Professional Documents
Culture Documents
Dissertation:
Risks of Open Wi-Fi Networks
Prepared by:
2 February 2014
Name 2
Contents
Risks of Open Wi-Fi Networks........................................................................................................3
Introduction..................................................................................................................................3
Aims and Objectives....................................................................................................................4
Literature Review.........................................................................................................................7
Scope and Constraints................................................................................................................20
Research Methodology..............................................................................................................23
Findings: Implementation and Evaluation.................................................................................27
Survey Findings......................................................................................................................27
Qualitative Research Findings................................................................................................29
WEP Cracking Results...........................................................................................................31
Available Solutions.................................................................................................................32
Conclusion.................................................................................................................................33
References..................................................................................................................................34
Name 3
Name 4
The present study discusses the most important security risks associated
with the open Wi-Fi network. It mainly explores the extent to which users are
aware of these risks and what steps they take to prevent these risks from
materializing. The findings of primary and secondary research are integrated
to present an overall picture of the situation which is then used to identify
the main strategies of minimizing the risks. The paper concludes with a
specific recommendation to reduce the security risks of the open Wi-Fi
networks.
Name 5
within and outside the office. The objective of the current study is to review
the most common and severe security risks to which users of open Wi-Fi
networks are exposed. Home users as well as corporate users share large
volumes of data regularly over the network and hence, this objective will
help to make their data more secure from hackers and other intruders with
malicious intentions.
In addition to reviewing the main risks and threats to open Wi-Fi networks,
this study is also interested in finding out whether users are aware of these
risks. Hackers as well as those who stumble upon data shared over open WiFi networks can be prevented from misusing the data if the users adopt safe
usage behaviours. As long as users are aware of the most common risks,
they can be encouraged to adopt safe practices and working habits to ensure
that their data and systems are protected. However, if the users are blissfully
ignorant about the threats to their data, it becomes important to educate
them about those risks and the damage they can cause to their data. This
study will aim to determine the level to which users of open Wi-Fi networks
are aware of such risks.
In order to have a better understanding of the main security risks and how
they are perpetrated, it would be necessary to understand the basic working
and principles of open Wi-Fi networks. Some of the features of open Wi-Fi
networks that make them extremely convenient can also be a source of
weakness and security threats to the users. Research suggests that the main
security risks of open Wi-Fi networks exist because of underlying weaknesses
Name 6
in the structure and protocols on which the network is based (Berghel and
Uecker, 2005). Hence, for a better understanding of the security risks and
how they are executed, this study aims to identify the main structural factors
of the open Wi-Fi network. This objective will enable the study to identify
specific weaknesses in the network that can be addressed to minimize the
security risks.
Based on the findings of the literature review, independent research and
survey results, the study aims to identify specific remedies which can
improve the security of the open Wi-Fi networks. Factors such as negligence
and lack of awareness among users, slack attitudes and misplaced priorities
of the network developers and weaknesses in the legislative areas will be
addressed to recommend the most effective and economical remedies to
solve the problem for the long term (Jacob, Hutchinson, and Abawajy, 2011).
The remedies that have been adopted and implemented in the past will also
be discussed in the paper to explore their effectiveness and weaknesses to
inform policy in future.
The remedies recommended in this paper will be aimed at helping
network administrators to make the open Wi-Fi networks more secure. For
instance, by identifying weaknesses and vulnerabilities in the protocol or in
the devices used to build the network, the study aims to inform network
administrators of the most sensitive areas of the network to enable them to
take appropriate action to patch up those areas and make the network
security apparatus more robust and effective. It is expected that the
Name 7
Name 8
adopted by hackers to identify open Wi-Fi hotspots. It will further discuss the
techniques by which the hackers are able to identify the weaknesses of the
networks and how they are able to divert data from the intended destination
to their devices. A discussion of these strategies is included in this paper to
acquaint the users and network managers with the modus operandi of
hackers so that they may take the security of their networks and data more
seriously.
The study will identify some of the commonly used software that enable
hackers to pose as genuine users and misuse the data generated by genuine
users on the network. It will also describe the manner in which network
hackers are able to convert their laptops into access points and gain access
to confidential data. The risks posed by such practices will be identified so
that readers can take more precautions and engage in responsible practices
while using open Wi-Fi networks. It is intended that this information will make
home users and corporate users more conscientious and less susceptible to
the threats posed by the system.
