Wi-Fi networks 'too hackable'

26 Apr 2012, 7:39 pm   -   Source: SBS, Lisa Zilberpriver
Share This
+ Comment
4
(File Getty)

(File Getty)

At least 20 per cent of the Wi-Fi networks used in Australian homes can be hacked using easy-to-obtain technology, experts say.

RELATED

At least 20 per cent of the Wi-Fi networks used in Australian homes can be hacked using easy-to-obtain technology, experts say.

"The most a user can do is make sure the password is strong, but even then 'password security' is a fallacy," a researcher told the Sydney Morning Herald.

Technology blogger and commentator Stilgherrian agrees, noting that older WEP (Wired Equivalent Protection) systems were not properly secure.

"If your Wi-Fi is not secured, the Wi-Fi signal is not encrypted, so anyone can sit there with a receiver and record all your information," he told SBS.

"The WEP password technique is no longer adequate - if someone wants to crack the password for your WEP it'll take him about ten minutes," Stilgherrian says.

Data theft is not the only possible problem. Criminals can use other people's Wi-Fi to access child pornography or commit fraud.

Consumers who have older modems may not realise they rely on easily-crackable WEP software.

Newer encryption techniques Wired Point of Access (WPA) and WPA 2 are more secure, he adds, but even so they are vulnerable to 'brute force attack'.

"WPA is actually pretty good, but it's always a matter of time," says Chris Gatford of HackLabs - a so-called 'ethical hacking' firm that tests banks' and other big companies' security.

"But if you make the time required to crack into the network onerous, then you'll discourage hackers," he adds, stressing that most are opportunistic.

Applications - and even a readily-available device - that bombard secured Wi-Fi networks with password attempts until they penetrate them have existed for years.

"(The device) even comes in a nice box with a cartoon on it," Mr Gatford says.

"I don't think people are spending a lot of time cracking wireless networks to get into big corporations - they're finding easier ways," says Mr Gatford.

And many Wi-Fi users in urban areas have 'learnt their lesson the hard way', he adds.

"Ten years ago you couldn't throw a stone without hitting an unsecured network," he says.

He agreed with the figure quoted in the SMH - 20 per cent - but said that was very low.

"It's probably not even that high in metropolitan areas because people have had problems with other people stealing Wi-Fi," he says.

Queensland Police recently began a 'war-driving' campaign to seek out unsecured or poorly-secured networks. They do this by driving around driving around neighbourhoods with a laptop computer, the SMH reported.

The fraud squad also published a list of ways to protect residential Wi-Fi connections.

CONSUMERS 'UNAWARE OF DANGER'

The average person who had bought a modem with WEP was unlikely to realise it was outdated and no longer safe to use, because it would still be working perfectly, Stilgherrian says.

"They look at the technology and thinks if it's not broken don't fix it. The problem is, it doesn't look broken," says Stilgherrian.

"Is it working to defend your data against hackers? That's not something you can see until it's too late," he says.

The responsibility may lie with manufacturers to remind customers to upgrade their system, Mr Gatford adds.

"They can easily send a reminder to users to say have you done X, Y or Z," he says.

However, RMIT researcher Dr Mark Gregory said manufacturers should also be made responsible for keeping up with protection systems.

"If a system timed out after a number of password failures, that would be enough to deter most would-be hackers," he told the SMH.

"Unfortunately manufacturers have been a bit lax," he added.

BigPond, Thomson and Speedtouch were three modem types that had been shown to be most vulnerable to a specific hacking tool that was easily available, the SMH reported.

SBS contacted BigPond for comment, but had not received a reply at the time of publication.

Wi-Fi

  • Follow us: 
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on Youtube

Your Comments

Have to agree with Clive

Bob - from Melbourne, 1 year

Don't place your sensitive items on your pc, don't stream by wi fi for two reasons, 1 easier to hack 2) increasing and more credible research exists about how some people are more at risk in developing health issues related to being around high frequency wi fi, if anyone tries to contact the manufacturer, you get the run around, and they cannot confirm if wi fi is a health risk or not. And back to the main issue, just go wired for better speed as well

Hold the suppliers liable

Ted - from Newtown, 1 year

If you have huge companies selling such obviously faulty products then they should be held liable. Companies like Telstra have no shortage of boffins who understand in great detail the technology they market. They know the customers are left vulnerable. It's no different to buying a car with faulty brakes or seat belts that snap off when needed.

Use Wire

Clive - from Brisbane, 1 year

If you're really concerned about security use a wire and disconnect from the internet. Given time WPA2 can be hacked. The GSM network can be hacked. If it's on the Internet or connected it most likely can be hacked. If you're serious about identity theft, never have a Facebook page or have one with little info on it. Don't put your health records up there either. If still want to surf and you want some level of safety while on the net try TOR. All depends on your paranoia level.

Known this for years

Adrian - from Gold Coast, 1 year

A big issue with Telstra and other providers that give a false sense of security with complex default passwords that can be decrypted with the network name. E.g. BigPondXXXXXX, SpeedTouchXXXXX and ThomsonXXXXXX. There are a variety of apps, even on the iPhone that can decrypt these easily. It does not matter if it is WPA/2 or WEP. WEP networks should never be used. Mac filtering is a good idea and use passwords that are complex with symbols that cannot be attacked with a dictionary attac

Join the Discussion

Name
City / Suburb E.g. Artarmon, Sydney
Title
Comment
You have characters remaining.
Validation
What's this?
This is a captcha-picture. It is used to prevent mass-access by robots.
All submitted comments become the property of SBS. They are moderated, so we reserve the right to edit comments and remove HTML tags. Not all submitted comments will be published. Publication does not mean we endorse the opinions expressed. Please read our terms and conditions for more information.