Home Wi-Fi networks the next target for cyber crime: Layer 10

Increasing proliferation of private networks, access by outside forces a concern for consultant Paul Brooks

Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.

According to Paul Brooks, chief at Layer 10 Consulting - which contributed heavily to key aspects of the National Broadband Network - the density of Wi-Fi networks combined with lax encryption practices poses a major risk of data seepage.

In addition, current wireless security approaches such as WEP (Wired Equivalent Privacy) and Wi-Fi Protected Access (WPA) were in need of updating in favour of the new G.hn standard. This is a standard for high-speed home networking that spans coaxial cable, electrical wiring and phone lines.

"This is going to be the technology of choice for buildings where you can't retro fit with dedicated cabling for networking," he said. "For small businesses and homes, what we need to focus on is encryption and strong quality of service guarantees that won't be interfered with by other technologies.

“In some places with wireless signals you have the issue of leakage to neighbours that people could pick up on and get access to your confidential data."

Brooks said that even if cyber criminals were not trying to gain access to the home users' data it was easy, due to the close proximity of different wireless networks, to unwittingly interfere with wireless signals and cause them to stop working.

"Big organisations have staff to look after internal local area networks (LAN) and encryption technologies," he said. "But if you were a cracker and were looking to get access to people's banking details, it's much easier to tap in to the information at the source in people's homes rather than capture it in transit between the two."

That meant the adoption of high band width technologies was needed.

Besides security concerns, he pointed out that the newer generation of Wi-Fi offerings have short ranges.

"Their maximum range is touted to be in the region of five to nine metres so they are not going to be a solution to the problem.

Those offerings will be great for joining your DVD player to your TV remotely and getting rid of the rat's nest of cabling behind your TV but they are not going to be a solution for blanketing your house with a network that allows devices to interconnect."

He also said that the materials used in apartment blocks, such as concrete, can block Wi-Fi signals.

"For the gigabit wireless signals, a brick wall could completely block the signal [between walls] and reduce it to one room."

Another problem noted by Brooks is consumers would not have control over some aspects of the home network.

For example, digital network TV providers or digital rights holders would want the service provider to set up a fully encrypted end to end channel through to the output of the display device.

"To achieve that in a broadband world means the service provider will need to set up a secure encrypted channel between the broadband modem and the set top box.

You end up with a network. or multiple networks, inside the user's home that the user doesn't control," he said.

According to Brooks, this was like the electricity smart metering concept where the electricity provider wants a link between the consumer's smart meter and NBN connection.

"They want that [link] to be encrypted with a password. However, they want this set up in a way that the end user can't view the signals and can't block the signals [from the smart meter],"

While Wi-Fi security needed to grow in importance, he said Web browsing had become safer as protection was in place.

"You're covered if the devices and applications that people are using involve end to end encryption and we see that with Internet banking all the time. Web browsing is protected through the security socket layer (SSL). Then you only need to worry about distributed denial of service (DDoS) attacks and if someone stops the communication from happening."

Brooks is scheduled to present at the upcoming security conference AusCERTin May.

IDG Communications is an official media partner for AusCERT 2011.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

Join the CSO newsletter!

Error: Please check your email address.

Tags layer 10spectrumauscert 2011cyber crimeNBNWi-Fi networks

More about CERT Australiaf2IDGIDG CommunicationsIDG CommunicationsIDG CommunicationsLAN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts