UK wireless networks “pitifully” exposed to drive-by hackers

This is the second annual report of WLANs – or wireless local area networks – by RSA, the e-security company based in the US.

It suggests that, despite widespread publicity following the publication of last year's results, little has been done to plug these security holes, despite a 300% year-on-year rise in the number of wireless networks. RSA reckons the problems are just as bad in US cities.

With a hand-held scanner, researchers were able to pick up information from company wireless networks by simply driving around the streets of London – a practice sometimes known as 'wardriving'.

Following the same procedure and route as last year, the research identified that 63% of the networks surveyed were left on default configuration clearly identifying the company owning the data and where it was coming from.

Exposed businesses are vulnerable to all kinds of malicious hacking techniques, from computer eavesdropping on company secrets through to computer network disruption and launching denial of service attacks using the cover of the unsuspecting company.

The research, commissioned by RSA and undertaken by research specialists Z/Yen Limited, builds on last year's report, which revealed that 67% of London companies with wireless networks were unprotected.

The research highlighted that many businesses are failing to:

Effectively encrypt the data travelling across their wireless networks, enabling hackers to simply pluck company secrets from the air;

Change default information on their systems that broadcast the company's name, location and important technical information that can allow hackers to crack any encrypted network;

Secure wireless network access points, allowing hackers to set up rogue access points to capture company information; and

Secure data on wireless enabled laptops, allowing penetration of local drives and company data.

John Worrall, a vice president at RSA Security, said:

"We have seen a proliferation in the use of wireless networks around the world, but the steps taken to secure these networks is still woefully inadequate. Businesses need to be aware that any investments they have made in securing their infrastructure can be negated by the backdoor being opened through the introduction of a wireless networks.

"By securing wireless environments with strong encryption and two-factor authentication, organisations can realise the full benefits of WLANs – including cost reduction and productivity enhancement – while reducing the risk of exposing mission-critical data and resources to unauthorized access."

RSA Security and Z/Yen have produced recommendations for planning, configuring, implementing and operational best practices for using WLAN for businesses.

A copy of the full report is available as a PDF on this page of RSA's site.