A recent study of UK Wi-Fi networks has highlighted that almost half of all access points can be hacked in less than five seconds, potentially putting the personal data of thousands of individuals at risk.
Despite modern routers shipping with reasonable passwords and WPA-level encryption, a study commissioned by life assistance company CPP suggests that there hasn't been much improvement since the bad old days of WEP.
Using the services of 'ethical hacker' Jason Hart, the study was able to identify over 40,000 networks at high risk of attack across six UK cities: London, Cardiff, Bristol, Birmingham, Manchester, and Edinburgh.
Capital city London was by far the worst offender, with 4,746 badly configured networks ripe for the picking, followed by Cardiff with 1,409. Each network could be accessed in under five seconds, giving fraudsters a quick and easy route into a company or individual's private network.
Michael Lynch, CPP's identity fraud expert, described the study as 'a real eye-opener in highlighting how many of us have a cavalier attitude to Wi-Fi use, despite the very real dangers posed by unauthorised use,' and advised Wi-Fi users to 'remain vigilant, ensure their networks are secure and regularly monitor their credit reports and bank statements for unsolicited activity.'
As well as a study of badly-secured networks, CPP also had Hart place fake access points in public areas to harvest usernames and passwords which were then discarded after incrementing a counter. Doing this, Hart was able to retrieve 391 username and password combinations from those who believed themselves to be logging in to genuine networks.
While the data gathered by Hart was discarded, the study provides a reminder that data transmitted over Wi-Fi isn't necessarily private. While CPP's advice on protection your own network, which includes using WPA2 security and having an obscure SSID, will help to keep ne'er-do-wells off your network, avoiding malicious public hotspots is somewhat harder.
Are you shocked to see just how many networks are still not using WPA2, or is CPP using flawed methodologies to push its fraud protection products? Share your thoughts over in the forums