Monthly Archives: May 2019

Can we guess – how many local businesses can be hacked in 30 minutes?

13 in 30 minutes. Yes, in 30 minutes of driving around a small town in Indiana my cell phone found 13 businesses still using far outdated WIFI security protocols that have, for many years, been easily cracked by hackers in 30 minutes or less. This is 2019 folks – this should not be happening! As a business owner, customers should be able to trust that their data is secure when doing business with you. Plus you are responsible – by law – to protect your customer’s data from prying eyes.

The list of very insecure businesses touches almost everyone in their daily life. Some of those found include hardware stores, furniture stores, coffee shops, dry cleaners, animal hospitals, a golf course, a grocery store, a discount store and a government office.

If you are a customer of one of these businesses, as I am, you should assume that your identity has been stolen. And that’s not all. 74 of the homes still use the same outdated security protocols on their WIFI routers. In all 25% of the 429 WIFI routers that my cell phone picked up in a 30-minute drive while using a well known freely available app that will monitor and record WIFI SSID’s, signal strength, GPS location, and security protocols would be easily hackable in 30 minutes or less by an average digital thief with intent to steal your data or identity.

Here are the numbers by security protocol:

WEP Security – 24 Homes and Businesses. The easiest to hack.

WPA Only – 62 Homes and Businesses. Only slightly more secure.

WPA + WPA2 – 343 Homes and Businesses. Still hackable, still has WPA.

WPA2 Only – 0. Nada. None! Not perfect, but the better choice.

This isn’t just happening in small-town Indiana. It’s just as bad or worse in more densely populated areas. Consider the number of homes I found with very insecure protocols. Do business owners work on the business at home? As a small business owner myself, I know they do. Is their home WIFI router secure? Maybe…maybe not.

This is small town America, there are no hackers here, right? Wrong! I actually interviewed a professional hacker just 30 minutes away. And he was smart. So smart in fact that I felt very uneasy having my cell phone on at the time. Was he running a mobile hacking tool out of his backpack? Needless to say, I did an in-depth malware scan of my phone and then changed all of my passwords, making sure I also enabled 2-factor authentication on all accounts.

So what can a hacker do if they steal your WIFI routers password? For one, they can set up a ‘Man in the Middle'(MITM) attack. By configuring a mobile WIFI router with the same name and password as yours, they can cause your laptop, smartphone or other devices to disconnect from your real router and connect to their MITM hacking router. By doing this they will be able to intercept emails, login names, passwords, etc as you enter them. Now, what secure websites could they login to, pretending to be you? Think about that.

What can you do as a business owner? First, at a minimum login to your router as the admin and change the wireless security to WPA2 only. Then change the WIFI password. No WIFI is absolutely secure, but it’s the best option you have as a small business owner without a corporate I.T. department and bigger bucks to spend on extra security. Just because you are not a fortune 100 company doesn’t mean you have to be the low hanging fruit for hackers.

As a customer, just ask them. Ask if they have updated their WIFI routers to use only the latest wireless security protocols and if they ever change the WIFI password. Most probably don’t, as I found out in 2015 when I did a similar study. What are your thoughts? Has your identity been stolen? Feel free to share this article and together we can make a difference!

David Dubree

@DavidDubree