One thing that I always tell my clients is to make sure that they have a strong WiFi password so that nobody can hijack your WiFi to do evil things. Here’s an example of that. A couple experienced “a knock on the door from the police” investigating child abuse images that were posted online. “The couple insisted they had nothing to do with it. But the next few months were ‘utter hell’ as they attempted to clear their names,” before their case was finally dropped in March:
In February, a conversation with a friend who worked in cyber-security alerted them to the possibility that their router, supplied by their broadband provider Vodafone, might hold clues to what had happened. They had not changed the default passwords for either the router itself or the admin webpage, leaving it susceptible to brute force attacks. “We think of ourselves as competent users but we are not IT experts,” said Matthew. “No-one told us to change the password and the setting up of the router didn’t require us to go on to the admin menu, so we didn’t.
“It came with a password, so we plugged it in and didn’t touch anything.”
Ken Munro, a security consultant with Pen Test Partners, told the BBC that it can take “a matter of minutes” for criminals to piggyback on insecure wireless connections… “So what I guess has happened here, is that the hacker has cracked the wi-fi password and then made changes to the router configuration, so their illicit activities on the internet appear to be coming from the innocent party.” In March, when the couple’s devices were returned and the case closed, the police officer assigned to liaise with them seemed to corroborate that unauthorised use of their wi-fi was to blame. But it couldn’t be proved… The problem is industry-wide, points out Mr Munro.
“Internet service providers have started to improve matters to make these attacks harder, by putting unique passwords on each router. However, it will take years for all of the offending routers to be replaced,” he said.
It’s not uncommon for people not to change the default passwords on routers that they buy, or hardware that they get from ISPs. And this is dangerous. What’s even more dangerous is if they have gear that forces a password change, the password that gets put in is weak. Meaning that they might as well have not bothered to change their password. And that typically doesn’t end well as evidenced above. Thus, I would strongly recommend that you change your WiFi password to something strong. If you’re not sure if your password is strong, you can use this site to have it assess your password, and help you to pick something that can’t be exploited.
Weak Wi-Fi Password May Have Led UK Police To Bust An Innocent Couple
Posted in Commentary with tags Security on May 24, 2021 by itnerdOne thing that I always tell my clients is to make sure that they have a strong WiFi password so that nobody can hijack your WiFi to do evil things. Here’s an example of that. A couple experienced “a knock on the door from the police” investigating child abuse images that were posted online. “The couple insisted they had nothing to do with it. But the next few months were ‘utter hell’ as they attempted to clear their names,” before their case was finally dropped in March:
In February, a conversation with a friend who worked in cyber-security alerted them to the possibility that their router, supplied by their broadband provider Vodafone, might hold clues to what had happened. They had not changed the default passwords for either the router itself or the admin webpage, leaving it susceptible to brute force attacks. “We think of ourselves as competent users but we are not IT experts,” said Matthew. “No-one told us to change the password and the setting up of the router didn’t require us to go on to the admin menu, so we didn’t.
“It came with a password, so we plugged it in and didn’t touch anything.”
Ken Munro, a security consultant with Pen Test Partners, told the BBC that it can take “a matter of minutes” for criminals to piggyback on insecure wireless connections… “So what I guess has happened here, is that the hacker has cracked the wi-fi password and then made changes to the router configuration, so their illicit activities on the internet appear to be coming from the innocent party.” In March, when the couple’s devices were returned and the case closed, the police officer assigned to liaise with them seemed to corroborate that unauthorised use of their wi-fi was to blame. But it couldn’t be proved… The problem is industry-wide, points out Mr Munro.
“Internet service providers have started to improve matters to make these attacks harder, by putting unique passwords on each router. However, it will take years for all of the offending routers to be replaced,” he said.
It’s not uncommon for people not to change the default passwords on routers that they buy, or hardware that they get from ISPs. And this is dangerous. What’s even more dangerous is if they have gear that forces a password change, the password that gets put in is weak. Meaning that they might as well have not bothered to change their password. And that typically doesn’t end well as evidenced above. Thus, I would strongly recommend that you change your WiFi password to something strong. If you’re not sure if your password is strong, you can use this site to have it assess your password, and help you to pick something that can’t be exploited.
Leave a comment »