changing browsing to websites that deliver malware or capture credentials, or using the network to perform a variety of anonymous or illegal activities.
Overall, 9% of Wi-Fi networks detected – again excluding intentionally open networks – were using default network names such as "default" or the supplier name, which makes password-hacking easier and faster, Lyne told Computer Weekly.
This figure increased to 21% of networks that used the default name, but had some random element, such as "Default-165496" included.
Importance of strong passwords
• Even the latest encryption standard, WPA2, can be compromised using attacks, which employ automated processes to try billions of possible password combinations until the correct one is eventually identified.
• Computing power to test and break longer passwords is far greater, so using a phrase like “makemywirelessnetworksecure” offers far more security, than a shorter, more-complex password like “w1f1p4ss!”
• In addition, adding numbers, special characters, and upper and lower case characters makes passwords harder to crack. For example, if your password consists of four digits and you only use numbers, there will be 10 to the power of 4 (10,000) possibilities. If you add in the alphabet in lower cases only, you will get 36 to the power of 4 possibilities, giving you 1.6 million.
• By using numbers, special characters and upper and lower case characters, you will effectively force any cracking program used to choose from 104 characters. Using a password that was 11 characters long would result in 15,394,540,563,150,776,827,904 possibilities. This increases the time needed to crack a password from seconds to millions of years. It’s important to note that these techniques are being improved and enhanced all of the time. As computing power increases, so do attack methods.
Some suppliers offering solutions with a plug-and-play router generate truly random names by default, and supply these on a sticker on the bottom of the router. “It's therefore reassuring to see some suppliers following best practice here, helping consumers in particular to be more secure out of the box,” said Lyne.
For the experiment, Sophos collected only high-level data within the confines of the law to show the general state of wireless security awareness, but cyber criminals have significantly more offensive tools in their armouries and could take this exercise further, said Lyne.
“This exercise doesn’t paint the complete picture but it shows enough to demonstrate that security best-practice and education still need a lot of focus,” he said.
According to Lyne, poorly-configured devices show a lack of awareness rather than a lack of capability to be secure, since just about every wireless device can be configured to use secure wireless networking out of the box.
“It’s easy to take simple steps to protect your wireless network, making it a far less attractive target for anyone trying to snoop on your internet activities or steal personal information,” he said.
The experiment revealed that 19% of the Wi-Fi networks detected used obsolete WEP encryption standard. “This group is perhaps the biggest concern because they think they are protected, but they are not,” said Lyne.
Using readily-available tools, he demonstrated how WEP passwords can typically be cracked in seconds, which could enable attackers to join networks and directly attack computers or devices, as well as "sniff’" network traffic, for example viewing which websites are being visited, reading emails and capturing information such as passwords.
“It is likely these hotspots are older and haven’t been reconfigured or changed for quite some time. Modern devices tend to come with a more secure WPA and WPA2 configuration out of the box,” said Lyne.
“Enabling an attacker access to your network like this also makes it possible for them to launch other nasty attacks like ‘man in the middle’. This enables attackers to sniff your usernames, passwords or other sensitive data while you think you are using a secure and private connection,” he said.
According to Lyne, the minimum level of protection on any wireless network is the implementation of WPA2 encryption. But, he warned, even this can be redundant if a strong password is not also used.
Sophos has published online a detailed set of tips for keeping Wi-Fi networks safe.
Cyber criminals have easy access to tools that can attack WPA2-protected networks with massive wordlists at high speed, said Lyne, so it is critical that Wi-Fi network owners adhere to best practice when configuring their wireless networks.
Businesses should also ensure they have appropriate configuration management, logging and anomaly detection capabilities so that their configuration remains standard across the office or geographic locations.
Most wireless routers will come with a default wireless network name, which is the name of the router as it appears on any device attempting to connect to it. The network name is also known as the service set identification or SSID, which many users do not change.
Failure to change this allows hackers to prepare default password look-up lists combined with common SSIDs which speed up the password-cracking process drastically, enabling them to test vast numbers of passwords a second, said Lyne.
Having a custom SSID increases the time it takes for an attacker to break your password, he said, but when changing it, organisations should also give thought to their selected name because calling a wireless network ‘Company X’ may make it more of a target as it is so easily identifiable.
Finally, said Lyne, public hotspots will often intentionally be open so users of such services should ensure they are configured to use a VPN, which protects their traffic irrespective of the potential hazards of attackers listening in.