back to article Sydney newspaper hacks Wi-Fi networks!

Here’s a surprise: according to a recent sample of Wi-Fi networks around Sydney, only 2.6 percent were operating without a password. The Sydney Morning Herald, having seen what happens when unsecured home Wi-Fi networks become vectors for viruses and pornography, decided to test how well householders in its home city secure …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    SMH - alibis-r-us

    ‘It could be quite difficult to prove that it wasn’t in fact you,’

    Maybe; but it should be quite easy to build a plausible case that a newspaper hacked your wifi and planted the evidence.

    Unless of course the SMH kept full records of everyone it hacked, er, scanned, er, surveyed; in which case they just opened themselves up to some breach of privacy problems.

  2. Rich 3

    One would imagine..

    That they would just be looking for unsecured network (for the less technical, you can see these in the network browser without trying to connect) rather than trying a selection of passwords.

    AFAIK it is impossible to actually configure a WSP or even WEP router with an empty password. You instead configure it as an open network if you want anyone to have access, as in a cafe or free hotspot.

  3. Anonymous Coward
    Anonymous Coward

    There are four people in my house...

    “if an unauthorised user illegally downloaded copyright material, it could be traced back to the network owner. ‘It could be quite difficult to prove that it wasn’t in fact you,’ Dr Suzor said.”

    Maybe if you live in a fascist country...

    ...or a country which has a few fascist type laws, at least.

  4. Neoc

    No need to log in.

    "To test whether a password was present, wouldn’t the Sydney Morning Herald tester have logged into the networks, without the owners’ permission?"

    Erm... no. Most network browsers these days will add a little Lock icon next to password-protected networks.

    1. easytoby

      captive portal login

      If you use a network with a captive portal to control security of access - e.g. conference centres, hotels, etc - the initial network is unsecured (no 'little padlock' icon), but you cannot go anywhere until you have put your voucher code / room number / username + password / etc.

      In these cases, the network shows up as "unsecured" but _can_ be quite secure in fact, as you are being dumped into a walled garden (captive portal) first.

    2. Tim Bates

      Little lock...

      WPS based setups generally don't show the padlock - there's one in view of my laptop right now which I can't connect to. I know it's running WPS and has a WPA-PSK set - I installed it.

      Another case, as someone mentioned, would be where there is a wireless hotspot with other methods of protecting the network. McDonalds WiFi is open, and may have been some of the networks they found. Until you connect, you wouldn't know.

      We have a setup at work for updating client's laptops - open wifi which is forced through a proxy which only allows access to windows update and activation, and some AV update sites. Our's would show as one of their "insecure" networks, but wouldn't be a leech magnet like they are implying.

      1. Mark 65

        @Tim Bates

        Although you are no doubt correct in your statement about padlock visibility I would wager that, as journalists, they relied on whether a padlock was visible for their work.

  5. tkioz

    This is interesting...

    This is interesting, IANAL, but I remember getting legal advice oh about 5 / 6 years ago when I was working retail IT in Victoria and being told point blank that it doesn't matter how you gain access to a system or network, if that access is unauthorised you are in fact breaking the law. Something about how the law is written, it doesn't matter why you are doing it, or if you believe that you are authorised (in my case when asking about resetting a customers password, we needed a signed statement of ownership from the customer).

    It's the same as being charged with burglary even if the door to the house is unlocked, using an unprotected WiFi without the consent of the owner is still against the law, because there is no legal requirement to secure it, only a common sense one.

    1. Reg Blank

      Not quite.

      Then why do I have to add all those "No unauthorised access permitted" warnings on routers? They are password protected.

      But to get to your example, it is a faulty analogy because the charge would not be burglary. Burglary only occurs if a theft takes place. An unauthorised entry charge would be "trespassing". If the lock is broken on entry or damage occurs, then it is vandalism or criminal damage.

      HOWEVER. The reason for the router warning is that unless you explicitly say unauthorised access is prohibited, then it isn't even trespassing.

      To use your analogy. It could be argued that if you leave your door open it is an invitation for others to enter. If an open door requires no active measures to gain entry (a handle being manipulated or door pushed aside) and there are no signs saying that access is forbidden, therefore permission is implied. Not to steal or vandalise, but just to enter. If you find that person standing in your living room and that person is then challenged and asked to leave, but do not do so, that is trespassing. If you don't ask them to leave, it isn't (hence warning on routers above).

  6. Anonymous Coward

    ElReg WHUT?

    If a network "has no password" it is an open network. You don't have to connect to the network to see if it is open or not as the networks quite happily broadcast that fact.


  7. Anonymous Coward
    Anonymous Coward

    MAC address filtering?

    Although i suspect it will just be WIFI networks that are unencrypted with no security due to the owners lack of knowledge on these matters it could easily be that someone has deliberately set it to be an open network because they have some old hardware that doesnt support WPA so they have instead enabled mac address filtering or some other security on the outbound internet connection instead like a internet cafe often do?

    Or they may have set up a honey pot as i sometimes do because im in a dense urban area so its good to see who logs into it and what they do. Not sure of the legality of that situation but since they are connecting to MY network without permission surely all the data that flows across it must be mine also ;-)

    AC for obvious reasons

    1. Tim Bates

      MAC filtering = fail

      MAC address filtering failed as a security method before it even started (on open networks anyway)... If any authorised devices are present and using the network, you can see their MAC address and simply need to spoof it. Almost all WiFi adapters will let you change the MAC address in the driver properties (on Windows anyway) so it's not exactly difficult to do.

This topic is closed for new posts.

Other stories you might like