Many networks have little or no security, which is a green light for attackers
One-quarter of London's Wi-Fi networks are either not secured or have such poor security they may as well be wide open, new research has revealed.
The study was carried out by security firm Sophos using a technique known as war-driving, where someone on the move can grab information from Wi-Fi networks they pass. Director of security strategy at the firm, James Lyne, spent two days on his bike riding around London and dubbed the technique "war-biking."
In total Sophos picked up 106,874 Wi-Fi networks, which Lyne told CBR would be made up of a mixture of residential and business connections as well as public Wi-Fi hotspots offered in places like coffee shops and hotels.
Of all the networks detected 8% had no encryption on them whatsoever, meaning they are totally open to anyone with the capabilities to intercept the traffic. A further 19% were using WEP encryption, which has so many flaws in it is like having no security at all.
Thankfully, the remaining networks either used WPA or WPA2 encryption, which is much safer, Lyne said.
Lyne said it was difficult to know for sure whether the exposed networks were from businesses or not, but clues were offered, such as the name the network had been given and his whereabouts in London when the insecure networks were detected.
"These figures are terribly alarming," he told CBR. "People think they are secure when they are not. It is indicative of the general level of security awareness, not just wireless."
Further lax security practices include using the default name of the wireless router. Doing this lets attackers know the make of the router, meaning they can more easily exploit known vulnerabilities. Those using the default password are unlikely to have changed the default password either, Lyne said.
For businesses, having an open Wi-Fi network, or one with limited security, may be good from an employee point of view but it could spell disaster if a hacker manages to break in.
Lyne demonstrated just how easy it is for a cyber criminal to grab sensitive credentials using easily available tools. He showed how he could redirect a user's web browser to show a spoofed Gmail login page. After the user had entered their details they were redirected back to the real Gmail page. However by then the damage had been done and an attacker had access to the user's log in details.
This presents obvious security risks to businesses. If an attacker can get on the network the can monitor traffic, steal log in details and help themselves to sensitive files. Workers using their own devices, such as Apple's iPad, are not helping either, as businesses will often have open Wi-Fi networks for them to use. Devices used as a Wi-Fi hotspots also contribute to the problem.
"Employees may plug in their own device and connect to the network - if you don't allow it they may well set up their own," he said. "Companies should assume their network will be breached, and build up layers of defence in-depth so if they do get in they cannot connect to other things."
While many companies can obviously improve their own approach to security, Lyne said the industry itself should improve the way it presents the out-of-the-box security capabilities of its products.
"You have to put some of the burden on the vendors as well. I think there is a lot that could be done within the security industry to simplify this," he said. "We've got WEP, WPA2... why doesn't it just say as a default "high security" with some basic password complexity in-built. If you choose "low" you should be warned it's a bad idea. The workflow could be optimised to help consumers and small businesses do the right thing."