More than one third of all wireless network businesses insecure;Popularity of public wireless hotspots compounds problem
BEDFORD, Mass. & BRACKNELL, UK, Thursday, March 10, 2005 — The explosion of wireless networks at the heart of some of the world’s largest commercial cities is exposing businesses to “drive-by hacking” and other security risks, experts have warned. Research commissioned by RSA Security revealed that more than one third of businesses with wireless networks are open to abuse from hackers and criminals in the street or a neighbouring building.
“For a potential hacker it is almost a case of walking down the street and trying all the doors until one opens – it is almost inevitable that one will,” said John Worrall, vice-president of worldwide marketing at RSA Security, Inc. “Our research shows that wireless networks in Europe’s financial capitals alone are growing at an annual rate of up to 66% and more than one third of businesses remain unprotected from this type of attack.”
Researchers undertook studies in the business centres of New York City, San Francisco, London and Frankfurt. In all cities, more than one third of wireless business networks were found to be unsecured – 38% of businesses in New York, 35% in San Francisco, 36% in London and 34% in Frankfurt.
The survey also revealed that many businesses had failed to take basic security precautions such as reconfiguring their default network settings. This means that wireless network access points could still be broadcasting valuable information that could be used by potential hackers and assist them in launching an attack. In London 26% of access points still had default settings; 30% in Frankfurt; 31% in New York and 28% in San Francisco.
In addition to the business security issues, researchers also found an explosion in public access wireless hotspots: 12% of all wireless network access points in London fell into this category, compared with 24% in Frankfurt, 21% in New York and 12% in San Francisco.
“These figures are another stark warning to unsecured businesses to get their act together,” said Phil Cracknell, chief technology officer at netSurity and the author of the research. “The rapid rise of wireless public access hotspots runs in parallel to the increased risk to businesses that operate wireless networks with little or no security. Accidental or intentional connection to a corporate network can bring with it a series of security issues including loss of confidential data and installation of malicious code. Fuelled by the availability and abundance of hotspots, mobile users now expect to find – and know how to use – a wireless network. The question is whose network will they access, and what will they do when they are there.”
Worrall, of RSA Security, added, “These results reinforce why it is crucial to increase understanding of security risks in both the wired and the wireless world. This is the fourth year of our survey and the situation shows no sign of improvement. Whilst it is clear that business are benefiting from the flexibility and ease-of-use of wireless technology, they must also ensure that the right security steps are taken to protect against exploitation.”
With a laptop computer and free software available from the Internet, researchers were able to pick up information from company wireless networks simply by driving around the cities’ streets. In the wrong hands this type of easy access to a corporate network could be used to get hold of confidential information, disrupt business – or the network could be used to launch an Internet attack on another organisation.
The research, commissioned by RSA Security, the leader in protecting identities and information access, and undertaken by independent information security specialists netSurity, was designed to quantify the extent to which companies’ wireless networks ´leak´ data traffic into the street, providing potential access to hackers from their car or a nearby building.
The research executive summaries – including wireless network security advice – are available on the RSA Security website at www.rsasecurity.com, or by e-mail at firstname.lastname@example.org.