Name 1

Dissertation:
Risks of Open Wi-Fi Networks

Prepared by:

2 February 2014

Name 2

Contents
Risks of Open Wi-Fi Networks........................................................................................................3
Introduction..................................................................................................................................3
Aims and Objectives....................................................................................................................4
Literature Review.........................................................................................................................7
Scope and Constraints................................................................................................................20
Research Methodology..............................................................................................................23
Findings: Implementation and Evaluation.................................................................................27
Survey Findings......................................................................................................................27
Qualitative Research Findings................................................................................................29
WEP Cracking Results...........................................................................................................31
Available Solutions.................................................................................................................32
Conclusion.................................................................................................................................33
References..................................................................................................................................34

Name 3

Risks of Open Wi-Fi Networks

Introduction
Wireless networks offer several advantages such as ease of connection,
convenience, and reduced cost. People can perform computing tasks on the
move and are not restricted by a physical infrastructure. At the same time,
the open Wi-Fi network poses some serious risks. Privacy and security are
among the major concerns of the open Wi-Fi network. The open Wi-Fi network
was developed to provide a wireless network for the transmission of data
over radio waves. Unfortunately, the network is not secured which makes the
data capable of being intercepted by hackers and other unauthorized
persons. The wireless nature of the network means that the hacker does not
have to be a part of the organization that provides the network or be
connected to the network by physical infrastructure. However, better and
more efficient security protocol are being developed to increase the security
of data being shared over these networks.
Security arrangements are particularly needed in areas where open Wi-Fi
hotspots have been created where users can automatically log into the open
Wi-Fi network and transmit data. There is a need for users to develop safe
habits for sharing data over the open Wi-Fi network and to ensure that they
are completely logged off when not using the network. The main challenges
that organizations and users face in terms of network security include
privacy, confidentiality, data and system integrity, and the continued
provision of service to the users.

Name 4

The present study discusses the most important security risks associated
with the open Wi-Fi network. It mainly explores the extent to which users are
aware of these risks and what steps they take to prevent these risks from
materializing. The findings of primary and secondary research are integrated
to present an overall picture of the situation which is then used to identify
the main strategies of minimizing the risks. The paper concludes with a
specific recommendation to reduce the security risks of the open Wi-Fi
networks.

Aims and Objectives

The broad aims and objectives of this research project are to determine
the main security risks of open Wi-Fi networks and the extent to which users
of open Wi-Fi networks are aware of those risks. The study aims to review the
main threats and the common ways in which those threats are realized by
hackers and attackers using various devices and software. On the basis of
the findings, the study aims to determine remedies to make open Wi-Fi
networks less vulnerable to the identified risks. It aims to recommend the
best solution to the problem based on available research and survey
findings.
Open Wi-Fi networks are susceptible to a number of risks because of
inherent vulnerabilities in the system (Berghel and Uecker, 2005).
Weaknesses in the system protocols as well as network devices may pose
the system to some inherent risks. These threats can be quite severe
considering large companies use open Wi-Fi networks to connect employees

Name 5

within and outside the office. The objective of the current study is to review
the most common and severe security risks to which users of open Wi-Fi
networks are exposed. Home users as well as corporate users share large
volumes of data regularly over the network and hence, this objective will
help to make their data more secure from hackers and other intruders with
malicious intentions.
In addition to reviewing the main risks and threats to open Wi-Fi networks,
this study is also interested in finding out whether users are aware of these
risks. Hackers as well as those who stumble upon data shared over open WiFi networks can be prevented from misusing the data if the users adopt safe
usage behaviours. As long as users are aware of the most common risks,
they can be encouraged to adopt safe practices and working habits to ensure
that their data and systems are protected. However, if the users are blissfully
ignorant about the threats to their data, it becomes important to educate
them about those risks and the damage they can cause to their data. This
study will aim to determine the level to which users of open Wi-Fi networks
are aware of such risks.
In order to have a better understanding of the main security risks and how
they are perpetrated, it would be necessary to understand the basic working
and principles of open Wi-Fi networks. Some of the features of open Wi-Fi
networks that make them extremely convenient can also be a source of
weakness and security threats to the users. Research suggests that the main
security risks of open Wi-Fi networks exist because of underlying weaknesses

Name 6

in the structure and protocols on which the network is based (Berghel and
Uecker, 2005). Hence, for a better understanding of the security risks and
how they are executed, this study aims to identify the main structural factors
of the open Wi-Fi network. This objective will enable the study to identify
specific weaknesses in the network that can be addressed to minimize the
security risks.
Based on the findings of the literature review, independent research and
survey results, the study aims to identify specific remedies which can
improve the security of the open Wi-Fi networks. Factors such as negligence
and lack of awareness among users, slack attitudes and misplaced priorities
of the network developers and weaknesses in the legislative areas will be
addressed to recommend the most effective and economical remedies to
solve the problem for the long term (Jacob, Hutchinson, and Abawajy, 2011).
The remedies that have been adopted and implemented in the past will also
be discussed in the paper to explore their effectiveness and weaknesses to
inform policy in future.
The remedies recommended in this paper will be aimed at helping
network administrators to make the open Wi-Fi networks more secure. For
instance, by identifying weaknesses and vulnerabilities in the protocol or in
the devices used to build the network, the study aims to inform network
administrators of the most sensitive areas of the network to enable them to
take appropriate action to patch up those areas and make the network
security apparatus more robust and effective. It is expected that the

Name 7

discussion of findings and the recommendations in this study will educate

network designers and administrators so that they can adapt to better and
more effective security measures.
Besides enabling network managers to make the open Wi-Fi networks
more secure, the study also aims to make open Wi-Fi users more responsible
and aware of the risks to which they are exposed. As people log in to open
Wi-Fi networks while commuting or while having a cup of coffee in a cafe,
they may not realize that hackers and intruders may be sitting close to them
and can gain access to their computer and data stored on it quite easily. The
study aims to identify some simple habits which open Wi-Fi users can adopt
to minimize the chances of their systems getting hacked.
One of the biggest threats of open Wi-Fi networks is that the data being
transmitted over them can be intercepted by hackers. The data can then be
used to locate the identity of the system devices which can further lead to
criminal and unethical activities that could endanger the safety and security
of the user (Choi et al., 2008). The study aims to find ways in which the theft
of data can be reduced. During the course of the study, the various devices
and software that can offer protection against data theft will be discussed so
that they may be adopted by home users.
The study also aims to identify and explain the main methods that
hackers use to invade networks and gain access to sensitive data. A number
of devices and programs exist on the market as well as online for free
download. This study will outline the strategies and tactics commonly