Finally, the aim of this study is to make specific recommendations about
the best solution to the problem of open Wi-Fi security. Based on the findings
of the survey and the literature review, it is intended that the
recommendations will realistically enable open Wi-Fi users to make their data
more secure by adopting safe practices such as logging out of their systems
after use and using VPN tunnels where they are available. Through these
recommendations, it is expected that hackers will become less capable of
Name 9
gaining unauthorized access to data being transmitted over the open Wi-Fi
network.
Literature Review
Despite the great functionality of public WiFi networks, many users are
oblivious or negligent of the risks and the threats such networks pose. Other
than the alleged health risks, the security risks can put the informational
assets of the home user and the corporate user at risk. Berghel and Uecker
(2005) identify the main reason for the extreme vulnerability of public WiFi
networks in their paper on Wi-Fi connectivity and their attending risks. The
root of the problem can be traced to the original 802.11 standard which
created protocols with inherent system vulnerabilities. Other developments
of the Wi-Fi networks such as the RC4 symmetric and the stream cipher
algorithm also failed to take care of the security loopholes inherent in the
public Wi-Fi systems.
More importantly, Berghel and Uecker (2005) state that the Wired
Equivalent Privacy (WEP) in also an unsecured structure as it is not
encrypted. This exposes to the Wi-Fi users to security risks such as replay
attacks, checksum forging and message integrity check forging. In the case
of replay attacks, the attacker can intercept data while it is being transmitted
over the network and cause it to be delayed or retransmitted to a different
destination. The weaknesses can be exploited by network attackers to sniff
data being transmitted and gain access to sensitive data (Berghel and
Uecker, 2005). Furthermore, the IV selection designed by the IEEE also failed
Name 10
to improve the security of the WEP to any great extent. Hence, users of WiFi
networks are constantly exposed to their networks and their informational
assets being accessed and misused by attackers.
Large numbers of people are connected to public WiFi networks and use
them for official and personal reasons. A report published in Accountancy
Ireland (2013) discusses the results of a survey carried out with 1001 office
employees in the United Kingdom to determine their WiFi usage patterns.
The study found that all the people being surveyed use open WiFi
connections at least once a week while the average frequency of use of WiFi
networks was 15 times a week. The most common places where users
accessed WiFi networks included trains, buses and subways (Accountancy
Ireland, 2013). It was a common practice among the survey respondents to
use open or public WiFi networks to view information about their company or
their personal data.
Common tasks that were performed on the open WiFi network included
simple tasks such as sending and receiving work related or personal email. In
addition, users also used the open WiFi networks to work on official
documents on their laptops. They also frequently logged into their official
company servers to access information from the corporate database. While
many of those surveyed were ignorant of the seriousness of the risk to which
their data was exposed, the survey showed that the practices commonly
engaged in could lead to increased susceptibility of their data being
intercepted by network attackers (Accountancy Ireland, 2013). Another
Name 11
common risk that users were not aware of was packet sniffing where high
volume transmission of data over an open WiFi network can make it easier
for hackers to track the source of the data (Accountancy Ireland, 2013).
Du and Zhang (2006) identify some other risks to which users of open
WiFi networks are exposed. First among these is the risk of unauthorized use
of service. This is an increased risk in open WiFi networks because there are
neither physical barriers nor encryption settings to prevent attackers from
hacking into the network and accessing sensitive data. Most users are
ignorant about whether they need to install firewalls and intrusion detection
tools to secure their data (Du and Zhang, 2006).
As a number of open WiFi networks do not change the default settings
provided by the vendor, there is a high chance of the network overlapping
with other networks. As a result, the data of an organization can be captured
by a competitor or an individual who can misuse the data. These individual
are frequently called war drivers and use special antennae and programs to
identify vulnerable systems through their geographical location (Du and
Zhang, 2006).
Another common attack on open WiFi networks is frame spoofing. In this
kind of an attack, the attacker is able to spoof data packets that are sent
over the open or unencrypted WiFi networks (Du and Zhang, 2006). By using
the source and destination address on the packets, the attacker can
impersonate as the genuine user of the network and assume the identity of
the original user. In more serious forms of frame spoofing, the hijacker can
Name 12
pretend to be an access point (AP) and intercept and change the message
being sent over the network. Such types of attacks are called man in the
middle (MITM) attacks (Du and Zhang, 2006).
Hole et al. (2008) explain the distinction between security vulnerabilities
and threats effectively in their work on wireless networks in university
campuses. The term vulnerability is used to refer to the weaknesses and
loopholes in the system which endanger the integrity and security of the
data. Some of the common security risks of open WiFi networks on university
campuses include illegal downloads and terminal to terminal attacks (Hole et
al., 2010). Illegally downloading music or pornographic content can damage
the reputation and integrity of the institutions. Hence, there is a need to
educate students and other users of campus WiFi about the ethics of using
an open network.
