Some 12% of Consumers 'Borrow' Unsecured Wi-Fi

alphadogg writes "Despite the fact that it's often considered an illegal act, a sizeable percentage of the UK/US internet-using population 'borrows' unsecured Wi-Fi access. This is according to a study conducted by the group Accenture. 'The Accenture study found that computer users are still engaging in some unsafe computing practices. Nearly half of all respondents said that they used the same password for all of their online accounts, and only a quarter of them have ever encrypted files on their computers.'" My guess is the actual figure is higher than that.

And why is this bad?

[Ed Avis]

When you set up your wireless network you can choose whether to allow open access or not. If the network's owner has specified that anyone can use it, why is it bad to do so? I have my wireless router at home set up for open access and it does me no harm if others use it for occasional web browsing. The only flaw is that many routers don't have a way to prioritize or cap usage so that my work isn't slowed down by other people's Bittorrenting.

Yes, it's sent unencrypted - just like network traffic over those old-fashioned things called wires. We all know to use https and ssh for secure connections anyway.

no differentiation- regular or intermittent?

[call -151]

This is a pretty inane study- there is a huge difference between occasionally looking for an open wireless when away from home to browse and using a neighbor's open wireless as your main pipe. And the comments about identity theft are ridiculous, as most sensible people adjust their browsing/net use when using unknown networks to reflect their uncertainty in its security.

Higher figure?

[phoenix_nz]

I have my doubts that more people 'borrow' Wi-Fi access. But as I couldn't find a link to the actual study, this is hard to confirm.
Personally I would guess that the result is much lower than in the study. None of my acquaintances have ever piggy-backed wi-fi, and that includes cosc (Computer Science) students, software engineers in the industry and of course plenty of people that know nothing about computers. At the same time only one person I know encrypts any hard-drive data (no not me).

I don't see why piggy-backing wi-fi is illegal, after all if someone leaves their gate open, they shouldn't be surprised if someone else walks through. (Note: If you misuse the network to steal data of your host, the stealing should obviously still be illegal)

Re:news..

[Anonymous Coward]

Why can't I use a negligible amount of bandwidth when you are not using it?

MORE than half use the same password...

[rdhatch]

"Nearly half of all respondents said that they used the same password for all of their online accounts..." I have statistical evidence (sample size of a little over 5000) that proves that says that the percentage is MUCH higher...more like 80-85%. We talk all the time about privacy, net security, identity theft, etc., but this something that is VERY often overlooked. There are many LAMP projects out there (mostly put together by high schoolers or ambitious university freshmen) that collect an email and a password for their own user authentication and then don't encrypt their users' passwords in database. Dishonest 15 year-old admin + one select query on his own database and then approx 80% of the time you have access to the users' email account. From there, the sky's the limit. Online banking, university login accounts, etc. Troubling to say the least. We need a LOT more education of stupid kids that don't know how to encrypt passwords safely in their DB. Furthermore, we need to remember good old fashion ethics in this stuff.

But you get permission every time

[Anonymous Coward]

It always seemed odd to me that this was illegal, when in reality you are asking for and getting permission. That is, as everyone here would know, your laptop (for example) has to ask the wireless router for permission to connect. The router then grants permission and allocates an IP, all within its normal operating process (i.e., no trickery or hacking involved). It is not a passive process, like, say, entering an unlocked home, in which the house is passively exploited.

Re:Gotta Remember, They're Users

[Sobrique]

When computers were hard work, the newbie didn't get past the 'so where's this "any" key them?'. Sometimes I think it was better that way.

and this is a problem because?

[archkittens]

if you dont want your community to use your wireless, but you want the ease of unsecured access, use mac address filtering on your wireless router. most all 802.11b/g/n integrated service routers come with that feature in an easy to use package. if you CBA to keep people off your network, it WILL be used.

it makes it a bit harder to add devices to the network, but once again, tis still easy.

i keep mine unsecured simply so that if there is ever a disaster in the area, the cisco NERV (i got to tour it the other day, was awesome) can override it and add it to the disaster mesh. i think of it as community service.

http://blogs.cisco.com/news/2007/11/video_ciscos_network_emergency.html [cisco.com]

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:And why is this bad?

[archkittens]

if my neighbor is broadcasting his garage tools across a wide area of our neighborhood on a public freqency, why not enjoy? ideally though, you've got a setup like my neighbors and i have. i give them wifi, they let me use their hedge clippers.

IShareWiFi

[Anonymous Coward]

I share my WiFi with anyone within range. It hasn't been a problem, I'm happy if a neighbor can make use of it.

In an apartment.

[WaltherPPK]

Living in an apartment, I was actually surprised with the opposite. It appears that there are 20 or so wireless networks with good signal strength in range, and I am in a corner of the building. However, there is not a single network that isn't using some form of encryption. I don't know if this is typical, but all the supposed luddites living in this building (a combination of college/university age couples and 50+ year old singles) have obviously figured their wireless routers out.

The other premise upon which people base a lot of paranoia regarding network and personal computer security is the assumption that they possess something worth stealing. There are many effective credit card fraud methods in use that don't require any sort of computer exploitation, but rather involve "social engineering." What other information does the average person have on his PC that is of value? Of course I would be disturbed if somebody managed to obtain my entire photograph library, but that is of so little value to somebody else, I doubt very much that any significant effort would be put towards obtaining it.

Re:And why is this bad?

[Chabil Ha']

It may be against your terms of service for you to open it up. I remember in one of the contracts that I had with an ISP, it was in no uncertain terms, you were not allowed to share your connection with another. Too bad that it's not very enforceable as that was the sole purpose of having the line--to split the outrageous bill.