Name 8

adopted by hackers to identify open Wi-Fi hotspots. It will further discuss the
techniques by which the hackers are able to identify the weaknesses of the
networks and how they are able to divert data from the intended destination
to their devices. A discussion of these strategies is included in this paper to
acquaint the users and network managers with the modus operandi of
hackers so that they may take the security of their networks and data more
seriously.
The study will identify some of the commonly used software that enable
hackers to pose as genuine users and misuse the data generated by genuine
users on the network. It will also describe the manner in which network
hackers are able to convert their laptops into access points and gain access
to confidential data. The risks posed by such practices will be identified so
that readers can take more precautions and engage in responsible practices
while using open Wi-Fi networks. It is intended that this information will make
home users and corporate users more conscientious and less susceptible to
the threats posed by the system.
Finally, the aim of this study is to make specific recommendations about
the best solution to the problem of open Wi-Fi security. Based on the findings
of the survey and the literature review, it is intended that the
recommendations will realistically enable open Wi-Fi users to make their data
more secure by adopting safe practices such as logging out of their systems
after use and using VPN tunnels where they are available. Through these
recommendations, it is expected that hackers will become less capable of

Name 9

gaining unauthorized access to data being transmitted over the open Wi-Fi
network.

Literature Review
Despite the great functionality of public WiFi networks, many users are
oblivious or negligent of the risks and the threats such networks pose. Other
than the alleged health risks, the security risks can put the informational
assets of the home user and the corporate user at risk. Berghel and Uecker
(2005) identify the main reason for the extreme vulnerability of public WiFi
networks in their paper on Wi-Fi connectivity and their attending risks. The
root of the problem can be traced to the original 802.11 standard which
created protocols with inherent system vulnerabilities. Other developments
of the Wi-Fi networks such as the RC4 symmetric and the stream cipher
algorithm also failed to take care of the security loopholes inherent in the
public Wi-Fi systems.
More importantly, Berghel and Uecker (2005) state that the Wired
Equivalent Privacy (WEP) in also an unsecured structure as it is not
encrypted. This exposes to the Wi-Fi users to security risks such as replay
attacks, checksum forging and message integrity check forging. In the case
of replay attacks, the attacker can intercept data while it is being transmitted
over the network and cause it to be delayed or retransmitted to a different
destination. The weaknesses can be exploited by network attackers to sniff
data being transmitted and gain access to sensitive data (Berghel and
Uecker, 2005). Furthermore, the IV selection designed by the IEEE also failed

Name 10

to improve the security of the WEP to any great extent. Hence, users of WiFi
networks are constantly exposed to their networks and their informational
assets being accessed and misused by attackers.
Large numbers of people are connected to public WiFi networks and use
them for official and personal reasons. A report published in Accountancy
Ireland (2013) discusses the results of a survey carried out with 1001 office
employees in the United Kingdom to determine their WiFi usage patterns.
The study found that all the people being surveyed use open WiFi
connections at least once a week while the average frequency of use of WiFi
networks was 15 times a week. The most common places where users
accessed WiFi networks included trains, buses and subways (Accountancy
Ireland, 2013). It was a common practice among the survey respondents to
use open or public WiFi networks to view information about their company or
their personal data.
Common tasks that were performed on the open WiFi network included
simple tasks such as sending and receiving work related or personal email. In
addition, users also used the open WiFi networks to work on official
documents on their laptops. They also frequently logged into their official
company servers to access information from the corporate database. While
many of those surveyed were ignorant of the seriousness of the risk to which
their data was exposed, the survey showed that the practices commonly
engaged in could lead to increased susceptibility of their data being
intercepted by network attackers (Accountancy Ireland, 2013). Another

Name 11

common risk that users were not aware of was packet sniffing where high
volume transmission of data over an open WiFi network can make it easier
for hackers to track the source of the data (Accountancy Ireland, 2013).
Du and Zhang (2006) identify some other risks to which users of open
WiFi networks are exposed. First among these is the risk of unauthorized use
of service. This is an increased risk in open WiFi networks because there are
neither physical barriers nor encryption settings to prevent attackers from
hacking into the network and accessing sensitive data. Most users are
ignorant about whether they need to install firewalls and intrusion detection
tools to secure their data (Du and Zhang, 2006).
As a number of open WiFi networks do not change the default settings
provided by the vendor, there is a high chance of the network overlapping
with other networks. As a result, the data of an organization can be captured
by a competitor or an individual who can misuse the data. These individual
are frequently called war drivers and use special antennae and programs to
identify vulnerable systems through their geographical location (Du and
Zhang, 2006).
Another common attack on open WiFi networks is frame spoofing. In this
kind of an attack, the attacker is able to spoof data packets that are sent
over the open or unencrypted WiFi networks (Du and Zhang, 2006). By using
the source and destination address on the packets, the attacker can
impersonate as the genuine user of the network and assume the identity of
the original user. In more serious forms of frame spoofing, the hijacker can

Name 12

pretend to be an access point (AP) and intercept and change the message
being sent over the network. Such types of attacks are called man in the
middle (MITM) attacks (Du and Zhang, 2006).
Hole et al. (2008) explain the distinction between security vulnerabilities
and threats effectively in their work on wireless networks in university
campuses. The term vulnerability is used to refer to the weaknesses and
loopholes in the system which endanger the integrity and security of the
data. Some of the common security risks of open WiFi networks on university
campuses include illegal downloads and terminal to terminal attacks (Hole et
al., 2010). Illegally downloading music or pornographic content can damage
the reputation and integrity of the institutions. Hence, there is a need to
educate students and other users of campus WiFi about the ethics of using
an open network.
Secondly, in terminal to terminal attacks, attacking any user terminal on
the network becomes easier because the attacker does not have to
manipulate a wired infrastructure (Hole et al., 2008). Many networks lack the
necessary firewalls and security systems which expose not just terminal
connected to wireless networks but also those that are connected to the
wired infrastructure. Another major security risk is the setting up of rogue
access points (Hole et al., 2008). These rogue access points allow attackers
to gain access to the universitys databases without authentic permission or
access rights.