Secondly, in terminal to terminal attacks, attacking any user terminal on
the network becomes easier because the attacker does not have to
manipulate a wired infrastructure (Hole et al., 2008). Many networks lack the
necessary firewalls and security systems which expose not just terminal
connected to wireless networks but also those that are connected to the
wired infrastructure. Another major security risk is the setting up of rogue
access points (Hole et al., 2008). These rogue access points allow attackers
to gain access to the universitys databases without authentic permission or
access rights.
Name 13
Staying within the scope of university networks, the attackers can gain
access to restricted information through spoofing. They can also introduce
false information such as fake lectures or research articles. Anonymous
attacks also become more likely with reduced security settings on the open
Wi-Fi networks. Furthermore, user and data privacy can be compromised
easily because university students are not cautious enough about protecting
their computer screens from prying eyes (Hole et al., 2008).
Hacking is a very common security risk associated with open Wi-Fi
networks. Goyal and Goyal (2008) explain how hackers are able to exploit
the weaknesses and vulnerabilities of open Wi-Fi networks using a Wi-Fi
detectors. Goyal and Goyal (2008) explain that the Wi-Fi detector enables
hackers to detect and locate Wi-Fi networks or hotspots. It is a simple device
that is operated by batteries and can also be available in the form of a flash
drive. Thanks to this feature, the device can be connected to a laptop to turn
it into a hacking instrument.
With the help of the Wi-Fi detector, the network users may not be aware
that while they are sending and receiving data over the network, their
signals are being detected by the hacker. In addition, the device also informs
the hacker about the type of encryption that is being used on the network.
The wireless standards and the strength of the signal are also communicated
to the hacker. Hackers can use this information to access data on the system
and use it to their advantage.
Name 14
Even if the signal strength is not sufficient to the detected by the WiFi
detector, hackers can use the Yagi antennae also known as repeaters to
increase the signal range so that it can be detected and analyzed easily
(Goyal and Goyal, 2008). What makes the situation more complex is the fact
that these devices enable the hacker to work smoothly without leaving any
indication of his activity. This limits the effectiveness of any post-intrusion
audit to identify the hacker.
Some of the risks of open WiFi networks have been identified with
reference to home users. These risks have been discussed in a report by the
Butler Group (2008) and serve to show that users are susceptible to invasion
of their systems even when they are within the security of their home. These
risks affect not only when users connect to the WiFi networks for personal
computing but also when they perform official duties from their laptops or
home PCs. The most common of these risks is the risk of piggybacking. This
occurs when neighbours can connect to each others WiFi networks and use
the bandwidth without having to pay anything. The situation is more serious
for those who work from home or telecommute.
The Butler Group (2008) report presents the results of a survey which
showed that 37% of the respondents would only consider jobs with remote
working options. However, the report suggests that where organizations
allow employees to work remotely or from their homes, they fail to
implement safety policies and mechanisms to ensure the safety of corporate
data. Such employees regularly exchange emails and files with the corporate
Name 15
office over the open WiFi network which is vulnerable to activities such as
sniffing and redirection. Even though some offices offer VPN connectivity,
may users do not use it and still prefer the convenience of open WiFI
networks. However, they inadvertently trade in security for convenience.
Hence, there is a need to educate open WiFi users about the main security
risks and the steps that can be taken to protect against those risks.
Goldsborough (2012) identifies some of the basic risks of open WiFi
networks that tend to be ignored by users. The most common risks
associated with the use of the Internet are amplified when open WiFi
networks devoid f any meaningful protection or security are used. As a
result, transactions made over the Internet using such networks can put
confidential information such as bank account details, credit card information
and social security numbers accessible to hackers and other online
miscreants. Rogue Wi-Fi networks are also important sources of security
breaches because the users are unable to distinguish between genuine and
rogue access points.
Another problem for users of open WiFi networks is that the WEP system
makes the networks less secure than the later WPA and WPA-2 systems. This
susceptibility makes it easier for hackers and other prowlers on the network
to engage in traffic snooping. Goldsborough (2012) explains that wireless
packet analyzers can be used by snoopers to detect data packets as they are
being sent over the system. The risk of data spoofing and the use of
detection software has also been discussed earlier in the studies of Goyal
Name 16
and Goyal (2008), Berghel and Uecker (2005), and Du and Zhang (2006).
Goldsborough (2012) also discusses the problem of neighbour piggybacking
which has been explained in the Butler Group (2008) report.
