Business wireless networks are wide open to attack in major U.S. and European cities, according to a new survey released today by RSA Security, Inc. The company says so-called "hotspots," which consumers love for their convenience, pose "the most serious threat to businesses using wireless networks."
Sheffield, U.K.-based netSurity Ltd. conducted the survey by "warwalking" the commercial, industrial and financial districts within New York, San Francisco, London and Frankfurt with a laptop computer running wireless network surveillance software capable of detecting 802.11a, b and g Wi-Fi devices.
In each city, researchers found thousands of business wireless access points that were either unsecured or displayed default manufacturers' values -- often the least secure configurations for wireless routers. In New York, for example, as many as 38.4% of the hundreds of wireless business networks surveyed were part of unsecured business WLANs.
The annual survey included New York and San Francisco for the first time, both of which were found to match and at times exceed the number of unprotected networks in the European cities. The survey also noted the popularity of public access points, called hotspots, which many hotels and restaurants offer their guests free-of-charge, or for a daily fee. (In San Francisco, 11.5% of the access points surveyed were hotspots, a figure similar to the number found in London.)
"Hotspots by their nature are insecure," said Phil Cracknell, chief technology officer at netSurity. Wireless laptops and mobile devices operating in non-secure hotspot environments "are the crown jewels" for hackers, he said.
Hotspots encourage people to search for accessible networks. And users tend to use whatever connections they can find, according to the report. That means employees could easily log on to rogue hotspots set-up near valid access points, thus baring themselves and their company's secrets to thieves. "The industry is lacking a method of identifying that a particular hotspot belongs to a licensed or registered hotspot provider," the report stated. "This risk must be considered extremely high."
The survey's findings jibe with what Santa Rosa, Calif.-based network security analyst Martin McKeay, CISSP, sees happening within enterprises. "The average systems administrator may have the time to setup an access point of a small business, but not have the time to support it in a secure manner, if they know how. In many cases, just getting the access point up and running may be the limit of the technical abilities available," he said.
Mobile users should be made aware that all data input in a hotspot setting could be eavesdropped, says the report. It's been said before, but to prevent this, companies need to deploy virtual private networks, cease broadcasting the presence of their wireless access points, and restrict network access to only authorized users.
The report includes other recommendations, which should be familiar to information security officers. For example, it calls for all wireless network interface cards to be registered with the computer security team. In addition, WLAN access points should also be set to "not broadcast" their presence to users, said netSurity's Cracknell. "Too many people have the mistaken belief they have to broadcast their SSIDs. But authorized users will know their names, and to look for them."
Cracknell, in war walking London's governmental and financial districts, was also struck by the obvious names users gave to their access points, which made them juicy targets for hackers. "I saw everything from 'chairman's office,' to "trade floor,' to 'finance department,'" he said. "As if you need a bigger clue."