Name 13

Staying within the scope of university networks, the attackers can gain
access to restricted information through spoofing. They can also introduce
false information such as fake lectures or research articles. Anonymous
attacks also become more likely with reduced security settings on the open
Wi-Fi networks. Furthermore, user and data privacy can be compromised
easily because university students are not cautious enough about protecting
their computer screens from prying eyes (Hole et al., 2008).
Hacking is a very common security risk associated with open Wi-Fi
networks. Goyal and Goyal (2008) explain how hackers are able to exploit
the weaknesses and vulnerabilities of open Wi-Fi networks using a Wi-Fi
detectors. Goyal and Goyal (2008) explain that the Wi-Fi detector enables
hackers to detect and locate Wi-Fi networks or hotspots. It is a simple device
that is operated by batteries and can also be available in the form of a flash
drive. Thanks to this feature, the device can be connected to a laptop to turn
it into a hacking instrument.
With the help of the Wi-Fi detector, the network users may not be aware
that while they are sending and receiving data over the network, their
signals are being detected by the hacker. In addition, the device also informs
the hacker about the type of encryption that is being used on the network.
The wireless standards and the strength of the signal are also communicated
to the hacker. Hackers can use this information to access data on the system
and use it to their advantage.

Name 14

Even if the signal strength is not sufficient to the detected by the WiFi
detector, hackers can use the Yagi antennae also known as repeaters to
increase the signal range so that it can be detected and analyzed easily
(Goyal and Goyal, 2008). What makes the situation more complex is the fact
that these devices enable the hacker to work smoothly without leaving any
indication of his activity. This limits the effectiveness of any post-intrusion
audit to identify the hacker.
Some of the risks of open WiFi networks have been identified with
reference to home users. These risks have been discussed in a report by the
Butler Group (2008) and serve to show that users are susceptible to invasion
of their systems even when they are within the security of their home. These
risks affect not only when users connect to the WiFi networks for personal
computing but also when they perform official duties from their laptops or
home PCs. The most common of these risks is the risk of piggybacking. This
occurs when neighbours can connect to each others WiFi networks and use
the bandwidth without having to pay anything. The situation is more serious
for those who work from home or telecommute.
The Butler Group (2008) report presents the results of a survey which
showed that 37% of the respondents would only consider jobs with remote
working options. However, the report suggests that where organizations
allow employees to work remotely or from their homes, they fail to
implement safety policies and mechanisms to ensure the safety of corporate
data. Such employees regularly exchange emails and files with the corporate

Name 15

office over the open WiFi network which is vulnerable to activities such as
sniffing and redirection. Even though some offices offer VPN connectivity,
may users do not use it and still prefer the convenience of open WiFI
networks. However, they inadvertently trade in security for convenience.
Hence, there is a need to educate open WiFi users about the main security
risks and the steps that can be taken to protect against those risks.
Goldsborough (2012) identifies some of the basic risks of open WiFi
networks that tend to be ignored by users. The most common risks
associated with the use of the Internet are amplified when open WiFi
networks devoid f any meaningful protection or security are used. As a
result, transactions made over the Internet using such networks can put
confidential information such as bank account details, credit card information
and social security numbers accessible to hackers and other online
miscreants. Rogue Wi-Fi networks are also important sources of security
breaches because the users are unable to distinguish between genuine and
rogue access points.
Another problem for users of open WiFi networks is that the WEP system
makes the networks less secure than the later WPA and WPA-2 systems. This
susceptibility makes it easier for hackers and other prowlers on the network
to engage in traffic snooping. Goldsborough (2012) explains that wireless
packet analyzers can be used by snoopers to detect data packets as they are
being sent over the system. The risk of data spoofing and the use of
detection software has also been discussed earlier in the studies of Goyal

Name 16

and Goyal (2008), Berghel and Uecker (2005), and Du and Zhang (2006).
Goldsborough (2012) also discusses the problem of neighbour piggybacking
which has been explained in the Butler Group (2008) report.
Other problems discussed by Goldsborough (2012) include WiFi pollution
in case a large number of connections are being used in a densely populated
area such as an apartment block. This kind of pollution can make data
accessible to several users as the individual networks overlap and make
accidental data transmission across networks likely. Hence, users must be
aware of the security risks associated with open Wi-Fi networks so that they
can take appropriate security precautions.
Schwarz (2005) also discusses the problem of poor encryption and
authentication as the main factors which make open Wi-Fi networks
challenging for users. Because data is transmitted unprotected in a public
space there is little to deter hackers and sniffers from gaining access to the
data. At the same time, some of the security breaches may be committed
inadvertently because individual networks may overlap thus making data
stored on one computing device accessible to other devices on a different
network. The fact that it is a wireless network does little to alleviate the
situation because the hackers have fewer obstacles and security checks to
breach as compared to a wired network. Schwartz (2005) draws an
interesting analogy between a public WiFi network and a magnifying glass by
saying that a wireless networks greatly magnifies the security risks and
vulnerabilities inherent in a network. Like much of the literature discussed

Name 17

earlier in this section, Schwartz (2005) also points to the risks of neighbour
piggybacking and rogue access points in open WiFI networks.
Knowledge and awareness of the risks of open WiFi networks is essential
because it helps users and network providers to put in place adequate
security systems and to practice safe network usage. While explaining some
of the safe practices to be used on the open WiFi networks, Andres (2010)
explains some of the risks of using open WiFi networks. While many users
may be unaware of the fact, Andres (2010) explains that even when users
are just browsing the Internet and not sharing emails or downloading files
from corporate databases, they remain exposed to invasion and other
security breaches over the open WiFi network.
Again, the wireless packet analyzers are the most common instruments
used by hackers and those who breach network security to gain access to
computing devices. One way in which the attackers can breach the network
is by stealing the session cookie and using it to log in to the users email
account. In such a case, the hacker does not even need to use the password
as the users do not log out of their sessions. Some users are of the
misconception that paid Wi-Fi hotspots are more secure than free Wi-Fi
hotspots. Andres (2010) explains that this is not the reality. In fact, a lot of
paid hotspots lack the required encryption that can secure the network
against intrusion and attacks. As a result, any data or files shared by users
over the FTP network can be sniffed and intercepted by network attackers.