Other problems discussed by Goldsborough (2012) include WiFi pollution
in case a large number of connections are being used in a densely populated
area such as an apartment block. This kind of pollution can make data
accessible to several users as the individual networks overlap and make
accidental data transmission across networks likely. Hence, users must be
aware of the security risks associated with open Wi-Fi networks so that they
can take appropriate security precautions.
Schwarz (2005) also discusses the problem of poor encryption and
authentication as the main factors which make open Wi-Fi networks
challenging for users. Because data is transmitted unprotected in a public
space there is little to deter hackers and sniffers from gaining access to the
data. At the same time, some of the security breaches may be committed
inadvertently because individual networks may overlap thus making data
stored on one computing device accessible to other devices on a different
network. The fact that it is a wireless network does little to alleviate the
situation because the hackers have fewer obstacles and security checks to
breach as compared to a wired network. Schwartz (2005) draws an
interesting analogy between a public WiFi network and a magnifying glass by
saying that a wireless networks greatly magnifies the security risks and
vulnerabilities inherent in a network. Like much of the literature discussed
Name 17
earlier in this section, Schwartz (2005) also points to the risks of neighbour
piggybacking and rogue access points in open WiFI networks.
Knowledge and awareness of the risks of open WiFi networks is essential
because it helps users and network providers to put in place adequate
security systems and to practice safe network usage. While explaining some
of the safe practices to be used on the open WiFi networks, Andres (2010)
explains some of the risks of using open WiFi networks. While many users
may be unaware of the fact, Andres (2010) explains that even when users
are just browsing the Internet and not sharing emails or downloading files
from corporate databases, they remain exposed to invasion and other
security breaches over the open WiFi network.
Again, the wireless packet analyzers are the most common instruments
used by hackers and those who breach network security to gain access to
computing devices. One way in which the attackers can breach the network
is by stealing the session cookie and using it to log in to the users email
account. In such a case, the hacker does not even need to use the password
as the users do not log out of their sessions. Some users are of the
misconception that paid Wi-Fi hotspots are more secure than free Wi-Fi
hotspots. Andres (2010) explains that this is not the reality. In fact, a lot of
paid hotspots lack the required encryption that can secure the network
against intrusion and attacks. As a result, any data or files shared by users
over the FTP network can be sniffed and intercepted by network attackers.
Name 18
Name 19
Dyrnes and Thorsheim (2005) point to some more security risks to which
many WiFi users are oblivious. Some of the common terms used by the
authors include war-driving and its many derivatives such as war-walking and
war-cycling. The authors explain that these risks are difficult to identify
because the perpetrators of these breaches pose as innocuous passers-by or
people driving around with a computer (Dyrnes and Thorsheim, 2005). Using
WiFi detection software, the attackers can easily identify devices connected
to open WiFi networks by driving around the area or even while walking
around with a mobile computing device to which the WiFi detector is
connected.
In addition to the challenges of detecting such war-driving or war-walking
activity, other reasons that increase the security risks for open WiFi users is
the fact that the vulnerabilities in the open WiFi model are frankly quite
complex (Dyrnes and Thorsheim, 2005). The problem is further compounded
by the inevitability of system errors and bugs coming up from time to time as
well as the fact that WEP does not offer adequate protection and is widely
used (Dyrnes and Thorsheim, 2005). Some consolation is offered to home
users of open WiFi networks in that the volume of messages transmitted by
them over the network is not sufficient to enable hackers to detect the
source and destination addresses in a short period of time. However,
corporate users generate huge traffic daily and are easy targets. Denial of
service attacks and forging of management packets are other risks posed by
Name 20
Name 21
not linked by access points. Sniffing attacks can facilitate identity theft as
well as MITM attacks causing a lot of damage to the system.
Hackers have become increasingly sophisticated and are using highly
developed tools to infiltrate open WiFi networks. Ijeh et al. (2010) discuss
some of these risks while underlining the need for administrators and users
to be more vigilant about the security of their networks. Ijeh et al. (2010)
discuss the vulnerabilities, threats and countermeasures to make wireless
networks more secure and resistant to attacks. They cite key recovery
attacks as one of the most common ways to break into the WEP system and
gain access to data.
