4 million UK broadband customers could be sharing Wi-Fi unknowingly

Surveys often need to be taken with a pinch of salt, but a recent survey published by Konnect shows a worrying statistic that as many as 4 million broadband customers may have others using their Wi-Fi without their knowledge. What did the survey ask, how does Wi-Fi sharing present security risks, and does this revelation call for new Wi-Fi password schemes?

A survey by Konnect shows millions of UK broadband customers unknowingly sharing Wi-Fi

A recent survey by satellite broadband provider Konnect has revealed that as many as 4 million UK broadband customers could be sharing their Wi-Fi without their knowledge. The survey asked 2,000 UK residents a multitude of questions regarding their source of internet and found a surprisingly large proportion of people use a neighbour’s connection without their knowledge. Of these perpetrators, a fifth would spend up to a week trying to guess the password by using the names of children or pets, while others would simply continue to use their connection after being granted temporary access.

Others responded that they would also drive to an ex’s house to continue using Wi-Fi or to a local restaurant to take advantage of free Wi-Fi. According to many who piggyback off other users’ Wi-Fi, their justification for doing so would either be the cost of living, poor service, or annoying service.

It should be understood that such surveys are hard to extrapolate to an entire population for many reasons. Firstly, surveys rely on honest answers and consumers are known to submit purposely wrong information, whether out of spite or out of humour. For example, one of the participants claimed they drive 60 miles to use Wi-Fi, but this is highly unlikely (albeit not impossible). Secondly, a survey of 2,000 being extrapolated to a population of 65 million is somewhat of a stretch, especially considering the population’s diversity (age, sex, education, area etc.).

How does Wi-Fi sharing pose a serious security risk?

The survey conducted by Konnect, if accurate, not only shows that large numbers of people are vulnerable to cybersecurity threats but that many continue to follow poor practices when setting up infrastructure. Considering that there are those claimed to have guessed passwords based on names of pets and children shows that many Wi-Fi networks are exposed to dictionary attacks. Dictionary attacks can be made at lightning speed by cybercriminals in a passing vehicle, especially if intelligence gathering is done on the targeted home (i.e., current owners name, occupation, children, social media).

Once an attacker has access to an internal network, all manner of attacks can be launched. One common attack would be to configure the router to redirect specific traffic to a remote server instead of the intended destination. For example, an attacker could make a clone of a banking website and use that to obtain key credentials, including account numbers and passcodes.

Another option for cybercriminals would be injecting malware into any and all connected devices. Such malware could initiate ransomware to hold personal data hostage or give the attacker remote control of the device. Devices such as IP cameras could then be used to spy on residents of a home, and this would give the attacker the perfect information for committing burglary.

Having access to someone else’s internet connection also allows for an attacker to conduct illicit activities without being traced. Sites that host illegal content could be viewed by the attacker, but it would appear from the perspective of the ISP that it is the homeowner who is visiting these sites.

Finally, those who piggyback off other networks could also become attack vectors for a cybercriminal. As their device contains the Wi-Fi SSID and password, it would be easy for an attacker to gain entry to a system through a trusted friend of the Wi-Fi host.

Does this survey call for changes in Wi-Fi technology?

If there is any truth to the survey, then it may be time for developers of Wi-Fi systems to reconsider security practices and methods for protecting device owners. One method would be to integrate password checkers into routers that prevent simple passwords or those that use dictionary words.

Another method to protect users would be password rotation which forces the user to change the Wi-Fi password on a weekly basis. While this method is ok for systems with interactive systems (such as laptops and computers), it would be incredibly inconvenient for simpler devices such as wireless remotes, sensors, and TVs.

However, this could be solved by using a privilege system whereby two networks exist; one that allows for any traffic and another that only allows specific traffic. Devices such as laptops and PCs would need unrestricted access with unlimited bandwidth, while IoT devices and smart TVs could use a restricted network whose ports and bandwidth are restricted. Thus, criminals getting access to the restricted network would not be able to do as much as they could with the unrestricted network.

Overall, it is shocking to see how many people could be stealing Wi-Fi, which poses serious threats to those who legitimately pay for their internet connection. Worse, the use of piggybacking could also make it easier for criminals to access networks and perform all kinds of illicit activities.