Having done a post about my trip to the dentist, I have to admit the reason I always ‘avoid’ the dentist goes back to the 70′s and having seen the film “Marathon Man” – hence the title of this post. If there’s one movie to put you off the dentist, this would be it. On the other hand having seen Jennifer Aniston in “Horrible Bosses“, I can think of a reason to go.
Anyhow, this got me thinking about just how ‘safe’ is the average WiFi network?
Having discovered my dentists problem with my phone, I installed ‘WiGLE Wifi Service‘ on my phone and left it running for a couple of days. WiGLE will run in background and with the assistance of the built-in GPS on the phone will log: the name of the wifi network, the channel, the mac address, the security on the network and the location. This can then be uploaded to their servers, or just exported for personal use via a csv file.
Well, the results after driving from the town to my village and walking the odd mile or two a day around the village for some exercise, WiGLE logged a total of 6692 WiFi networks… Wow
So let’s give some breakdown of the figures to just the first 600 of that number….
- 211 Open networks – [ESS]
- 33 With the most basic encryption level – [WEP][ESS]
- 3 slightly better – [WPS][ESS]
- and the rest showing as – [WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][ESS]
Now, the bad news for the rest is that a lot of these may well be running with the ‘default’ password of the unit as supplied by their ISP. Which is a real false sense of security.
Why? Well with the OK from a neighbour and with a MK1 iPad – ok I could have used a laptop to get faster results or even my android phone, but the point of the exercise was to use as little power as possible to show how easy it is.
Result? It took just under 4 minutes to crack the network and shown him the devices on the network.
Now, it’s one thing seeing a business network and quite another when it get’s to home networks…. I could see his and her iPhones, a laptop, Epson colour printer, NAS, TV, Sky box and a iPad.
Whilst I didn’t look beyond this point it does show the potential for the criminal to exploit. Any ‘personal’ photos and/or naughty home videos you might have stored away, any electronic copies of important and confidential files, how about that passwords.txt file containing the list of all your passwords and user names on your NAS so you don’t forget them?
What about the fact one day you can see the list above and then you see no iPhones on the network? Pretty safe bet to say there is no one at home.
Remember, you might have locked the front door with a firewall/router but if the WiFi is open/unsecured then you may of left the windows wide open…. and a big sign on the door listing the ‘goodies’ you have inside.