One of the major weaknesses of the WEP protocol is that it is impossible
to exchange encryption keys without exposing the network to a security
breach. Breaking the WEP key is extremely easy and attackers can do so
quite efficiently. Confidentiality of data, data integrity and security are all
compromised because of the weaknesses of the WEP protocol. Hackers and
system infiltrators are also known to use interface identifiers. These tools
enable hackers to trace the identities of message senders and receivers over
time. Ijeh et a. (2010) suggest that security awareness and management
(SAM) systems should be enhanced and a security policy should be framed
and shared with all employees. At the same time, there should be processes
through which security breaches are reported timely so that appropriate
action can be taken and data security can be ensured. Other common
threats such as viruses and malware infecting networks are also found in
Name 22
open WiFi networks. However, these risks can be overcome through better
encryption and protection of network resources.
For a fuller explanation of war driving, we can turn to Jacob, Hutchinson,
and Abawajy (2011) who explain war driving and the risks it causes to the
security of open WiFi systems. The technique through which attackers exploit
the weaknesses of the open WiFi system involved the use of special devices
and programs to chalk out the locations of wireless access points in a certain
locality. What is upsetting is that many attackers perceive war driving as a
harmless, fun activity which undermines the seriousness of the threat it
poses.
Another challenge is the legal status of war driving which is not
considered as a crime and steps to control war driving are impeded by the
ambiguous legal position of the activity. This occurs because legitimate uses
of war driving also exist such as reconnaissance activities and penetration
tests. What differentiates legitimate and illegitimate activities is what the
information obtained through them is used for. Therefore, protecting a
network against war driving could also end up preventing relatively useful
applications of war driving. Therefore, open WiFi users should be aware of
the threat of malicious war driving which could result in corporate data
falling into the hands of unauthorized persons and being used for unethical
or criminal purposes. Efforts to reduce risks posed by war driving are further
hampered by the poor research that has been conducted on the issue. Jacob,
Name 23
Hutchinson, and Abawajy (2011) stress the need for more extensive research
on war driving and finding other ways of obtaining the same data.
Parte and Pandya (2012) reflect many of the concerns shared by other
scholars included in this discussion. They categorize the major risks of open
WiFi networks into two categoriesactive attacks and passive attacks. Active
attacks include risks such as Denial of Service attacks, malicious association,
spoofing, accidental association and replay attacks. The common
characteristic of the active attacks is that they offer the hacker the
opportunity to damage the data stored on the system. In passive attacks, on
the other hand, the hacker can eavesdrop on the information being
transmitted but does not enjoy the ability to affect or distort data in any way.
One of the most common active attacks is the denial of service attack. To
launch this attack, the hacker gains access to the network via a vulnerable
access point and floods the bandwidth with a large volume of meaningless
data such as server requests. As a result, the network becomes jammed and
genuine requests from legitimate users cannot be fulfilled. Another common
active attack is spoofing. Here, the intruder manages the setting of his
laptop or wireless device so that it appears to be a genuine access point.
Through this device, the intruder is then able to access data being
transmitted on the network.
Parte and Pandya (2012) have included two types of network attacks
under the category of passive attacks. In the first type of passive attack, the
intruder is able to collect data being transmitted over the open WiFi network.
Name 24
What makes this type of attack passive is that the intruder does not obstruct
the exchange of data which allows this intrusion to go undetected. In the
second type of passive attack, the intruder gains access to a WiFi network by
manipulating a security hole. This point has also been made by Rosenblatt
(2013).
Some more security risks associated with open WiFi networks have been
put forward by Urbas and Krone (2006). In their study of mobile and wireless
technologies, Urbas and Krone (2006) identify intrusion, leeching and
message modification as some of the likely risks of using open WiFi networks.
In the absence of passwords, encryption and other methods of restricting
access, intrusion becomes a common activity and could also result in
information theft and unauthorized use of network bandwidth. This latter risk
has been termed by Urbas and Krone (2006) as leeching where genuine
registered users have to suffer because the bandwidth is regularly consumed
by unauthorized users. Such intrusion can also open channels for the
intruders to engage in unethical and criminal activities such as pornography
and carrying out denial of service attacks.
Once they have gained access to the network, the intruders can modify
the messages being shared over the network by deleting or altering their
content. In some cases, the intruders can also launch dictionary attacks and
replay attacks.
Name 25
Name 26
Name 27
One of the major constraints for this study was time. The shortage of time
limited the scope of the study, in particular the survey as a large number of
responses could not be collected. Generally, in a survey respondents are
likely to give meaningful answers when they are given sufficient time.
Because of time constraints the desired results could not be achieved and
the response rate for the survey was below the expected and desired level. It
is therefore suggested that at least a week should be provided to survey
respondents which should include weekends so that they have enough time
to complete and return the survey.
A second constraint was the availability of resources. As the study is
based on a mixed approach comprising of both qualitative and quantitative
aspects as well as primary and secondary sources, there were many
challenges faced to balance the objectives. The primary research was
restricted by the number of respondents who were available online.
