Monday 19 October 2009

TalkTalk’s WiFi Hacking No No!

Last week Internet Service Provider (ISP) TalkTalk pulled a hacking publicity stunt, which they aimed to demonstrate why they should be absolved of all responsibility for the portion of their customers who illegally file shared pirated material. TalkTalk visited a street in North London, and hacked into poorly secured residential wireless networks. Accessing insecurely configured residential WiFi is old news and is illegal, TalkTalk’s point in doing this was to show that anyone could be using residential wireless access points for file sharing illegal material, again nothing new in that either.  http://blog.itsecurityexpert.co.uk/2008/11/reason-to-secure-your-home-wifi.html

However the double standards here, is the prime reason why the majority of home wireless networks in the UK aren’t secured to a sufficient degree in the first place, is because ISPs have been providing their customers with wireless access points (routers) in an insecure fashion for years.

As far back as 2001 WiFi WEP security has been known to be broken, however in 2007 when I assessed new home Wifi Router provision by ISPs in the UK, I found the majority of ISPs were still providing home Wireless Access Points with WEP security by default. Of course the vast majority of their customers aren’t savvy enough to properly secure their home Wi-Fi with WPA2 encryption, in fact most customers when asked tended to trust their ISP to provide them with an appropriately secure home WiFi network.

Any school boy with a “Facebook” level of computer knowledge can break into a WEP protected WiFi home networks in just minutes. WEP is not encryption, and it should never be referred to as “Secure WiFi” as some ISP’s had been describing it in recent years. TalkTalk tended to not provide their customer with Wireless networking, however this led to many of their customers to go out and buy their own wireless access point as a result, many of which haven't properly secure their WiFi or even use worst, deployed it without any security in place at all . Interesting how TalkTalk charge £99 to configure their customer’s WiFi Router to WPA2, in my view they should be doing this for free, as TalkTalk’s competitors have moved to providing their customers with WiFi networks with WPA2 enabled by default for zero cost.

I think TalkTalk should face up to their responsibilities as an ISP, and stop TalkTalk customerswho share illegal content, which isn’t always pirated movies and computer games, but can be the more unsavourily stuff on the Internet. I don’t think it's right for TalkTalk to go around hacking real world environments which are already well known to be vulnerable for self publicity, even with the resident’s permission. I think the ethics of this is highly questionable because TalkTalk’s message wasn’t about advising citizens and their customers on how to secure their home WiFi networks, but about TalkTalk not wanting to spend the money in policing their customer’s internet activity.

Finally illegal file sharing is never in the interest of TalkTalk’s honest and legitimate customers, who are likely to suffer slower internet speeds as a result of the illegal internet bandwidth hogging by the few.

2 comments:

Brian said...

So, the ISP should be policing content rather than simply providing the transport?

About time we blame the electric company for everything bad that people do using electricity. Go after the car manufacturers for everything that happens in cars. The gun manufacturers for everything that happens with guns. When you take a real objective look at it, the provider of the product/service should not be responsible for the use of it.

mark.busby@sky.com said...

Dave,
Do you knwo what tool Talk Talk used to do this demo ? It looked like Google Maps and some sort of wifi mapping tool. Any idea what ?
Thanks
mark.busby@sky.com