Wireless security flaws exposed
Wireless security flaws exposed
An alarming number of wireless networks in Australia's CBDs are vulnerable to attack, according to a study comparing wireless networks and their security features in the country's main business centres – attacks which in the most part could be easily avoided by following a few precautionary measures.
The study - conducted by Mathew Hannan and Ben Turnbull from the University of South Australia's Enterprise Security Management Laboratory - has found that encryption is lacking in at least 54 percent per cent of the 729 networks detected, while more than 15 percent of the networks are failing to make use of even the most basic security measures.
Showing how easy it can be for potentially malicious users to access wireless networks, Hannan and Turnbull drove around in a car using basic computing equipment to identify vulnerable networks in the Adelaide, Brisbane, Canberra, Hobart, Melbourne, Perth and Sydney CBDs.
Surveying the radio frequency most widely used by wireless networks, 802.11b, the researchers counted the number of active wireless networks, and looked at a range of security indicators, including Service Set Identifiers (SSIDs) and the standard security mechanism, Wire Equivalent Privacy (WEP).
“If an access point has both a default SSID and doesn’t utilise WEP encryption, it is unlikely that a high-level third party protection such as Virtual Private Network (VPN) is in place. In fact it’s highly probable that no security measures have been taken to protect the network,” said Hannan. In other words, ‘plug and play’ devices where users have not changed the default SSID and haven’t enabled WEP are most vulnerable to attack.
Overall, about 26 percent of wireless networks detected used default SSID settings and 54 percent did not have WEP activated, with 15.3 per cent failing to make use of either security measure. Hobart was the most insecure of the cities surveyed, with 24.1 per cent of wireless networks using default SSID and no WEP encryption, while Canberra was the most secure, with only 2.4 per cent lacking the two security measures.
Hannan, who before joining the University of South Australia worked for the Tasmanian police specialising in cyber-crime, said the results should be a wake-up call to all wireless network users.
“As wireless technology becomes cheaper, more people are adopting it as an alternative to traditional wired solutions. Many of these users have little security knowledge so there is an increased likelihood of insecure wireless networks.
“Home users are attracted to the technology but retailers aren’t necessarily informing them of the security risks and what measures should be taken to protect their network.
“My advice would be to use a reputable operator with relevant qualifications and up-to-date knowledge to install your wireless network – and make sure you adhere to normal security guidelines like regularly updating software including security fixes and anti virus programs.”
While many large organisations are better protected with more costly encryption devices Hannan says there are still risks associated with any wireless network.
“Legitimate users can set up their own wireless access points and link to their company’s network, but unless specific measure are taken this can open the network up to attack – where hackers use the ‘rogue access point’ as a way to get in and gain confidential information.
“Overall this research has demonstrated the need to maintain vigilance over security risks as wireless networks become increasingly popular among commercial and private users.”
Related Article: