Exploring the Weak Links of Internet Security : A Study of WiFi Security in Hong Kong

WiFi connection is a necessity today for all of us. WiFi allows us to access the Internet from any enabled spot without the need to plug in. However, a well protected WiFi network requires certain security knowledge of WiFi users and other stakeholders. This paper investigates WiFi usage, WiFi security and the knowledge of it in Hong Kong. This study is exploratory in nature and the insights gained is expected to help both government and commercial WiFi network providers to identify gaps in the current service and shed light on future directions and areas of improvement. This study found that many home users of WiFi in Hong Kong are oblivious of the importance of WiFi security and there is a significant gender difference in WiFi security perceptions and knowledge among WiFi users in Hong Kong. It is suggested that steps must be taken to raise the awareness of the users of the importance of WiFi security and targeted measures must be taken to help users, especially female users to use WiFi safely.


Introduction
Internet access has become an integral part of our everyday lives.While the exploding popularity of mobile devices such as smartphones, netbooks, notebooks and computer tablets, has increased the demand for Internet connectivity, the use of cloud storage services (Dropbox and SkyDrive), the spread of communication Apps and software (e.g., WhatApp, WeChat and Skype) and social networking Apps and software (e.g., facebook and LinkedIn) that run on mobile devices, and the movement of a record-setting volume of data across the networks have fuelled the demand for reliable WiFi services which are seamless, secure and always-on.
To individual users of mobile devices, seamless Internet connectivity and mobility is a necessary convenience; to the business sector, it is a new marketing conduit and a new source of income, while to the WiFi service providers, both government and commercial, it represents a significant opportunity for more business and enhanced competitiveness.
Many Internet users who are enjoying WiFi at home and offices expect that the same level of convenience can be enjoyed in hotels, the airport, coffee shops, school campuses, public areas and shopping malls across the territory.But as our society evolves and develops, the expectation of our Internet users also grows and changes.Though general users may not be concerned about the technologies they use to satisfy their communications needs, they do expect that the WiFi networks they are using support mobility and there are some degree of consistency and a high level of security in the ways services are presented.It is of the utmost importance that both government and commercial WiFi network providers are well aware of these expectations and will work not only to meet them, but also to get ahead of them by providing reliable infrastructure and innovative services.
This study focuses on WiFi users in Hong Kong.It is the academic paper version of the "Wi-Fi Adoption and Security Survey 2013" project (Wong & Fong, 2013) sponsored by the Hong Kong Wireless Technology Industry Association (WTIA).The purpose of the study is to investigate WiFi usage, WiFi security and the knowledge of it in Hong Kong and the project aimed at helping stakeholders to understand more about the user experience, awareness and perceptions of WiFi service and security in Hong Kong.Special attention will be given as to whether there is gender difference in WiFi security perceptions and knowledge among WiFi users in Hong Kong.This study is exploratory in nature and the insights gained from the study can both government and commercial WiFi network providers to identify gaps in the current service and help shed light on future directions and areas of improvement.

Methodology
Conventional paper-and-pen self-administered questionnaire was used to collect data from a total of 208 respondents.To ensure continuity, most of the questions in the questionnaire were based on the Report on Wi-Fi Adoption and Security Survey 2012 (Zhan & Yen, 2012).One major finding of the 2012 report was that the majority of WiFi users in Hong Kong were using the WEP encryption which is considered as unsafe and highly vulnerable to cyber attack (Stimpson, Liu, & Zhan, 2012).It was also found in the annual Wireless LAN War Driving Survey conducted by the Professional Information Security Association (PISA) and WTIA (PISA and WTIA, 2013) that 11.26% of the WiFi networks along the tramway on Hong Kong Island had no encryption and 15.47% of them used WEP encryption in 2012.This paper aims at extending existing research on WiFi security adoption.To explore the reasons behind a user's adoption of WEP encryption technology, additional questions are devised to gauge the user perceptions and behaviours.

Types
Figure 1 sh the majori used WiFi used WiFi

Use of WiFi Network
Table 5 illustrates the frequency distribution and percentage composition of the amount of time the respondents spent on WiFi connection.Of the 208 respondents who completed the questionnaire, 4 (1.9%) did not answer the question on the amount of time they spent on WiFi connection and 5 of them (2.4%) indicated that they had never used WiFi connection.Of the 199 respondents (95.7%) who stated that they used WiFi connection, the majority (52.26%) of them were frequent users of WiFi, who spent more than 4 hours per day on using it.They were followed by the occasional users (31.66%) who spent less than 10 hours on WiFi connection per week.Those who used WiFi connection when necessary accounted for 16.08% of the total only.Other activities 5.8%

