Weak Wi-Fi Password May Have Led UK Police To Bust An Innocent Couple

One thing that I always tell my clients is to make sure that they have a strong WiFi password so that nobody can hijack your WiFi to do evil things. Here’s an example of that. A couple experienced “a knock on the door from the police” investigating child abuse images that were posted online. “The couple insisted they had nothing to do with it. But the next few months were ‘utter hell’ as they attempted to clear their names,” before their case was finally dropped in March:

In February, a conversation with a friend who worked in cyber-security alerted them to the possibility that their router, supplied by their broadband provider Vodafone, might hold clues to what had happened. They had not changed the default passwords for either the router itself or the admin webpage, leaving it susceptible to brute force attacks. “We think of ourselves as competent users but we are not IT experts,” said Matthew. “No-one told us to change the password and the setting up of the router didn’t require us to go on to the admin menu, so we didn’t. 

“It came with a password, so we plugged it in and didn’t touch anything.”

Ken Munro, a security consultant with Pen Test Partners, told the BBC that it can take “a matter of minutes” for criminals to piggyback on insecure wireless connections… “So what I guess has happened here, is that the hacker has cracked the wi-fi password and then made changes to the router configuration, so their illicit activities on the internet appear to be coming from the innocent party.” In March, when the couple’s devices were returned and the case closed, the police officer assigned to liaise with them seemed to corroborate that unauthorised use of their wi-fi was to blame. But it couldn’t be proved… The problem is industry-wide, points out Mr Munro.

“Internet service providers have started to improve matters to make these attacks harder, by putting unique passwords on each router. However, it will take years for all of the offending routers to be replaced,” he said.

It’s not uncommon for people not to change the default passwords on routers that they buy, or hardware that they get from ISPs. And this is dangerous. What’s even more dangerous is if they have gear that forces a password change, the password that gets put in is weak. Meaning that they might as well have not bothered to change their password. And that typically doesn’t end well as evidenced above. Thus, I would strongly recommend that you change your WiFi password to something strong. If you’re not sure if your password is strong, you can use this site to have it assess your password, and help you to pick something that can’t be exploited.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: