Close

News

Wi-Fi a Welcome Mat for Attackers, Study Finds

AirTight, a provider of Wi-Fi security services, recently scanned 3,632 access points (APs) and nearly 550 clients in seven different financial centers and found that half of these WPAs were either open (unprotected) or used WEP encryption.

The test sites were in New York, Chicago, Boston, Philadelphia, Wilmington (Del.), San Francisco and London.

Lest you dismiss the issue as one of rogue access points or isolated consumer WPAs that were caught up in AirTight's dragnet, 39 percent of so-called "threat-posing" APs could be classified as "enterprise-grade." In many cases, AirTight reported, enterprise-grade APs that could have been configured to support the more robust WPA or WPA2 protocols were instead protected with WEP. AirTight was also careful to distinguish between known or popular open APs -- such as those associated with hotspots -- and enterprise-grade implementations.


In any given financial district, AirTight reported, 13 percent of mobile Wi-Fi clients are configured to operate in ad hoc mode, which makes them vulnerable to wi-phishing or "honeypotting" attacks, researchers pointed out.

AirTight found that 61 percent of open access points were consumer- or SOHO-grade devices. It doesn't strictly associate the use of these devices with home or SOHO scenarios, however; in some cases, these devices are deployed by "impatient" or reckless employees who, frustrated by the slowness of in-house Wi-Fi rollouts, plug rogue (typically consumer) APs into enterprise networks to perpetrate "back-door" schemes.

Moreover, AirTight reported, some enterprises seem to assume that simply obfuscating an AP's SSID is protection enough: 79 of open APs with hidden SSIDs were powered by enterprise-grade devices.

The AirTight report revealed a disappointingly low rate of WPA2 adoption -- just 11 percent, on average. Compare that with WEP, which is used by fully one-third of Wi-Fi networks in the surveyed financial districts. This is in spite of the fact that WEP cracking can take less than five minutes, AirTight researchers caution.

Moreover, AirTight noted, just under a third (32 percent) of Wi-Fi networks use WPA, which is also known to be vulnerable.


About the Author

Stephen Swoyer is a New York-based freelance journalist who writes about technology.

Reader Comments

Wed, Sep 9, 2009 Candy Mississippi

Good evening. Zoo: An excellent place to study the habits of human beings.
I am from Salvador and also now teach English, give please true I wrote the following sentence: "401k investment advice, in 2000, hewitt underestimated determining through larger investors and fashions."

Thank you very much :P. Candy.

Tue, Jun 2, 2009 datorman Nor. Cal.

The problem with trying to use WPA-2, as an example is that, although my router is capable of it, my laptop's built-in Wi-Fi doesn't, nor does my Netgear Wireless Print Server. If manufacturers could get Firmware upgrades out to allow the older gear to take advantage of things like WPA-2, there would probably be plenty of people who would like to use it, myself included.

Fri, May 29, 2009 Jim Smith

Good article. People will have to take protecting their privacy into their own hands. A great tool I found for WiFi security is Covert Surfer. It is a software application that is designed to encrypt your Internet connection wherever you are at. It also prevents cookies from collecting information about you as well. You can operate completely from a flash drive so you can use it on multiple computers. Smart Computing Magazine just did a great review on it. I found it at http://w DOT ww.covertsurfer.com

Thu, May 28, 2009 LostInSpace California

Yup - Everywhere I have worked people have brought in their own WLAN devices and hooked them up. Most of the time with WEP. It is always because of frustration with internal IT and lack of solutions. It's a easily hacked world out there.

Add Your Comments Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Free Whitepapers

More TechLibrary