I am writing this article in the comfort of my living room, able to connect to the Internet to download source and reference material related to this topic.  There are no cables trailing across the floor for clumsy feet to trip over because I am using a wireless communication network via my broadband connection. In fact, I have the ability to connect to the internet from anywhere in the house, or in the garden (come those balmy summer evenings) for that matter.

With the arrival of affordable broadband, the Internet in the home is truly here.  The BBC report that, as 2007 begins, BT is likely to connect up the 10 millionth customer to its broadband network. What better way is there to connect your computer than by a wireless connection, avoiding the clutter, inconvenience and expense of cabling your home for networking?  Cheap and easy to set up, WiFi looks to be the way to go: but do wireless networks come with any hidden risks?

 

Wireless networking uses radio waves to enable communication between devices.  These waves do not respect the boundaries of your house and garden, and the signals are there for all to see. In fact, identification and compromise of wireless networks has become a recent trend in computer “hacking”. More properly, the term "cracker" should be used to define someone who breaks computer security systems If a cracker attaches to a wireless network, they can often bypass many of the system security checks normally in place, as they seem to be coming from a trusted source.  For example, business firewalls and email servers will often consider such an intruder to be trustworthy, as the connection does not appear to be coming from the internet.  It is then possible for an intruder to to look for critical business and personal information anywhere on the network or to hijack the broadband connection itself to anonymise criminal activities such as illegal downloads, denial of service attacks, or attacks on other systems.  As if it isn't bad enough that your intenet connection is being used for unsavoury purposes, any criminal investigation of such activities can eventually be traced back to the your home or business, but can't generally be traced any further: to all intents and purposes, it appears as if you are responsible for the activity.

 

So, how easy is it for an unauthorised person to gain access to your wireless network? It is frighteningly easy. By default, many wireless routersA computer network device that forwards data to the correct destinations on the network and access pointsA computer network device that connects together wireless devices to form a wireless network. have no security settings enabled.  Anyone with a wireless-enabled laptop or hand-held device can simply position themselves outside your home or office, within reasonable distance of the wireless connection, and attach to the unsecured network within seconds.  In fact, there are dedicated computer users known as wardrivers, whose goal is the discovery of such unprotected wireless networks. They drive around, identify open networks, often using GPS to record the location of the network, and sometimes log this information on a website.  Such activities can be a legal grey area but, more often than not, are breaking the Wireless Telegraphy Act (1989).

 

Can your wireless network be made more secure? Thankfully, there are a number of ways in which we can make our wireless networks more secure and protect them from abuse. Almost all wireless devices have the capability to encrypt the communication on the network using industry-standard protocols The open standard for wireless networks (802.11b) includes a definition for the Wired Equivalent Privacy (WEP) protocol, which was designed to encrypt communication on wireless networks and to ensure that only authorised computers are able to access the network.  Unfortunately, since WEP came into widespread use, some security flaws have been discovered. It is now possible to obtain software on the internet which is capable, with a little know-how, of deciphering the encryption codes.

 

In response, the WiFi Alliance created WiFi Protected Access (WPA), which has been followed with a recent  second implementation, WPA2. WPA was designed to overcome some of the security flaws in WEP, including the ability to authenticate with a trusted certification authority such as Verisign. However, WPA itself has now been found to have vulnerabilities to cracking, particularly where weak or simple passwords have been used. Despite this flaw, WPA remains a much more secure option than WEP, and WPA2 is often available on newer equipment.

 

So, given that we are provided with the ability to exercise security measures for our wireless networks, how security conscious are we?

 

The truth makes disturbing reading. A walk with a wireless-capable device in any high street or housing estate in the UK will reveal network after network that are vulnerable to attack. Research, published in 2005 by RSA Security, looked at the spread of wireless networks in six major cities (London, Frankfurt, Paris, Milan, New York and San Francisco) and the associated levels of wireless security over four years.  All cities showed dramatic year-on-year growth of wireless networks, but fully one-third of surveyed networks had no security implemented whatsoever and a quarter of networks had not changed the default settings, further compromising their security.  Another study outside London by Newell and Budge found that, out of 2000 networks in seven cities across the UK and Ireland, over 60% of those networks were unsecured.

 

As a nation, we are happy to shop on the internet, confident that we can securely pass credit card details to online stores.  Yet fears of identity theft and credit card fraud are high, and unsecured wireless networks are like an open door to our personal information.