Name 18

Echoing some of the concerns expressed by Berghel and Uecker (2005)

and Schwartz (2005), Rosenblatt (2013) points to the risk of inherent network
risks of open Wi-Fi networks. However, Rosenblatt (2013) goes beyond the
network level risks and explains how the devices and equipment used to set
up the network may be equally guilty of contributing to the security risks of
using open WiFi networks. According to Rosenblatt (2013), many routers
used in building open WiFi networks possess security holes which allow
hackers and attackers to get through and access data stored on member
devices. What raises the level of concern is that manufacturers are not
making a serious effort at creating patches to repair the security holes.
Another reason for this delay is that the security holes are complex and it
is not an easy matter to fix them. Rosenblatt (2013) makes an emphatic call
to users and network administrators to have the routers updated regularly so
that the window of opportunity available to hackers can be made as small as
possible. Nonetheless, this explains that the rate of technology development
and updation of network protocols and devices should be accelerated if
security standards are to be protected. Rosenblatts (2013) work shows that
unless a serious effort is made to resolve these problems, users and their
data may continue to remain at an increased risk. Furthermore, Rosenblatt
(2013) also exhorts network users to be more responsible in practicing safe
habits when using open WiFi networks such as by logging out of their
networks after use.

Name 19

Dyrnes and Thorsheim (2005) point to some more security risks to which
many WiFi users are oblivious. Some of the common terms used by the
authors include war-driving and its many derivatives such as war-walking and
war-cycling. The authors explain that these risks are difficult to identify
because the perpetrators of these breaches pose as innocuous passers-by or
people driving around with a computer (Dyrnes and Thorsheim, 2005). Using
WiFi detection software, the attackers can easily identify devices connected
to open WiFi networks by driving around the area or even while walking
around with a mobile computing device to which the WiFi detector is
connected.
In addition to the challenges of detecting such war-driving or war-walking
activity, other reasons that increase the security risks for open WiFi users is
the fact that the vulnerabilities in the open WiFi model are frankly quite
complex (Dyrnes and Thorsheim, 2005). The problem is further compounded
by the inevitability of system errors and bugs coming up from time to time as
well as the fact that WEP does not offer adequate protection and is widely
used (Dyrnes and Thorsheim, 2005). Some consolation is offered to home
users of open WiFi networks in that the volume of messages transmitted by
them over the network is not sufficient to enable hackers to detect the
source and destination addresses in a short period of time. However,
corporate users generate huge traffic daily and are easy targets. Denial of
service attacks and forging of management packets are other risks posed by

Name 20

attackers. In addition, attackers can also create de-authentication packets

and send them over the network.
Choi et al (2008) also explicate on some more risks to which open WiFi
network users are commonly exposed. Accidental association and malicious
association are two examples. Whereas in accidental association, users on
different WiFi networks can gain access to each others data because of
accidental overlapping of individual networks, malicious associations are
more intentional. These are established when system crackers or hackers
use their laptops to pose as access points. This creates a deception as a
result of which data from the computing devices is channelled to the
hackers laptop instead of the genuine access point. The hacker is then able
to use sniffing software to identify the source and destination codes and
engage in destructive activities.
Another term commonly used for such fake access points is soft access
points or APs. Software for converting an ordinary laptop into a soft AP are
easily available and work by making the wireless network card of the laptop
function as an access point. There is a lot of damage that can be potentially
done once the hacker is able to access data stored on network computers.
Obtaining passwords, account details and other sensitive or confidential
information becomes fairly easy. Moreover, the hacker can also initiate
attacks on the network and destroy or corrupt data stored on the systems.
Choi et al. (2008) also point to the risk posed by ad-hoc networks which are

Name 21

not linked by access points. Sniffing attacks can facilitate identity theft as
well as MITM attacks causing a lot of damage to the system.
Hackers have become increasingly sophisticated and are using highly
developed tools to infiltrate open WiFi networks. Ijeh et al. (2010) discuss
some of these risks while underlining the need for administrators and users
to be more vigilant about the security of their networks. Ijeh et al. (2010)
discuss the vulnerabilities, threats and countermeasures to make wireless
networks more secure and resistant to attacks. They cite key recovery
attacks as one of the most common ways to break into the WEP system and
gain access to data.
One of the major weaknesses of the WEP protocol is that it is impossible
to exchange encryption keys without exposing the network to a security
breach. Breaking the WEP key is extremely easy and attackers can do so
quite efficiently. Confidentiality of data, data integrity and security are all
compromised because of the weaknesses of the WEP protocol. Hackers and
system infiltrators are also known to use interface identifiers. These tools
enable hackers to trace the identities of message senders and receivers over
time. Ijeh et a. (2010) suggest that security awareness and management
(SAM) systems should be enhanced and a security policy should be framed
and shared with all employees. At the same time, there should be processes
through which security breaches are reported timely so that appropriate
action can be taken and data security can be ensured. Other common
threats such as viruses and malware infecting networks are also found in

Name 22

open WiFi networks. However, these risks can be overcome through better
encryption and protection of network resources.
For a fuller explanation of war driving, we can turn to Jacob, Hutchinson,
and Abawajy (2011) who explain war driving and the risks it causes to the
security of open WiFi systems. The technique through which attackers exploit
the weaknesses of the open WiFi system involved the use of special devices
and programs to chalk out the locations of wireless access points in a certain
locality. What is upsetting is that many attackers perceive war driving as a
harmless, fun activity which undermines the seriousness of the threat it
poses.
Another challenge is the legal status of war driving which is not
considered as a crime and steps to control war driving are impeded by the
ambiguous legal position of the activity. This occurs because legitimate uses
of war driving also exist such as reconnaissance activities and penetration
tests. What differentiates legitimate and illegitimate activities is what the
information obtained through them is used for. Therefore, protecting a
network against war driving could also end up preventing relatively useful
applications of war driving. Therefore, open WiFi users should be aware of
the threat of malicious war driving which could result in corporate data
falling into the hands of unauthorized persons and being used for unethical
or criminal purposes. Efforts to reduce risks posed by war driving are further
hampered by the poor research that has been conducted on the issue. Jacob,

Name 23

Hutchinson, and Abawajy (2011) stress the need for more extensive research
on war driving and finding other ways of obtaining the same data.
Parte and Pandya (2012) reflect many of the concerns shared by other
scholars included in this discussion. They categorize the major risks of open
WiFi networks into two categoriesactive attacks and passive attacks. Active
attacks include risks such as Denial of Service attacks, malicious association,
spoofing, accidental association and replay attacks. The common
characteristic of the active attacks is that they offer the hacker the
opportunity to damage the data stored on the system. In passive attacks, on
the other hand, the hacker can eavesdrop on the information being
transmitted but does not enjoy the ability to affect or distort data in any way.
One of the most common active attacks is the denial of service attack. To
launch this attack, the hacker gains access to the network via a vulnerable
access point and floods the bandwidth with a large volume of meaningless
data such as server requests. As a result, the network becomes jammed and
genuine requests from legitimate users cannot be fulfilled. Another common
active attack is spoofing. Here, the intruder manages the setting of his
laptop or wireless device so that it appears to be a genuine access point.
Through this device, the intruder is then able to access data being
transmitted on the network.
Parte and Pandya (2012) have included two types of network attacks
under the category of passive attacks. In the first type of passive attack, the
intruder is able to collect data being transmitted over the open WiFi network.