WiFi Tethering
When being asked whether they had ever shared their Smartphones as a WiFi Hotspot, i.e.WiFi tethering, the majority (51.0%) of the respondents answered in the affirmative but 43.3% of the respondents answered in the negative.A small percentage (5.8%) of respondents were not sure whether they had ever shared their Smartphones as WiFi Hotspots.
When being asked whether they had ever enabled WiFi security setting when sharing their Smartphones as a WiFi Hotspot, about half (47.3%) of the respondents answered in the affirmative, while nearly a third (31.9%) of them answered in the negative.More than one-fifth (20.7%) of respondents were not sure whether they had ever enabled security setting when they sharing their Smartphones as a WiFi Hotspot.
Table 8 is a breakdown of the respondents' use of WiFi tethering and their use WiFi tethering enable security setting by gender.It shows that 57.6% of the users who used WiFi tethering were males and 39% were females and the percentage of male users who would enable the security setting when using WiFi tethering was higher than that of their female counterparts (52.4% vs. 28.9%).Table 8 also shows the respondents' use of WiFi tethering and their use WiFi tethering enable security setting in terms of the respondents' experience of using WiFi.It shows that those respondents who had used WiFi for a longer time (more than 2 years of using WiFi) tended to use WiFi tethering more than the less experienced users (less than 1 years of using WiFi).The majority of users with more than 2 years WiFi using WiFi (68.2%) used WiFi tethering and 64.0% of them would enable the security setting of their devices when using WiFi tethering.
Only small percentage of the less experienced users who used WiFi (17.1%) used WiFi tethering.Among this particular group of less experienced users, only 12.1% of them would enable the security setting of their devices when using WiFi tethering.

WiFi Security
Table 9 shows that half (50.0%) of the respondents expressed concerns over the use of WiFi to access the Internet as they were worried that their personal privacy might be disclosed as a result.On the contrary, 30.39% of the respondents were not worried that using WiFi to access the Internet would lead to disclosure of their personal privacy.The respondents who believed that security measures provided by WiFi were adequate is close to half (49.75%), which is considerably higher than those who believed that the security measures were inadequate (19.99%).More than half of the respondents (55.13%) believed that using WiFi to access the Internet was safe, while 20.97% of the respondents thought otherwise.Table 10 shows the breakdown of the respondents' perceptions of WiFi security by gender.It reveals that, comparing with the female respondents, the male respondents had a greater tendency to give neutral responses to the three questions on WiFi security.It also reveals that the female respondents were more concerned about the possible disclosure of personal privacy while using WiFi to access the Internet than the male respondents (60.47% for females vs. 47.1% for males).As regards the adequacy of security measures provided by WiFi and the safety of using WiFi to access the Internet, the female respondents were slightly more doubtful about the adequacy and safety of the Wifi network than the male respondents (23.26% and 25.58% for males vs. 20.0%and 20.65% for males).As for the types of WiFi standard that the respondents used at home, this study found that more than one-third (35.6%) of the home WiFi users did not know what kinds of WiFi standard they were using.For those who know what standards they were using, 33.7% of them used 802.11n.They were followed by those who used 802.11g(23.6%).The share of home WiFi users who used older standards, i.e., 802.11a standard and 802.11b standard, were 7.7% and 13.0% respectively.
Table 11 shows the types of WiFi encryptions used by the respondents at home.It shows that 5.8% of the home WiFi users did not use any WiFi encryptions in their home WiFi networks and 17.8% of the home WiFi users did not know what kinds of WiFi encryption they were using.For those home WiFi users who used WiFi encryptions, the majority of them (37.5%)used "WPA/WPA2 using AES".They were followed by those who used "WPA/WPA2 using TKIP" (27.9%).Only 8.7% of the home WiFi users used WEP (Wired Equivalent Privacy).
Table 11 also shows that 34.9% of the female WiFi users did not know what kinds of encryption method they were using at home, which is much higher than the 13.4% share of male home WiFi users.Moreover, 7.0% of the female WiFi users did not use any encryption in their home WiFi network, which is considerably higher than the 4.5% share of male home WiFi users.It also shows that 42.7% of the male WiFi users used the most advanced WPA/WPA2 with AES encryption technology at home, whilst only 20.9% of the female WiFi users used the same technology at home.The percentage of male home WiFi users who used WPA/WPA2 using TKIP encryption technology is also higher than that of the female users (29.9% vs. 23.3%).
Of the 8.7% WiFi users who were using WEP at home, those who answered that they were aware of the fact that the technologies were not safe in a follow-up question on the safety of WEP encryption technologies accounted for 54.2%, while those who indicated that they didn't know that the technologies were unsafe accounted for 45.8%.
Of the 54.2% of respondents who said that they were aware of the fact that WEP technologies were not safe, 30.1% of them said that they still used WEP WiFi encryption technologies because they didn't know how to change to a more secure technology.They were followed by those who said that they were still using WEP because the devices on the customer end did not support more secure technologies (27.3%).Other reasons for not changing to safer alternatives include the respondents' lack of time to change to another technology (12.7%), their routers do not support more secure technologies (12.7%) and they cannot change the setting because the router settings were done by suppliers (12.7%).
What asking the respondents what additional WiFi security measures they used at home other than encryption.It shows that 21.2% of the WiFi users did not use any additional WiFi security measures in the WiFi networks at home, and 19.2% of the home WiFi users did not know what kind of additional WiFi security measures they were using.For those home WiFi users who used additional WiFi security measures, 33.7% of them changed the administrator password of their WiFi devices.They were followed by those who change the default SSID of their WiFi devices (30.3%).About one-fifth of the home WiFi users disabled SSID broadcasting of their WiFi devices and 16.8% of them enabled MAC address filtering.Only 6.7% of home WiFi users used VPN.

