Wireless networks are typical across the United Kingdom, both in company and home environments. Typically corporate wi-fi structures could be mounted and configured by IT experts, who will utilise numerous security mechanisms to comfortable against unauthorised access. The trouble however arises with home wi-fi networks, which are hooked up and configured with the aid of folks who might also have restricted technical understanding. This can bring about the default settings getting used, in which the router is plugged in, switched on and left.
Internet Service Providers have therefore modified the default configuration of the wireless routers they supply to their customers so as to mitigate this, but it’s miles arguable whether or not some of the configurations are completely at ease.
To compare how many of wi-fi networks had been nonetheless prone to attack, war using software program become run on the author’s mobile phone, walking Android 2.2 for 3 days, recording wireless networks anywhere he went. The data become then evaluated to perceive any susceptible networks.
The areas visited in the course of the three days blanketed a rural village in Bedfordshire, a rural town in Northamptonshire and elements of Kempston, a small town on the brink of Bedford.
In that time, 393 wi-fi networks had been located. Of these, 258 have been secured with WPA, a hundred and fifteen with WEP and 20 were open.
These figures do no longer consist of wi-fi networks with SSIDs of “BTFon”, “BTOpenzone” or “The Cloud”, as those networks have authentication mechanisms utilised once a consumer has related to them. They were consequently taken into consideration false positives for the purposes of this evaluation. However, they will be at risk of other attacks.
Of the 393 wi-fi networks identified, 20 had no security configured by any means. Of these, 6 had a custom SSID, CEH Test suggesting a few technical understanding with the aid of the person, however probably a lack of protection knowledge. Additionally, the default SSIDs diagnosed with no protection endorse that the open networks utilised routers that were no longer furnished through an ISP, however purchased from a retailer.
Of the one hundred fifteen wi-fi networks configured with WEP, forty seven had an SSID identifying them as a BTHomeHub or BTHomeHub2. Others had SSIDs suggesting they were issued with the aid of Tiscali, AOL and Sky, as well as O2. This indicates that although ISPs have changed the default configuration, they have got now not achieved enough to shield the security of customers, as WEP has flaws making it issue to assault in much less than 10 mins.
Of the 258 WPA secured wi-fi networks, there had been 75 BTHomeHubs and BTHomeHub2s, however it isn’t always clean whether they had been reconfigured with the aid of the user. There were also 21 routers issued with the aid of Sky, but the default password for these is easily calculated. There had been round ninety seven routers with a personalized SSID the use of WPA.
To finish, the default configuration on a number of routers issued by means of ISPs remains insufficient, specially with Sky, where the use of WPA implies a level of protection that can not be furnished. Additionally, extra emphasis have to be made to train users of the dangers associated with insecure wi-fi networks and efforts have to be made to inspire them to utilise WPA2 as trendy. Furthermore, users ought to be educated inside the use of strong wireless passwords and the advantages of converting the SSID as a mitigation towards WPA attacks.