How to hack a wifi network in a few minutes

You don't have to be an IT expert to be able to make use of your neighbour's security enabled Wifi network. Just watch one of the dozens of online videos that explains how.

Despite most of them being fitted with some kind of password (WEP, WPA etc.), Wifi networks are still relatively vulnerable. And by using another person's network, hackers can illegally download documents or attack websites without being traced.

If pirates should download paedophilic pornography, it's the owner of the home network, the person who pays the monthly wireless fee, who will find himself in court. In France, an anti-piracy law called Hadopi 2 enforces this by making it impossible to sentence a home network owner for having a poorly protected network.

This video, viewed over a million times, shows how, with the aid of software, you can get hold of the password to a wireless network.

Contributors

"This vulnerability is mainly due to a lack of education on the part of the users"

Emilien Girault is an IT security consultant for SysDream.

A Wifi network is as safe as the person who installs it is knowledgeable. There are three basic levels of protection: WEP, WPA, and WPA2 keys. Most attacks target WEP keys, because they're the least secure. To hack a WPA key, more sophisticated material is sometimes necessary. Generally, the longer the password is, the harder it is to steal.

First you have to spy on the network, which we call ‘sniffing'. You survey the traffic and try to find the password. To do that you can launch an attack by what's called the ‘dictionary'; a programme that tries out various names that exist in the dictionary. There's also a ‘brute force' attack, which tries all character combinations possible. To find a password that's more than eight characters long can take over a week to find.

It's sometimes the internet provider that is at fault. Just recently hackers realised that the default passwords given out by Bbox, [a three-way wireless box offered by French mobile telecoms company Bouygues Telecom], were automatically generated using the network name. As most people don't bother to change their password, it meant that their networks were left exposed. This vulnerability is mainly due to a lack of education on the part of the users, which is then taken advantage of by hackers, making their work all the more easy.

Open networks, or ‘hotspots' that you can log on to in airports or train stations, are also affected. Internet providers are setting up increasing numbers of these hotspots. And although they require identification, there are ways of getting around the checkpoint. One technique is to put in place a ‘fake hotspot' in order to trick users into entering their user details into the fake portal. It then saves the data, and enters it into a database owned by the hackers. They can then be used to connect to the internet, or share it with others.

If you put all of this in the context of the Hadopi law, which enforces, amongst other things, the punishment of individuals who do not secure their connection, you soon realise, that actually applying the law, is very difficult. Firstly, we need to define exactly what a secure computer or network is..."
Close