7-year-old shows how to hack Wi-Fi in less than 11 MINUTES | Daily Mail Online
Hacking Wi-Fi is child’s play! 7-year-old shows how easy it is to break into a public network in less than 11 MINUTES

  • Experts predict a rise in criminals hacking ‘free Wi-Fi’ in 2015
  • To highlight the dangers, a virtual private network provider asked a seven-year-old to hack a network
  • The child watched an online tutorial before hacking into the Wi-Fi hotspot
  • It took her just 10 minutes and 54 seconds to infiltrate the network

Just two days after an investigation revealed how much personal information public Wi-Fi networks can ‘suck’ from phones, a child has shown how easy the hotspots are to hack.

A seven-year-old broke into a Wi-Fi hotspot in just 10 minutes and 54 seconds after watching an online video tutorial.

The ethical hacking demo was carried out under the supervision of an online security expert to highlight just how vulnerable the networks are.

Experts predict that attacks on free, public Wi-Fi networks will rise in 2015.

An investigation by 5 News earlier this week found that hackers can force customers in a café to switch their phones from a legitimate Wi-Fi network to a fake one, without them knowing.

This made it possible for thieves to access phones, hack email accounts, steal login details, track people's movements and access online bank accounts.

To put these dangers into perspective, virtual private network (VPN) provider Hidemyass.com (HMA) recruited a child to attack a public network.

Betsy Davies from Dulwich in South London hacked a willing participant’s laptop while they were connected to an open Wi-Fi network.


Sniffing/eavesdropping: The method of passively listening to data on the network without the users knowledge by tricking the network into passing all data through the hacker’s computer first.
Man in the middle attack: A method used to intercept traffic between a user’s device and the destination system, such as the café offering the Wi-Fi, making a victim’s machine think the hacker’s machine is the access point to the Internet.
DNS cache poisoning: A method of attack whereby ‘updated’ data is used to enable the hacker to divert the traffic to the hacker’s destination of choice.
Rogue Access Points/Rogue APs: Wireless access points installed on a company’s network without the company’s knowledge. These access points override the legitimate network thereby allowing the hacker to perform a man in the middle attack and intercept data.
Unsecured Wi-Fi network: An unsecured Wi-Fi network is a wireless network that doesn’t request the user to log into it via the use of a username and password. These are usually displayed as OPEN networks.
WEP - Wired Equivalent Privacy: The first wireless security scheme developed, it was designed to provide security that was essentially equivalent to the privacy that was enjoyed in a wired environment. This is the least secure type of wireless network available.
WPA - Used Temporal Key Integrity Protocol (TKIP): This protocol further improves the security of WEP without the need to buy new hardware. It still uses WEP for encryption, but it makes the attacks used to crack WEP a bit more difficult and time-consuming.
WPA2-PSK: This is the next level up from WPA and was designed for the home and small businesses . As the name implies, the new version uses a pre-shared key (PSK). This has become standard that is now used by most households today.
WPA2-AES: This is a version of WPA2 used by businesses. It uses the Advanced Encryption Standard, or AES, to encrypt data and is the most secure. It's often coupled with a RADIUS server that is dedicated for authentication.
RADIUS - Remote Authentication Dial In User Service (RADIUS): A networking protocol that provides centralised Authentication, Authorisation, and Accounting management for users who connect and use a network service within a business. These users are authenticated against the company systems for added protection.
Channels: Wireless networks use Channels which are separated out so that various communication streams don't interfere with each other. The 802.11 wireless standard allows for channels ranging from 1 thru 14.
Brute-force attack: A method in which a hacker will try and break the password by continuously attempting to log in with different credentials until they find one that works. It could take hours, days or months depending upon the complexity of the password being used.
Dictionary attack: A method used to ry and break the password of a user or wireless device by going through all the words in a dictionary, trying each one in turn until it finds a password which works.
Virtual private network (VPN): A VPN is a way of using the public internet like a secure private network. It encrypts data and routes it through remote servers, keeping the activity and location private and secure.

She began by searching for, and watching, a freely available video tutorial detailing how to hack a network - a Google search returns over 11 million results, and YouTube lists almost 14,000 tutorials.

The schoolgirl then set up a Rogue Access Point - frequently used by attackers to activate what is known as a ‘man in the middle’ attack, and began eavesdropping on, or ‘sniffing’ traffic.

Rogue Access Points are wireless access points, installed on a company’s network without the company’s knowledge.

These access points override the legitimate network, allowing the hacker to launch an attack and intercept data.

During this hack, Ms Davies was effectively sitting between the legitimate Wi-Fi network and the customer’s laptop, which is why it is dubbed a ‘man in the middle’ attack.


  • Ensure a network is genuine: Check the name of the network with a shop worker.

  • Check the lock: Secure websites display a green padlock symbol, also known as Https. Make sure this is present when using a site that handles personal data and avoid accessing sensitive documents or pages using public Wi-Fi.

  • Use a Virtual Private Network (VPN): Not all sites display the Https lock symbol, but a VPN will act as an intermediary between the device and the internet server.

  • Downloading an app? Check permissions: Before installing, make sure apps can't access unnecessary information. For example, a drawing app shouldn't need a contacts list.

  • Forget the network: When leaving a publich network, don’t just log off, ask the device to forget the network so it doesn’t automatically log on when in range later.

The experiment was overseen by independent online security expert Marcus Dempsey.

He is hired by companies to check the robustness of their network systems.

‘The results of this experiment are worrying but not entirely surprising,’ said Mr Dempsey.

‘I know just how easily a layman can gain access to a stranger’s device, and in an age where children are often more tech-literate than adults, hacking can literally be child’s play.’

‘Adults need to get their heads around online security basics - and stick to them whenever they connect to an unsecure network.

‘As for children, while it’s admirable educators are focusing on skills like coding, it’s important to teach them about the dangers that lurk online, as well instilling a clear sense of the ethics – just as we did with the child that participated in this experiment.

‘After all, as easily as one can now code a computer game, so one can fall into the dark world of hacking.’

A recent Cabinet Office report revealed more than half of people in the UK have fallen victim to cybercriminals.

According to follow-up research by HMA, nearly two thirds (59 per cent) of people regularly use unsecure, or ‘open’ Wi-Fi hotspots with one in five (20 per cent) doing so weekly or more.

Among those who use these unsecured networks, 19 per cent log on to online banking and 31 per cent send emails and personal documents.

Cian McKenna-Charley, marketing director at HMA added: ‘The image of cyber criminals hiding in a dark room in some far-flung part of the world is antiquated - they are just as likely to be sitting next to you in a coffee shop or public library.

‘And if a child can perform a basic hack on a Wi-Fi network in minutes, imagine the damage a professional criminal hacker could do.’


  • Hotels (34 per cent)
  • Shopping centres (29 per cent)
  • Public transport (23 per cent)
  • Libraries (18 per cent)
  • Public network hotspots (16 per cent)
  • Supermarkets (15 per cent)
  • Hospitals (8 per cent)
  • Public offices (8 per cent)
  • Schools and universities (6 per cent)
  • Museums and galleries (4 per cent)

  • Social media (50 per cent)
  • Work including sending emails and documents (31 per cent)
  • Online shopping (25 per cent)
  • Texting (25 per cent)
  • Online banking (19 per cent)
  • Booking holidays (9 per cent)
  • Video calls (6 per cent)