Name 24

What makes this type of attack passive is that the intruder does not obstruct
the exchange of data which allows this intrusion to go undetected. In the
second type of passive attack, the intruder gains access to a WiFi network by
manipulating a security hole. This point has also been made by Rosenblatt
(2013).
Some more security risks associated with open WiFi networks have been
put forward by Urbas and Krone (2006). In their study of mobile and wireless
technologies, Urbas and Krone (2006) identify intrusion, leeching and
message modification as some of the likely risks of using open WiFi networks.
In the absence of passwords, encryption and other methods of restricting
access, intrusion becomes a common activity and could also result in
information theft and unauthorized use of network bandwidth. This latter risk
has been termed by Urbas and Krone (2006) as leeching where genuine
registered users have to suffer because the bandwidth is regularly consumed
by unauthorized users. Such intrusion can also open channels for the
intruders to engage in unethical and criminal activities such as pornography
and carrying out denial of service attacks.
Once they have gained access to the network, the intruders can modify
the messages being shared over the network by deleting or altering their
content. In some cases, the intruders can also launch dictionary attacks and
replay attacks.

Name 25

Scope and Constraints

This section describes the scope of this paper along with the constraints
that were experienced and which limited the scope of this study. This paper
addresses the main security risks of open Wi-Fi networks and the best
solution to address those risks. Security risks are not the only type of risk
associated with open Wi-Fi networks. There are a number of alleged health
risks and other types of risks attributed to open Wi-Fi networks that are being
researched. However, this study is focused on the security risks that
endanger the safety and integrity of the data stored on the systems
connected to the network.
This study covers both home users as well as corporate users. Home
users include those people who use open Wi-Fi networks to perform personal
tasks such as emailing to friends and family and browsing the Internet. They
generate less traffic than corporate users but are often affected by hacking
and other security breaches on open Wi-Fi networks. Home users are also
less likely to have effective firewalls and other security measures to protect
their systems. The most critical activity performed by home users of open
Wi-Fi networks that exposes them to security risks is online banking. When
users exchange information such as their bank account number, social
security number or password while conducting online banking, the data can
fall into the hands of hackers and data sniffers. The potential for misuse and
criminal activity is immense. Online shopping also poses an equally serious
security risk. During online shopping, home users share credit card

Name 26

information as well as personal details which can be intercepted by hackers

and misused in a similar way. Therefore, this study covers the risks to which
home users are exposed and identifies ways in which they can be protected
against those risks.
This paper also addresses the concerns of corporate users of open Wi-Fi
networks. Compared to home users, corporate users are at greater risk
because the volume of online traffic they generate is considerable and much
larger than that produced by home users. Despite the presence of firewalls
and other security arrangements, corporate users are also victims of
corporate snooping and hacking. This adversely affects their competitiveness
and makes the organization increasingly vulnerable to external attacks. In
addition, the finances and proprietary knowledge that they possess invites
more sophisticated and avaricious hackers than home users. Therefore, the
scope of this paper includes coverage of the risks to which corporate users of
open Wi-Fi networks may be wittingly or unwittingly exposed. As a result,
their data may fall into the hands of corporate spies or business rivals with
the potential of damaging their business interests.
The solutions recommended in this report are also based on the
secondary research about the devices and security patches being developed
by network developers. Safe work practices and precautionary steps are also
included so that users are also equipped with strategies and techniques to
safeguard their sensitive and personal data.

Name 27

One of the major constraints for this study was time. The shortage of time
limited the scope of the study, in particular the survey as a large number of
responses could not be collected. Generally, in a survey respondents are
likely to give meaningful answers when they are given sufficient time.
Because of time constraints the desired results could not be achieved and
the response rate for the survey was below the expected and desired level. It
is therefore suggested that at least a week should be provided to survey
respondents which should include weekends so that they have enough time
to complete and return the survey.
A second constraint was the availability of resources. As the study is
based on a mixed approach comprising of both qualitative and quantitative
aspects as well as primary and secondary sources, there were many
challenges faced to balance the objectives. The primary research was
restricted by the number of respondents who were available online.
Secondly, the secondary research was also limited to journals and databases
that could be accessed from the Internet. Hence, the scope of this study is
limited to the study of information available online while print sources have
not been used to inform this research.
The information about the methods and techniques employed by hackers
to gain access to data shared on open Wi-Fi networks is entirely derived from
secondary sources. The quality of the study could have been enhanced if
first-hand information about hacking techniques and practices could have
been obtained from the hackers directly. It was not possible to locate hackers

Name 28

and include them in the survey for primary data. As a result, the information
in this area is restricted to what has been reported in the published research.
It is suggested that future research on this topic should include input from
hackers where possible.
A further limitation of this study is that the remedies recommended may
last only as long as hackers are able to come up with alternatives. Hackers
are extremely intelligent people and are able to find loopholes in security
systems faster than network managers are able to detect and repair them.
Therefore, the recommendations of this study will be limited in the time
period over which they can be applied and remain effective. However, the
solutions have been recommended on the basis of the most recent
information available about the areas they address and the degree of
protection they can provide. It is extremely important that research in this
field take place continuously so that risks can be anticipated and averted
before they become materialized.

