The majority of wireless access points located in seven metropolitan financial centers have easy-to-break or nonexistent security, according to a survey conducted by security firm AirTight Networks and published on Wednesday.
The survey, which summarized more than 30 scans in six U.S. cities and London, found that 57 percent of the access points had no security or used Wired Equivalent Privacy (WEP), an older and easy-to-hack form of encryption. Almost 40 percent of the insecure wireless networks used enterprise-grade hardware from major vendors, suggesting that they were deployed by companies, not consumers, said Mike Baglietto, director of product marketing for AirTight Networks.
"We thought wireless was mature enough that people should understand the security issues," Baglietto said. "But we saw a lot of open access points, a lot of identities being leaked, and a lot of insecure installations."
The relative insecurity of wireless networks has long been a bane for many companies. In 2007, retail giant TJX Companies announced that more than 46 million credit- and debit-card numbers had been leaked through the insecure wireless portions of its processing network. While WEP has long been known to have serious deficiencies that allow attackers to easily break into networks using the technology, researchers found in 2008 that some communications using WiFi Protected Access — the security technology that replaced WEP — could also be broken.
In its latest study, AirTight Networks found that 32 percent of access points used WPA security. Only 11 percent of the access points used the most recent iteration of wireless security, WPA2.
The company also found that a little more than a third of the open access points were likely to be part of public or hotspot networks, while the other two-thirds of walk-in networks seemed intended to be private.
Surprisingly, the distribution of security technologies varied tremendously by city. New York's financial district had the largest proportion of open and WEP-enabled access points — about 60 percent — while insecure wireless networks in London's financial district only accounted for 25 percent of the total.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos