Our home networks have been ever growing. Originally it was just having a basic network for a PC at home, which at the time was usually just a desktop connected to a dial up connection. Now however, we have a host of devices, games consoles, personal devices and home appliances all on our home network, all adding to the complexity and therefore the security risk of our home networks.
Following on from our basic dial up connection our home network started to grow, first with the addition of Wi-Fi capability to allow internet access for laptops and also mobile phones. Next, with the introduction of broadband and fibre, our children might have introduced a gaming system such as a PlayStation or Xbox into the house again linked to the network and the internet. Next we start introducing networked and then Wi-Fi enabled printers before moving on to add home helper devices such as the Amazon Echo or Google Home. We might even have added Internet of Things devices to our home network such as remote managed heating and lighting, or an internet enabled fridge freezer or kettle. Internet enabled, and therefore network connected, surveillance may have been added in the form of a home security system or possibly a baby monitoring system. The list of network connected home devices continues to grow and with that the complexity of our home networks. They are now at a point where the complexity of a home network may equal or even exceed that of a small business network.
The issue here is security. When we pick up our laptop to go on the internet to access our personal banking we assume it is safe to do so due to the various safety features on our laptop and on our Wi-Fi router. We think about our security largely in terms of separate devices however our network security is largely based on the sum of all devices connected to the network. Therefore, the more devices we have connected, the more complex the network becomes and the weaker the network security becomes.
Our network security is largely based on the security of the weakest devices. So have we taken time when connecting a new device to review the available security options and to change the default passwords? Actually, have we considered security when purchasing the device in the first place? And in the longer term do we revisit the device and perform updates to ensure that the software on the device is such that any identified vulnerabilities have been addressed?
We talk about digital literacy and how we want our students to be literate in the use of technology however the security aspect of our home networks if largely overlooked. The question is can you truly be digitally literate if you are using your home network without considering security? Can you be digitally literate if you happily add additional devices to your home network without concern for the security implications? Another question is where do we cover these issues in our teaching of digital literacy within schools?
When out and about we consider Wi-Fi to be an essential and as a result of this businesses are seeking to meet the need. Cafes, hotels, shops and shopping centres, as well as conference venues to name but a few are now generally providing free Wi-Fi. It’s not a difficult process for them; pay a service provider and buy a few wireless access points and you are up and running, and the general public will connect and use without a thought.
And herein lies the issue as I became aware during a recent visit to a hotel. During the visit I was provided with a Wi-Fi key in my hotel room so I could access the free Wi-Fi however for some reason something did not quite feel right. After a few minutes of basic checking I found that the routers management console was accessible via the Wi-Fi connection as opposed to requiring a wired connection. A rather basic security precaution had not been taken in disabling Wi-Fi access to the console however the worst part was yet to come. It turned out that the default username and password for the router was still enabled and as such anyone could gain access and reconfigure the router and Wi-Fi network to meet their needs. For me this represents a grave and serious lapse in the security setup. Although it had been easy for the hotel to set up its free Wi-Fi provision, they had failed to set it up securely, in a way which I would have considered to have been “properly” set up.
The above highlights the risks associated with free Wi-Fi. Someone could easily setup a man in the middle attack using the lax security of this Wi-Fi network. People would then access and use the Wi-Fi unaware of the fact that a threat actor was gathering or monitoring their data. Truly nothing is free in this world, and in this case the free Wi-Fi may be free of cost but it certainly isn’t free of risk. And in this risk there may be a future financial cost in fraud or identify theft based on the data harvested.
I do not think this one hotel is unique in its poor Wi-Fi network security. I suspect that among the many establishments offering free Wi-Fi there will be many where the security is equally poor and that this will be especially common among smaller organisations where an IT department is likely to either be limited or not to exist.
As end users it is our responsibility to look after our own data security when out and about. We cannot assume that others such as the providers of free Wi-Fi are doing this for us, especially where there is no is financial contribution paid to them towards the costs associated with doing so. And for those providing free Wi-Fi I would ask that they engage a suitable professional in order to ensure their setup is at least provided with the basic security precautions. If you aren’t willing to do this then you shouldn’t provide the service!
I also think there is an educational aspect to all this; Are we adequately discussing the risks and required precautions with the students in our schools. I would suggest we need to do so with some urgency.