No open networks around me

[JimCDiver]

In my neighborhood I can see 8 access points. Every one of them encrypted. Granted 6 of them use WEP...

Re:And why is this bad?

[auric_dude]

Some advocate stealing Wi-Fi links http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110 [wired.com] but only with the knowledge of the owner and besides the chances of being caught by the RIAA if a guest downloads something they should not is after all rather small.

For fun

[scubamage]

For fun, go to a local mall and turn on a wifi sniffer of your choice. Our local podunk mall had no less than 30 unsecured wireless networks, almost all for stores which held servers with financial data. And thats what I found with a smartphone using totalcommander and wififofum.

Nearly half of all respondents said that they used

[sm62704]

Nearly half of all respondents said that they used the same password for all of their online accounts

Like newspaper registrations? Rather than bother with bugmenot, I just register using bogus data. My password is 111111. Because I really don't give a shit about a newspaper registration. It has nothing whatever to do with security. The Chicago Tribune has no CC#s, SS#s or any other real, personally identifiable information about me; I don't even know why they bother.

Yet this is somehow deemed a "Security risk." And I don't send encrypted data; if it's sensitive information I'll send it snail mail.

Re:news..

[dtzitz]

Go ahead. I leave my wi-fi open for that very reason. I may get burned one day or I may change my posture before that. When I want security on the web I may switch over to my Linux partition and make sure the site I am using SSL but for playing games and browsing /. I am happy to let my neighbor use some of my bandwidth. Additionally there is software to authorize users once they have paid for access but that brings with it another host of issues.

And don't paint it just like every other car...

[TamMan2000]

...in the area.

I set my parents house up with secured wifi 3 years ago... Last year my parents got a new laptop, and went about using wifi. 6 months pass. They get a new printer... I tell them that they can print from their laptop, over the network, and try to talk my dad through setting it up... After much confusion, I realize they are not on the wifi network that I set up for them, but one of their neigbhors...

My parents are smart, they just didn't grow up using computers, and don't think about the kind of things that most slashdot users think about... typical boomers... I bet 12% (or more) of laptop users steal wifi, without even knowing it...

Re:Gotta Remember, They're Users

[Skater]

From playing with a friend's WinXP laptop over the weekend, I can see how it happens: Windows will automatically connect to any network it can find, even peer-to-peer. I'm sure this behavior can be disabled, but it's probably set up that way by default by the manufacturers to make it easier for users. I realize this is old news to most people, but I don't use WinXP very often and was a bit surprised to see it connect to a peer-to-peer network.

(My laptop has WinXP on it, but it's an older laptop - 4 years - and it uses Atheros software to connect and only attempts to connect to the network I activate. Under Linux, my usual OS, I set up a script for it to connect to the SSID I specify.)

Plus, people do use others access points intentionally - some friends of mine were doing it over the weekend when we were camping at a spot that didn't have any internet access.

Redundancy/Backup Access

[Kozar_The_Malignant]

I live in a townhouse community, and I can pick up seven wireless networks besides mine. Of those, two are secured. When my Comcast is out, it's nice to have some backup access through one of my neighbors' DSL or satellite service. I don't abuse it, but I do connect for a quick POP mail check or such. I wouldn't dream of doing anything financial over such a link.

Re:And don't paint it just like every other car...

[NeverVotedBush]

Yep - it's only half the battle to secure the access point. The other half, which most forget about or don't bother with, is to lock down the laptop or whatever device is using the wireless link. Not all allow locking it to certain access points, but my Mac does. I can tell it to ignore other networks and not connect at all if it can't find my own.

I don't know how hard it would be to spoof my wireless and fool my laptop to connect to a malicious network, but no regular neighbor is going to try to do that.

But my laptop will not try to join any other networks than the ones I have already configured. My access point will not allow other computers on as it is locked by MAC address and computer name to who it allows on as well as using WPA2 with a hard password.

Another perspective

[Anonymous Coward]

Consumers purposely leave wireless unsecured to allow 12% of consumers access.

So how is it stealing if someone is aware that their wireless is unsecured and want to allow guests to access it? Of that 12%, at least 50% of the host networks likely fall into this category.

On the same note, despite repeated calls to the cable company I find that my cable modem goes down quite a bit, but my neighbor's doesn't because they never buried their cable...its an eyesore that runs down the side of my property. So given that I'm paying for the internet service, but its unavailable, and that my neighbor purposely runs an unsecured wireless access point on the same cable network, where is the crime exactly?

The future of free Wifi: itsatrap

[davidwr]

How many of those "unsecured wireless" connections are run by criminals bent on grabbing your personal info in transit or injecting viruses into your non-ssl web browsing sessions?

I can see it now:

2010, 6 months after the Thou Shalt Not Steal Wifi Act of 2009 went into effect.

Joe Victim complains he's a victim of identity theft.
The police investigate and find he's regularly steals WiFi from his friends and neighbors. One of his neighbors' network got taken over by the Russian mob. He goes to jail for WiFi theft and his neighbor goes to jail for not taking adquate steps to protect his network.

It makes the news.

A month later, throughout the country, people start getting blackmail letters from the Russian Mob saying "We just emptied your bank account. If you go to the police you will go to jail just like Joe Victim a month ago. Have a nice day."

timely article

[song-of-the-pogo]

I'm at the doctor's, awaiting my appointment. we all know how long that takes. so, to amuse myself while waiting, I get out my mobile device to see whether there's any free wifi floating about so that I can read /.. lo, there is, the signal is strong and the WAP's SSID is the doc's name. it's totally open, so I "naturally assume" it's being provided to me as a convenience, kind of like the three-month old US Weekly's in the waiting room (I didn't ask, though). imagine my amusement at finding this article on the front page.