Secondly, the secondary research was also limited to journals and databases
that could be accessed from the Internet. Hence, the scope of this study is
limited to the study of information available online while print sources have
not been used to inform this research.
The information about the methods and techniques employed by hackers
to gain access to data shared on open Wi-Fi networks is entirely derived from
secondary sources. The quality of the study could have been enhanced if
first-hand information about hacking techniques and practices could have
been obtained from the hackers directly. It was not possible to locate hackers
Name 28
and include them in the survey for primary data. As a result, the information
in this area is restricted to what has been reported in the published research.
It is suggested that future research on this topic should include input from
hackers where possible.
A further limitation of this study is that the remedies recommended may
last only as long as hackers are able to come up with alternatives. Hackers
are extremely intelligent people and are able to find loopholes in security
systems faster than network managers are able to detect and repair them.
Therefore, the recommendations of this study will be limited in the time
period over which they can be applied and remain effective. However, the
solutions have been recommended on the basis of the most recent
information available about the areas they address and the degree of
protection they can provide. It is extremely important that research in this
field take place continuously so that risks can be anticipated and averted
before they become materialized.
Research Methodology
The study will make use of both primary and secondary data collected
through various resources. Both types of data have their unique advantages
and provide useful insights into the topic being studied. At the same time,
they also pose some challenges in their collection and interpretation which
requires a cost-benefit analysis about which type of data to go for. Primary
data offers the advantage of being the most recent or current data about the
topic. Methods of collecting primary data include conducting interviews,
Name 29
observational studies, focus groups, surveys and so on. The data collected
through these methods is first-hand data and reflects the most current
behaviours. However, it is costly and time-consuming to collect.
On the other hand, secondary data is data that has been published in
other sources and is used for the current study. Secondary data offers the
advantage that more of it can be collected within a certain time period.
Furthermore, less effort is required to plan and organize the data collection
effort. However, the researcher needs to ensure that the sources used for
collecting secondary data are reliable and credible. The present study will
use both primary and secondary data. The primary data will be used to
ascertain the level of awareness among users about the security risks of
open Wi-Fi networks whereas the secondary data will be used to review the
common security risks and the best solutions available to minimize those
risks.
Another important decision area in research methodology is the choice of
the qualitative or quantitative approach. Each approach has its own
advantages and disadvantages which depend on the nature of the topic and
the resources available to collect and interpret data. The quantitative
approach is used when the data to be collected is in numerical form and can
be analyzed using quantitative methods of analysis. Regression, correlation
and central tendency measures are often used to determine the relationship
between different variables in a particular situation. Quantitative approaches
are also used when the data collected is of a historical nature and there is a
Name 30
need to explore trends and changes in the data over time. This approach has
utility in the present study which will be discussed later in this section. On
the other hand, qualitative approaches are used when the data to be
collected and interpreted is not capable of being quantified. Furthermore, the
qualitative approach is used when it is necessary to identify common
patterns and gain insight into underlying themes and structures.
The present study employs a mixed approach by using both the
quantitative and qualitative approaches for the study. The quantitative
approach is used to analyze and interpret the results of the survey that was
carried out with users of open Wi-Fi networks in order to assess their
awareness about the possible security risks. As the survey questionnaire was
designed to make the responses capable of being analyzed through
quantitative means, the quantitative approach is used to interpret the survey
data. On the other hand, the qualitative approach is used to learn about the
major problems and risks associated with the use of open Wi-Fi networks.
The journals articles and research papers that are selected for this study
have been analyzed using the qualitative approach to identify common
factors and issues in relation to the research topic. In this way, the various
aspects of the quantitative and qualitative approaches have been integrated
in the present study to interpret the diverse data and arrive at an enriched
understanding of the research problem. It is expected that the selected
approach will enable the readers to gain a balanced and comprehensive
perspective of the risks of open Wi-Fi networks.
Name 31
Name 32
Name 33
age, usage, and so on. Thematic analysis in this study was used to find out
the usage patterns of the users of open Wi-Fi networks and what type of
security risks they are aware of. The method was also used to analyse the
findings from the literature review in order to highlight the most common
security risks and the most favoured solutions to those risks. The results of
the thematic analysis are presented and interpreted in the following section
of this dissertation.
Name 34
security risks associated with these networks. It can then help to develop
effective measures to ensure greater security.