Research Methodology
The study will make use of both primary and secondary data collected
through various resources. Both types of data have their unique advantages
and provide useful insights into the topic being studied. At the same time,
they also pose some challenges in their collection and interpretation which
requires a cost-benefit analysis about which type of data to go for. Primary
data offers the advantage of being the most recent or current data about the
topic. Methods of collecting primary data include conducting interviews,

Name 29

observational studies, focus groups, surveys and so on. The data collected
through these methods is first-hand data and reflects the most current
behaviours. However, it is costly and time-consuming to collect.
On the other hand, secondary data is data that has been published in
other sources and is used for the current study. Secondary data offers the
advantage that more of it can be collected within a certain time period.
Furthermore, less effort is required to plan and organize the data collection
effort. However, the researcher needs to ensure that the sources used for
collecting secondary data are reliable and credible. The present study will
use both primary and secondary data. The primary data will be used to
ascertain the level of awareness among users about the security risks of
open Wi-Fi networks whereas the secondary data will be used to review the
common security risks and the best solutions available to minimize those
risks.
Another important decision area in research methodology is the choice of
the qualitative or quantitative approach. Each approach has its own
advantages and disadvantages which depend on the nature of the topic and
the resources available to collect and interpret data. The quantitative
approach is used when the data to be collected is in numerical form and can
be analyzed using quantitative methods of analysis. Regression, correlation
and central tendency measures are often used to determine the relationship
between different variables in a particular situation. Quantitative approaches
are also used when the data collected is of a historical nature and there is a

Name 30

need to explore trends and changes in the data over time. This approach has
utility in the present study which will be discussed later in this section. On
the other hand, qualitative approaches are used when the data to be
collected and interpreted is not capable of being quantified. Furthermore, the
qualitative approach is used when it is necessary to identify common
patterns and gain insight into underlying themes and structures.
The present study employs a mixed approach by using both the
quantitative and qualitative approaches for the study. The quantitative
approach is used to analyze and interpret the results of the survey that was
carried out with users of open Wi-Fi networks in order to assess their
awareness about the possible security risks. As the survey questionnaire was
designed to make the responses capable of being analyzed through
quantitative means, the quantitative approach is used to interpret the survey
data. On the other hand, the qualitative approach is used to learn about the
major problems and risks associated with the use of open Wi-Fi networks.
The journals articles and research papers that are selected for this study
have been analyzed using the qualitative approach to identify common
factors and issues in relation to the research topic. In this way, the various
aspects of the quantitative and qualitative approaches have been integrated
in the present study to interpret the diverse data and arrive at an enriched
understanding of the research problem. It is expected that the selected
approach will enable the readers to gain a balanced and comprehensive
perspective of the risks of open Wi-Fi networks.

Name 31

A survey comprising of 15 questions was developed to be administered to

selected users of open Wi-Fi networks. The survey mainly consisted of closed
questions to make it easier for the questionnaires to be filled in and
submitted in less time by the respondents. Twenty respondents were sent
the questionnaires. The respondents were selected from the users at two
well-known open Wi-Fi hotspots in the city. The consent of the respondents
was sought after explaining the purpose and scope of the research to them.
The questionnaire was emailed to the selected respondents who had given
their consent. The respondents were requested to complete and send the
questionnaire back to the researcher within a week. At the end of the period,
only twelve completed questionnaires were returned which indicates a
response rate of 60% which is not very encouraging given the small size of
the survey sample. The results of the questionnaire are analyzed and
presented in the subsequent section of this dissertation.
The quantitative data was analyzed using common methods of
quantitative analysis. Measures of central tendency were used to determine
the most representative and average responses to the questions. This
method enabled the researcher to identify the dominant awareness levels
among the sample. Because of the limited size of the sample and the low
response rate, the results of the quantitative analysis could not be
generalized to the entire population.
For the qualitative analysis, secondary sources were the main source of
information. All of the sources were online resources mainly because of the

Name 32

paucity of time and restricted availability of print resources. It was attempted

to make the best use of open source journals and databases in order to
obtain relevant and contemporary insights about the security risks of open
Wi-Fi networks. EBSCO was the main journal database that was used for this
research and many journal articles quoted in the research review were
obtained from this database. Similarly, a large number of journal articles
were obtained from online searches that yielded productive results. The
International Journal of Multimedia and Ubiquitous Engineering and the ISACA
journal are some of the research journals that were used for the qualitative
analysis. In addition, industry publications such as InfoWorld and a report
published by the Australian Security and Intelligence Conference were also
used to inform the research on this topic. Publications by the IEEEthe
dominant research organization in electronic engineeringand PC Worlda
general trade publication also provided meaningful information about major
threats and the solutions available for dealing with them.
Thematic analysis was the technique adopted for the analysis of the
qualitative data. Thematic analysis enables the researcher to identify
common factors and underlying themes in the information obtained by the
qualitative approach. The approach can be used to interpret survey response
data as well as the review of literature. In response to the major research
questions, the answers or main findings are tabulated and then common
factors or elements in the responses and information are identified. The
information is categorized into relevant and appropriate segments such as

Name 33

age, usage, and so on. Thematic analysis in this study was used to find out
the usage patterns of the users of open Wi-Fi networks and what type of
security risks they are aware of. The method was also used to analyse the
findings from the literature review in order to highlight the most common
security risks and the most favoured solutions to those risks. The results of
the thematic analysis are presented and interpreted in the following section
of this dissertation.

Findings: Implementation and Evaluation

Survey Findings
Demographic Composition
The results of the survey instrument showed that most of the users of
open Wi-Fi networks in the sample were men. Only 33 percent of the survey
respondents were women, which shows that the use of open Wi-Fi is
dominated by the male segment of the population. The survey findings also
showed that the median age of the users was 35 years. The maximum age of
the respondents was 40 years which shows that the population using open
Wi-Fi networks tend to be young males compared to any other demographic
segment. Almost all the respondents were residents of suburban areas and
commuted to work or to university. This shows that the main purpose of
being connected to open Wi-Fi networks was to maintain communication
links with the place of work or place of education. These findings will be
helpful in assessing the impact of high or low level of awareness about the

Name 34

security risks associated with these networks. It can then help to develop
effective measures to ensure greater security.
Behavioural Composition
This section identifies the major usage patterns of the users of open Wi-Fi
networks who responded to the survey. Around 60% of the respondents said
that they used open Wi-Fi networks to perform work-related tasks. This
included working on official projects outside the office either at the clients
office or in a restaurant or cafe. Almost all the respondents said that they
used open Wi-Fi networks for browsing the Web for interesting information,
news and financial information. The same segment also said that they used
open Wi-Fi networks commonly for conducting online banking transactions
and for online shopping. Open Wi-Fi networks were also used to keep in touch
with friends and family through social networks. Around 35% of the
respondents used a smartphone as the main device for accessing the open
Wi-Fi network. The percentage of users who used their laptops for the same
purpose included 65%. This shows that the laptop is the most common
device used to connect to open Wi-Fi systems while a lot of work-related
tasks are performed. The open Wi-Fi network is also widely used for personal
use of the Internet.
Awareness of Risks
In general, the respondents showed a very basic awareness of the
security risks associated with open Wi-Fi networks. This is a discouraging fact
given that many of the users are professionals who use the networks most of

