WiFi Security Still a Major Issue

Like all new technologies WiFi has a good side and a bad side. In the case of London, Paris and New York, the good side is a marked increase in the availability of hotspot for road warriors on the go. The bad side is many of these hotspots may be rouge—designed specifically to steal information.

And, if your mobile professional is tapping into, say, a client’s internal WiFi network, there’s a 25% chance that network is almost completely unsecured, this according to research sponsored by RSA Security.

“It’s definitely good news in the availability of wireless … but the flip side of that is you have make sure you are careful and protected,” said Matt Buckley, communications manager for RSA. “Don’t send email, user names, passwords—any sensitive personal data over an unencrypted link.”

VPN and strong authentication are the best ways to do this, he said.

The largest year-on-year rise in WiFi network usage was discovered in London, where there are 57% more wireless network access points today than in 2005. The percentage increase in New York was an impressive 20%. In Paris, the increase from 2004 to 2006 was 119%.

And, in both London and New York, more businesses are securing their wireless networks by switching on the WEP encryption capability provided as standard.

In London WEP usage rose from 65% in 2005 to 74% in 2006. For New York, WEP usage increased from 62% in 2005 to 75% in 2006. And Paris, which has the highest levels of encryption at 78%, posted an increase over 2004’s figure of 69%.

This is an encouraging sign, said RSA, although in all cities, around a quarter of the wireless networks identified as belonging to and operated by corporate entities were found to have no security measures deployed.

London has the most to be ashamed of with 26% of business networks unsecured; New York is not far behind with 25% and the Parisians come in at 22%.

“It’s a very large number,” said Buckley. “It’s leaving the back door wide open.”

Clearly, work still needs to be done to educate these organizations about the risks they face if the appropriate defenses are not deployed and enabled to protect their wireless networks.

“Such companies risk the theft of confidential and sensitive data, planting of malicious code such as viruses and backdoor Trojans, and potentially allowing their systems to be used as a launch pad for denial of service attacks and other security breaches,” said Tim Pickard, area vice president of international marketing at RSA Security in a statement. “Wireless security may have been bolstered, but we can’t relax yet.”

Public Hotspots

The number of wireless hotspots continues to rise in some of the world’s major financial districts. Last year’s research detected 210 wireless hotspots on the London route. This year the figure had risen to 364, a year-over-year increase of 73%.

In New York, the annual growth rate was 15%, and almost 20% of all wireless access points were found to be hotspots, by far the highest percentage across the three cities.

In Paris, a more modest 68 wireless hotspots, equaling 12% of all access points, were discovered.

Rogue Hotspots

The problem with the increasing number of legitimate hotspots, however, comes in the form of rogue hotspots: potentially the latest platform for identity theft.

Although the purpose of the research was not to look for rogue hotspots—temporary wireless access points designed to look like the genuine article in order to capture users’ confidential information—they do present a potential security issue to which business and consumers should be alert.

For example, Capgemini UK has built a test system on a laptop which emulates a commonly-seen hotspot. In its own private tests the company has observed devices connecting to this sample rogue hotspot, presumably because they have been unable to distinguish it from the real thing.

Rogue hotspots can allow Internet access and process credit card details, which means that they could be used simply and invisibly to perpetrate online identity fraud. The likelihood of this is relatively high, especially given that a rogue hotspot would allow for a higher volume of accurate details to be captured than in an email-based phishing attack.

With a laptop computer and freely available software, the research team was able to pick up information from wireless networks by simply driving around the cities’ streets. In the wrong hands this type of easy access to corporate and personal networks could be used to gain access to confidential information or disrupt business, or the network could be used to launch a Web- based attack on another organization.


The research, commissioned by RSA Security and undertaken by an independent information security specialist, was conducted as part of an ongoing study to quantify both the extent to which wireless usage is growing in the world’s major financial hubs, and how many companies’ wireless networks freely leak data traffic into the street.

The survey was carried out using the laptop version of Airmagnet, with software capable of detecting broadcasting and non-broadcasting 802.11a, b and g WiFi devices using a Proxim Gold combination card.

When devices were detected, the software once again identified the channel, server set ID (SSID) and other network information before disconnecting from that source. The information gathered from each brief connection enabled offline analysis of the networks to identify any of the following where available:

  • Server Set ID (SSID)
  • Frequency (a, b or g)
  • Channel (1-11)
  • WEP (Y/N)
  • Signal strength (For exact location purposes)
  • Mode of operation (ad-hoc, station, access point, infrastructure)
  • MAC Address
  • Hardware vendor

    The nature of the access point response, security levels, SSID values, broadcasting, physical location and presence of other access points with the same SSID enabled us to deduce which were public access systems and which were private business systems with a high degree of accuracy.