Behavioural Composition
This section identifies the major usage patterns of the users of open Wi-Fi
networks who responded to the survey. Around 60% of the respondents said
that they used open Wi-Fi networks to perform work-related tasks. This
included working on official projects outside the office either at the clients
office or in a restaurant or cafe. Almost all the respondents said that they
used open Wi-Fi networks for browsing the Web for interesting information,
news and financial information. The same segment also said that they used
open Wi-Fi networks commonly for conducting online banking transactions
and for online shopping. Open Wi-Fi networks were also used to keep in touch
with friends and family through social networks. Around 35% of the
respondents used a smartphone as the main device for accessing the open
Wi-Fi network. The percentage of users who used their laptops for the same
purpose included 65%. This shows that the laptop is the most common
device used to connect to open Wi-Fi systems while a lot of work-related
tasks are performed. The open Wi-Fi network is also widely used for personal
use of the Internet.
Awareness of Risks
In general, the respondents showed a very basic awareness of the
security risks associated with open Wi-Fi networks. This is a discouraging fact
given that many of the users are professionals who use the networks most of
Name 35
the time as part of their job. Most of the respondents were aware of the risks
of hacking but did not know that hacking became easier with open Wi-Fi
networks. Almost none of the respondents knew that open Wi-Fi networks
offered hardly any protection as they were not encrypted. The respondents
were aware of privacy issues and that sensitive information such as credit
card or social security numbers could be accessed by hackers. However, they
did not show much concern about their data being intercepted by the people
seated around them. All of this indicates a very low level of awareness which
puts the users at a great risk of having their data security compromised.
There is a need for educating the users about the major risks of open Wi-Fi
networks, most importantly the fact that it alone does not offer any
significant protection.
Awareness of Hacking Methods
Keeping in line with the findings of the previous section, the survey
respondents demonstrated a very limited level of awareness about the
hacking methods by which the security of their network is compromised.
Only two of the respondents knew about messages being intercepted by
hackers who used their laptops to function as an access point. Around half of
the respondents stated their understanding that paid Wi-Fi also did not
protect them against the risk of their data being intercepted. Again, half of
the users had experienced denial of service attacks and man in the middle
attacks and were able to attribute them to poor security settings of the
network. Despite this understanding, only 10 percent of the respondents
Name 36
were aware of the term spoofing. The respondents had also not heard about
the terms war driving or war walking but some of the respondents knew
about the likelihood of neighbour piggybacking. These results indicate a poor
level of understanding about the security risks and hacking methods used by
intruders among the population.
Awareness of Protective Measures
The respondents displayed a low level of awareness about the distinction
between WEP and WPA. They did not know that they should avoid Wi-Fi
hotspots that use the broken WEP protocol as opposed to the safer and
relatively more secure WPA protocol. One respondent who was the network
administrator at his company knew that Wi-Fi protected access offered
greater protection but said that his company had not communicated this to
all employees. This may be one reason why there is a low level of knowledge
among the users about the security risks.
It was a general habit among the users to use the same password for
different websites. They were not aware of the risk that a hacker who
cracked open their account on a particular website could use the password to
hack multiple accounts and misuse the data. This points to a general level of
negligence in the sample. Similarly, the users were generally unaware about
the importance of using an encryption key or a password to make the
network secure against hackers. The users were also ignorant about
assigning separate IP addresses to their devices or using router filters to
protect their data.
Name 37
Name 38
access point and goes beyond simply sniffing the data. In fact, the hacker
alters or changes the data to cause mischief and consternation to the user. In
a denial of service attack, the hijacker blocks the bandwidth by generating
multiple requests to the server which blocks the service for the genuine user.
Software Used for Hacking
The security risks posed by hackers are very serious, especially because a
number of software tools are available online that help hackers to find out
the passwords of open Wi-Fi networks. One such example is Wireless Hack
V2.1 (Download Hack, 2013). The software can be downloaded for free by
any hacker. The hacker can easily access the website and click on the
Download button to start the download process. Once the software has been
installed on the laptop, the hacker has to insert the SSD code for the network
and press the Get Password button. The password can be generated in no
time at all.
Another valuable resource for network hackers is Kali Linux which offers a
wealth of hacking tools for no cost at all. In addition, the popular video
sharing website YouTube has innumerable tutorials on how to hack networks
and individual systems. Among the tools popularly used for exploiting the
weaknesses of the WEP protocol, Aircrack-ng is an entire suite of tools that
help hackers to crack the WEP and even the more modern WPA-PSK
protocols. This software suite further enables hackers to intercept data
packets and is therefore widely used by those who engage in spoofing.