Name 35

the time as part of their job. Most of the respondents were aware of the risks
of hacking but did not know that hacking became easier with open Wi-Fi
networks. Almost none of the respondents knew that open Wi-Fi networks
offered hardly any protection as they were not encrypted. The respondents
were aware of privacy issues and that sensitive information such as credit
card or social security numbers could be accessed by hackers. However, they
did not show much concern about their data being intercepted by the people
seated around them. All of this indicates a very low level of awareness which
puts the users at a great risk of having their data security compromised.
There is a need for educating the users about the major risks of open Wi-Fi
networks, most importantly the fact that it alone does not offer any
significant protection.
Awareness of Hacking Methods
Keeping in line with the findings of the previous section, the survey
respondents demonstrated a very limited level of awareness about the
hacking methods by which the security of their network is compromised.
Only two of the respondents knew about messages being intercepted by
hackers who used their laptops to function as an access point. Around half of
the respondents stated their understanding that paid Wi-Fi also did not
protect them against the risk of their data being intercepted. Again, half of
the users had experienced denial of service attacks and man in the middle
attacks and were able to attribute them to poor security settings of the
network. Despite this understanding, only 10 percent of the respondents

Name 36

were aware of the term spoofing. The respondents had also not heard about
the terms war driving or war walking but some of the respondents knew
about the likelihood of neighbour piggybacking. These results indicate a poor
level of understanding about the security risks and hacking methods used by
intruders among the population.
Awareness of Protective Measures
The respondents displayed a low level of awareness about the distinction
between WEP and WPA. They did not know that they should avoid Wi-Fi
hotspots that use the broken WEP protocol as opposed to the safer and
relatively more secure WPA protocol. One respondent who was the network
administrator at his company knew that Wi-Fi protected access offered
greater protection but said that his company had not communicated this to
all employees. This may be one reason why there is a low level of knowledge
among the users about the security risks.
It was a general habit among the users to use the same password for
different websites. They were not aware of the risk that a hacker who
cracked open their account on a particular website could use the password to
hack multiple accounts and misuse the data. This points to a general level of
negligence in the sample. Similarly, the users were generally unaware about
the importance of using an encryption key or a password to make the
network secure against hackers. The users were also ignorant about
assigning separate IP addresses to their devices or using router filters to
protect their data.

Name 37

Qualitative Research Findings

Most Common Security Risks
The thematic analysis of the research shows that the most common
security risk of open Wi-Fi networks is hacking which has been cited by most
of the researchers. The most common vulnerability of the open Wi-Fi network
is associated with the WEP protocol which has not yet been replaced by all
open Wi-Fi providers and continues to expose users to security risks such as
hacking. Another prominent security risk is spoofing where the data
transmitted over the network is intercepted by the hacker who poses as a
genuine access point. The data is then analyzed to determine source and
destination addresses. This gives the hacker ample opportunity to pose as a
genuine user and misuse the data as he wishes. Other risks that have been
identified in the research include malpractices such as denial of service
attacks, man in the middle attacks, and war driving. These are the main risks
that should be addressed and resolved.
Most Common Invasion Methods
The thematic analysis of the research shows that spoofing is one of the
most common methods used to invade the network and attack system
devices. In spoofing, the attacker gains access to the open Wi-Fi network by
posing as a genuine user. He is then able to sniff data packets using a
number of easily accessible software. All of this happens without the users
knowledge. The hacker gains access to the users sensitive data and uses it
to commit frauds and crimes. Other attacks such as man in the middle
attacks are committed by the hijacker who sets up his device as a genuine

Name 38

access point and goes beyond simply sniffing the data. In fact, the hacker
alters or changes the data to cause mischief and consternation to the user. In
a denial of service attack, the hijacker blocks the bandwidth by generating
multiple requests to the server which blocks the service for the genuine user.
Software Used for Hacking
The security risks posed by hackers are very serious, especially because a
number of software tools are available online that help hackers to find out
the passwords of open Wi-Fi networks. One such example is Wireless Hack
V2.1 (Download Hack, 2013). The software can be downloaded for free by
any hacker. The hacker can easily access the website and click on the
Download button to start the download process. Once the software has been
installed on the laptop, the hacker has to insert the SSD code for the network
and press the Get Password button. The password can be generated in no
time at all.
Another valuable resource for network hackers is Kali Linux which offers a
wealth of hacking tools for no cost at all. In addition, the popular video
sharing website YouTube has innumerable tutorials on how to hack networks
and individual systems. Among the tools popularly used for exploiting the
weaknesses of the WEP protocol, Aircrack-ng is an entire suite of tools that
help hackers to crack the WEP and even the more modern WPA-PSK
protocols. This software suite further enables hackers to intercept data
packets and is therefore widely used by those who engage in spoofing.

Name 39

A tool used to send de-authentication packets is Airjack. Aptly named

because of its role in hijacking the airwaves of open Wi-Fi networks, this suite
facilitates hackers in launching denial of service and man in the middle
attacks. In order to further facilitate spoofers, the AirSnort package enables
hackers to find out the encryption key for a system after passively gathering
information from a large number of data packets. Cain and Able is another
software tool that is adept at intercepting data packets being sent over the
open Wi-Fi network. CommView for Wi-Fi is another software tool that is quite
convenient and effective for professional hackers. The features provided in
this package enable hackers to capture and analyze data packets as they are
being transmitted over the network. The hacker simply uses a wireless
adapter to set up as an access point and use the channel to capture and
analyze the data packets intercepted by it.

WEP Cracking Results

In order to find out how easy it is to crack a WEP protocol and gain access
to an open Wi-Fi network, I decided to undertake such an activity on my own
for the sake of research. I used my laptop to enter a cafe in the business
district where a number of people were using the open Wi-Fi. I bought a cup
of coffee and got the Wi-Fi password from the staff. After logging on to the
system, I activated the spoofing software and my laptop began to receive
data packets from the computers around me. There was a clear lack of
meaningful security which showed that computers connected to the open Wi-

Name 40

Fi are extremely vulnerable and it takes almost no effort to hack into a

system.