WiFi Security Knowledge
Table 12 shows that is a breakdown of respondents regarding to questions on knowledge of WiFi security.In responding to the question of whether they have good knowledge on WiFi security, 58.7% of the male respondents believed they have while only 41.9% of the female respondents believed so.In responding to the question of whether they can explain WiFi security to others, 57.4% of the male respondents believed they can while only 30.2% of the female respondents believe so.In responding to the question of whether they know how to use the security setting in WiFi, 63.2% of the male respondents believed they know while only 30.2% of the female respondents believed so.In responding to the question of whether they know how to teach others to use the security setting in WiFi, 53.5% of the male respondents believed they know while only 23.3% of the female respondents believed so.

Discussion
WiFi connection is a necessity today for all of us.WiFi allows us to access the Internet from any enabled spot without the need to plug in.It allows us to connect several devices to one network wirelessly and makes it possible for us to maintain constant contact with family, friends and clients.However, not every member of the public understands the different WiFi security measures and the strengths and limitations of the methods adopted.
And they may also have different perceptions or even misunderstandings on the these methods.To increase WiFi adoption and to improve Internet security, it is important for the government and members of the ICT industry to have a clear understanding and a firm grasp of the public perceptions on WiFi use and security.Setting out to examine WiFi usage, user knowledge and security in Hong Kong, this report provides an empirical assessment of user perceptions on a number of key issues of Information and Communications Technology (ICT) development in the territory.

WiFi Usage
On WiFi usage, it is found that the majority of respondents use WiFi to obtain information from the Internet, contact friends and conduct online activities.A close scrutiny of the data reveals that there is a gender difference in the purposes of obtaining WiFi connectivity, with females showing a greater tendency to use WiFi for social networking purposes while males for addressing work-related issues and for learning purposes.
While the gender difference in WiFi usage may offer clues about the differences in the positions and roles of men and women in Hong Kong, it may also suggest that WiFi, in a certain way, has enabled women in Hong Kong to maintain or extend their social circle or even to assist some of them, especially the working mothers, to reduce work-life conflicts, so that they can cope better with their increasingly demanding roles as a parent, a spouse and an employee.How to leverage this for more business opportunities is a challenge for all stakeholders in the ICT industry.
Over half of the male respondents use WiFi to complete their work, and close to 80% of the male respondents use WiFi to access the Internet at home.While these findings may suggest an increasing blurring of the divide between work and life among men, it may also mean that steps must be taken to enhance WiFi security and awareness of the risks involved in view of the growing trend of performing work-related tasks from home among users.
Despite the wide variety of mobile devices available in the market, the research reveals that smartphone is the most prominent and dominant device used by the people in Hong Kong to access the Internet via WiFi.Small, sleek, user-friendly and highly addictive due to their entertaining apps and games, the growing popularity of smartphones as a leading mobile device means that people need connectivity all the time, whether at home or on the go.It will just be even tougher for WiFi service providers to live up to that connectivity requirement, especially in view of the fact, as highlighted later in the report, that connectivity problems, i.e., inadequate WiFi access points, inadequate bandwidth and unstable service quality, top the list of main concerns over public WiFi service in Hong Kong.