Name 39
Name 40
Available Solutions
There are several solutions available to offer protection to the open Wi-Fi
network. Security software such as network firewalls and antivirus software
should be installed and updated regularly in order to prevent intrusions and
malicious files from being placed on the computers. A virtual private network
(VPN) is an effective alternative to connect to the Internet when sensitive or
confidential data has o be transmitted. Users can opt to start secure email
sessions as opposed to a public network. This prevents data to be stored in
the cache memory of public computers such as those at airport terminals.
Bank transactions and other sensitive transactions should not be conducted
by open Wi-Fi networks and should be deferred until the user can get access
to a secure network. If the Wi-Fi network is being accessed by a telephone
device, the user should always log off when the network is not required to be
used.
The best solution of the above is to employ a VPN network whenever it
becomes necessary to use the Internet. This is possible in collaboration with
the organization and is ideal for work-related tasks. VPN or virtual private
network offers a secured wireless network connection. The common way for
most home users is to install a VPN shield which encrypts the data being
transmitted in such a way that it is only transmitted over a secured network.
This makes it difficult for hackers or spammers to gain access to the data by
Name 41
Conclusion
The research shows that users generally possess a very low level of
awareness about the risks of open Wi-Fi systems despite being heavy users
of those networks. This raises an important concern about the extent to
which data shared and transmitted over these networks is safe and secured.
Open Wi-Fi hotspots are ubiquitous and are commonly used by people. This
exposes their data to the risk of being intercepted, hacked and subsequently
misused for criminal or unethical activities. Both home users and corporate
users should be concerned over this trend. Hacking, spoofing, denial of
service attacks are some of the most common attacks. They have also
become easier because of the availability of hacking and spoofing programs
online. As a result, there is an urgent need to develop effective solutions that
can minimize the risks posed by the weaknesses of the open Wi-Fi networks.
The main weakness is the antiquated and unencrypted WEP protocol which
continues to be used in open Wi-Fi hotspots today. A number of solutions
have been developed to increase the security of these networks such as
network firewalls and antivirus packages. Of these, the most effective,
convenient and meaningful solution is the virtual private network (VPN)
Name 42
which enables users to enjoy the benefits of open Wi-Fi networks without
compromising on the security of their systems.
Works Cited
Accountancy Ireland, 2013. Commuters putting company data at risk on
public Wi-Fi. Accountancy Ireland, [online] 45(5), p. 88-94. Available at:
EBSCO Search [Accessed 26 January 2014].
Andrs, S., 2010. How to stay safe on public Wi-Fi. PC World, [online], 28(7).
Available at: EBSCO Search [Accessed 26 January 2014].
Anthony C. Ijeh, A. C., Brimicombe, A. J., Preston, D. S., and Imafidon, C. O.,
2010. Security measures in wired and wireless networks. [online].
Available at: http://www.bcs.org/upload/pdf/ewic_iict09_s4paper2.pdf
[Accessed 26 January 2014].
Berghel, H., and Uecker, J., 2005. WiFi attack vectors. Communications of the
OCM, [online] Available at: EBSCO Search [Accessed 26 January 2014].
Butler Group, 2008. WiFi Security: GetSafeOnline warns of piggybacking
dangers. [online] Available at: EBSCO Search [Accessed 26 January 2014].
Choi, M. K., Robles, R. J., Hong, C. H., and Kim, T. H., 2008. Wireless network
security: Vulnerabilities, threats and countermeasures. International
Journal of Multimedia and Ubiquitous Engineering, [online], 3(3). Available
Name 43
Name 44
Parte, S., and Pandya, S., 2012. A Comprehensive Study of Wi-Fi Security
Challenges and solutions. International Journal of Scientific & Engineering
Research, [online]. 3(8). Available at: http://www.ijser.org/researchpaper
%5CA-Comprehensive-Study-of-WiFi-Security-Challenges-and-solutions.pdf
[Accessed 26 January 2014].
Rosenblatt, S., 2013. Wi-Fi routers: More security risks than ever. [online].
Available at: http://news.cnet.com/8301-1009_3-57596851-83/wi-firouters-more-security-risks-than-ever/ [Accessed 26 January 2014].
Schwartz, E., 2005. Wi-Fi security wakes up to reality. InfoWorld, [online],
27(20). Available at: EBSCO Search [Accessed 26 January 2014].
Urbas, G., and Krone, T., 2006. Mobile and wireless technologies: Security
and risk factors. Trends & Issues in Crime and Criminal Justice, [online].
329. Available at: http://www.aic.gov.au/documents/E/9/9/%7BE99293FF9E0F-4522-8E54-0598720C45B2%7Dtandi329.pdf [Accessed 26 January
2014].