Available Solutions
There are several solutions available to offer protection to the open Wi-Fi
network. Security software such as network firewalls and antivirus software
should be installed and updated regularly in order to prevent intrusions and
malicious files from being placed on the computers. A virtual private network
(VPN) is an effective alternative to connect to the Internet when sensitive or
confidential data has o be transmitted. Users can opt to start secure email
sessions as opposed to a public network. This prevents data to be stored in
the cache memory of public computers such as those at airport terminals.
Bank transactions and other sensitive transactions should not be conducted
by open Wi-Fi networks and should be deferred until the user can get access
to a secure network. If the Wi-Fi network is being accessed by a telephone
device, the user should always log off when the network is not required to be
used.
The best solution of the above is to employ a VPN network whenever it
becomes necessary to use the Internet. This is possible in collaboration with
the organization and is ideal for work-related tasks. VPN or virtual private
network offers a secured wireless network connection. The common way for
most home users is to install a VPN shield which encrypts the data being
transmitted in such a way that it is only transmitted over a secured network.
This makes it difficult for hackers or spammers to gain access to the data by

Name 41

spoofing or other similar methods. It is functional wherever open Wi-Fi

networks are available and ensures security of data to a great extent. It also
offers protection against malware and blocks the browsing history from being
viewed by others.

Conclusion
The research shows that users generally possess a very low level of
awareness about the risks of open Wi-Fi systems despite being heavy users
of those networks. This raises an important concern about the extent to
which data shared and transmitted over these networks is safe and secured.
Open Wi-Fi hotspots are ubiquitous and are commonly used by people. This
exposes their data to the risk of being intercepted, hacked and subsequently
misused for criminal or unethical activities. Both home users and corporate
users should be concerned over this trend. Hacking, spoofing, denial of
service attacks are some of the most common attacks. They have also
become easier because of the availability of hacking and spoofing programs
online. As a result, there is an urgent need to develop effective solutions that
can minimize the risks posed by the weaknesses of the open Wi-Fi networks.
The main weakness is the antiquated and unencrypted WEP protocol which
continues to be used in open Wi-Fi hotspots today. A number of solutions
have been developed to increase the security of these networks such as
network firewalls and antivirus packages. Of these, the most effective,
convenient and meaningful solution is the virtual private network (VPN)

Name 42

which enables users to enjoy the benefits of open Wi-Fi networks without
compromising on the security of their systems.

Works Cited
Accountancy Ireland, 2013. Commuters putting company data at risk on
public Wi-Fi. Accountancy Ireland, [online] 45(5), p. 88-94. Available at:
EBSCO Search [Accessed 26 January 2014].
Andrs, S., 2010. How to stay safe on public Wi-Fi. PC World, [online], 28(7).
Available at: EBSCO Search [Accessed 26 January 2014].
Anthony C. Ijeh, A. C., Brimicombe, A. J., Preston, D. S., and Imafidon, C. O.,
2010. Security measures in wired and wireless networks. [online].
Available at: http://www.bcs.org/upload/pdf/ewic_iict09_s4paper2.pdf
[Accessed 26 January 2014].
Berghel, H., and Uecker, J., 2005. WiFi attack vectors. Communications of the
OCM, [online] Available at: EBSCO Search [Accessed 26 January 2014].
Butler Group, 2008. WiFi Security: GetSafeOnline warns of piggybacking
dangers. [online] Available at: EBSCO Search [Accessed 26 January 2014].
Choi, M. K., Robles, R. J., Hong, C. H., and Kim, T. H., 2008. Wireless network
security: Vulnerabilities, threats and countermeasures. International
Journal of Multimedia and Ubiquitous Engineering, [online], 3(3). Available

Name 43

at: http://www.sersc.org/journals/IJMUE/vol3_no3_2008/8.pdf [Accessed 26

January 2014].
Du, H., and Zhang, C., 2006. Risks and control of Wi-Fi network systems.
ISACA Journal, [online] Available at: http://www.isaca.org/Journal/PastIssues/2006/Volume-4/Pages/Risks-and-Risk-Control-of-Wi-Fi-NetworkSystems1.aspx [Accessed 26 January 2014].
Goldsborough, R., 2012. The highs and lows of Wi-Fi. Teacher Librarian,
[online], 39(3). Available at: EBSCO Search [Accessed 26 January 2014].
Goyal, R. M., and Goyal, A., 2008. Securing Wi-Fi Network. [online] Available
at: http://infosecawareness.in/downloads/handbooks/wifi-securityebook.pdf [Accessed 26 January 2014].
Hole, K. J., Dyrnes, E., and Thorsheim, P., 2005. Securing Wi-Fi networks.
[online]. Available at: http://www.nowires.org/Papers-PDF/WiFiSec.pdf
[Accessed 26 January 2014].
Hole,K. J., Netland, L. H., Klingsheim, A. N., Helleseth, H., and Henriksen, J. B.,
2008. Open wireless networks on university campuses. IEEE Security and
Privacy, [online] Available at: http://www.nowires.org/PapersPDF/OpenNets.pdf [Accessed 26 January 2014].
Jacob, L., Hutchinson, D., and Abawajy, J., 2011. Wi-Fi security: wireless with
confidence. [online]. Available at:
http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1018&context=asi
[Accessed 26 January 2014].

Name 44

Parte, S., and Pandya, S., 2012. A Comprehensive Study of Wi-Fi Security
Challenges and solutions. International Journal of Scientific & Engineering
Research, [online]. 3(8). Available at: http://www.ijser.org/researchpaper
%5CA-Comprehensive-Study-of-WiFi-Security-Challenges-and-solutions.pdf
[Accessed 26 January 2014].
Rosenblatt, S., 2013. Wi-Fi routers: More security risks than ever. [online].
Available at: http://news.cnet.com/8301-1009_3-57596851-83/wi-firouters-more-security-risks-than-ever/ [Accessed 26 January 2014].
Schwartz, E., 2005. Wi-Fi security wakes up to reality. InfoWorld, [online],
27(20). Available at: EBSCO Search [Accessed 26 January 2014].
Urbas, G., and Krone, T., 2006. Mobile and wireless technologies: Security
and risk factors. Trends & Issues in Crime and Criminal Justice, [online].
329. Available at: http://www.aic.gov.au/documents/E/9/9/%7BE99293FF9E0F-4522-8E54-0598720C45B2%7Dtandi329.pdf [Accessed 26 January
2014].