WiFi Security -Knowledge and WiFi Tethering
The respondents are generally satisfied with WiFi security in Hong Kong but like WiFi usage, there is a significant gender difference in the respondent perception of WiFi security in Hong Kong.Female respondents are more worried about the security implications of using WiFi than the male respondents.They are less sure of the adequacy and safety of the Wifi network.The perception of higher risk may probably reflect the fact that some women are less familiar with ICT technicalities, hence the more cautious mood felt by them when answering a question which they believed they didn't seem to know as much as their male counterparts.
The female respondents' lack of confidence is evidenced by the significantly lower percentage shares of women who believe that they have good knowledge of WiFi security, or they have the ability to explain to others what does it mean by WiFi security, or they are less capable of using the security setting in WiFi.In addition, only 20.9% of female respondents used "WPA/WPA2 using AES" and over a quarter of the female respondents answer they have no idea what type of encryption technology they are using.
As on the issue of using smartphones to share WiFi connection to other mobile devices known as WiFi tethering, gender difference also exists.57.6% of the male respondents indicate that they have used WiFi tethering and 52.4% most of them have enabled security setting when doing this.The respective shares of women who are in the affirmative in answering the same questions are 39.0% and 28.9% only.
The significant gender differences with regard to WiFi security, knowledge of the security vulnerabilities in WiFi and WiFi tethering are worrisome and call for concern from all stakeholders in the industry.To avoid making women an easy and vulnerable target for cyber attack, promotional activities should be organized to raise awareness of WiFi security among women.Work must be done to provide women with the means to receive the training they need so that they can use WiFi safely and more confidently.

Encryption and Extra Security Measures
While it is encouraging to find that those who use no encryption at all only accounts for 5.8% of all responding home WiFi users, it is however, alarming to see that 17.8% of those who do use encryption have no knowledge of the type of encryption they are using; and for those who know what they are using, 8.7% are using the WEP encryption, which is old and unsafe and which can be easily breached by a hacker (Sharma, Mishra, & Singh, 2013;Stimpson et al., 2012).
In addition, over one-fifth of the respondents take no extra security measures when using WiFi at home.Worse still, of those who take extra security measures, close to one-fifth of them have no knowledge of what are the extra precautions taken, well over half of them do not take the simplest precautionary measures to protect their data such as changing the administrator password (66.3%), changing the SSID (69.7%) or disabling the SSID broadcast (78.8%).
It is the industry's concern that WiFi users in Hong Kong have limited knowledge of WiFi encryption.It is clearly important that stakeholders should work together to educate WiFi users of the need to protect their own data and the various means of achieving it.For those home WiFi users who do not use any encryption or are still using WEP encryption, targeted measures should be taken by stakeholders to teach them of the imperative need to use or change their encryption to WPA (Wireless Protected Access) or WPA2 encryptions so as to ensure that data can be transferred from the router to the mobile devices in a more secure manner.
It is also important to teach users of the technical differences between encryption technologies and the different effects they have on usability, transparency and security.There are two encryption technologies in use in WPA and WPA2, namely Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).Though AES is considered as faster and more advanced than TKIP encryption, it requires more computing power to run than TKIP encryption.It is important to help users to understand these differences in operating requirements so that they can make the best choice against data loss or theft (Stimpson et al., 2012).
It appears also that many home users of WiFi in Hong Kong are oblivious of the fact that protecting personal data through encryption alone is not enough.Steps must be taken to raise the awareness of the users of the importance of changing their WiFi network SSID and administrator password.Moreover, as home WiFi networks are mainly used by family members, there is no point to broadcast the networks' SSID.It should be part of education to teach users to disable their SSID broadcasts to protect their data.

Further Study
Hong Kong is a leading international city and one of the regional hubs for Internet technology.The adoption of new technology is fast and technologies adopted in Hong Kong provide a good example for the rest of China and other Asian countries to formulate their Internet and WiFi strategies.The provision of government free WiFi services and the strengths and weaknesses that Hong Kong experiences may also serve as good reference for other cities in China.With the accelerated spread of Internet technology and WiFi adoption in less developed areas in Asia, it may be worthwhile to replicate this research in other parts of China and Asia as well.
As part of the "2014 Digital 21 Strategy", Hong Kong government has decided to double the number of free public Wi-Fi hotspots across the city.About 10,000 new hotspots will be installed in 5,400 locations, including public parks, libraries, subway stations, shopping malls.With the increasing number of hotspots WiFi security will become even more challenging.Further study should be conducted to identify the changes and the new benefits and challenges of providing more free WiFi services.

Table 3 .
Use of WiFi network for Internet access by age and gender

Table 4
shows the breakdown of the use of the five main types of WiFi Internet network by education level.The Bar chart shows that those who used WiFi in office were more highly educated than those who used WiFi via other featured networks, i.e., in business districts, on campus, at home or via GovWiFi.

Table 4 .
Use of WiFi network for Internet access by educational level

Table 7 .
What activities have you conducted using the WiFi network?

Table 8 .
WiFi tethering and security setting by gender and WiFi experience

Table 9 .
WiFi security

Table 10 .
WiFi security

Table 11 .
WiFi encryptions used by home WiFi users

Table 12 .
WiFi security knowledge