Wi-Fi piggybacking widespread, Sophos research reveals

Over 50% of people polled admitted they had stolen Wi-Fi internet access from others.

IT security and control firm Sophos has revealed new research into the use of other people's Wi-Fi networks to piggyback onto the internet without payment. The research, carried out by Sophos on behalf of The Times, shows that 54 percent of computer users have admitted breaking the law, by using someone else's wireless internet access without permission.

According to Sophos, many internet-enabled homes fail to properly secure their wireless connection with passwords and encryption, allowing freeloading passers-by and neighbours to steal internet access rather than paying an Internet Service Provider (ISP) for their own. In addition, while businesses often have security measures in place to protect the Wi-Fi networks within their offices from attack, Sophos experts note that remote users working from home could prove to be a weak link in corporate defenses.

"Stealing Wi-Fi internet access may feel like a victimless crime, but it deprives ISPs of revenue. Furthermore, if you've hopped onto your next door neighbors' wireless broadband connection to illegally download movies and music from the net, chances are that you are also slowing down their internet access and impacting on their download limit," explained Graham Cluley, senior technology consultant for Sophos. "For this reason, most ISPs put a clause in their contracts ordering users not to share access with neighbours - but it's very hard for them to enforce this."

Survey results

Have you ever used someone else's Wi-Fi connection without their permission?
Yes    54%
No    46%
Sophos online survey, 560 respondents, 31 October - 6 November 2007.

Sophos recommends that home owners and businesses alike set up their networks with security in mind, ensuring that strong encryption is in place to prevent hackers from eavesdropping on communications and potentially stealing usernames, passwords and other confidential information.

"If you're not encrypting your wireless communications then it's not hard for cybercriminals in your neighborhood to snoop on what you're doing, whether it's surfing or remotely accessing work documents. They may even be able to infect your computer with malware designed to commit identity theft," continued Cluley. "It's essential that your Wi-Fi connection is encrypted and that you have not chosen a password for your router which is easy to guess or crack. The problem is that a lot of Wi-Fi equipment is not properly configured when it comes out of the box, or is a headache to setup."

Tips for preventing strangers from stealing your Wi-Fi connection

1. Use encryption
Wi-Fi Protected Access (WPA and WPA2) is a stronger encryption system than WEP, and can be used to reduce the chances of hackers intercepting your communications.

2. Use a password
Choose a strong password that has to be used to access your wireless access point. Don't use the default password that came with your Wi-Fi equipment or a dictionary word that is easy to guess or crack. (You may wish to read our article on sensible password use for help with this.

3. Use MAC address filtering
Wi-Fi routers and access points normally have the ability to prevent unknown wireless devices from connecting. This works by comparing the MAC address of the device trying to connect with a list held by the router. Unfortunately, this feature is normally turned off when the router is shipped because it requires some effort to set up properly. By enabling this feature, and only telling the router the MAC address of wireless devices in your household you can reduce the chances of strangers' computers piggybacking your internet connection.

Unfortunately it is possible for a determined hacker to clone MAC addresses, but this measure should still be taken to reduce the risks.

4. Don't broadcast the name of your wireless network
The name of your wireless network, known as the SSID, should not be broadcast to passers-by. In addition, choose an obscure hard-to-guess SSID name to make life harder for hackers. SSIDs such as "home" or "internet" are not good choices.

5. Restrict internet access to certain hours
Some wireless routers allow you to configure internet access to certain times of the day. For instance, if you know you will not need to access the internet from home between 9-5, Monday to Friday, then schedule your router to disable access between those hours.

6. Make sure your computers are properly secured
Make sure all of your computers are properly secured with up-to-date anti-virus, security patches, and client firewall software.

About Sophos

Sophos provides solutions that enable enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control and endpoint solutions simplify security to provide an integrated defence against malware, spyware, intrusions, unwanted applications and policy abuse. Sophos complements these solutions with innovative email and web security products that filter traffic for security threats, spam and policy infringements. With over 20 years of experience, Sophos's reliably engineered security solutions and services protect more than 100 million users in over 140 countries. Recognised for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Comments (0)

Add a Comment

This thread has been closed from taking new comments.

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter