Europe ignores wireless security

The now familiar research was carried out by information security company Orthus, using public transport and taxis to simulate drive-by hackings in ten European cities. As with recent similar demonstrations, the hackers’ toolbox consisted of an ordinary laptop equipped with a wireless card and a piece of wireless network detection software called Netstumbler.

Out of 1,689 networks accessible from the street, only 31% had enabled Wep (Wired Equivalent Privacy) to encrypt their traffic. Fifty seven per cent had left their networks on the manufacturer’s default settings, while 43 per cent identified the name of their company on the server set identification (SSID) setting, providing possible target information.

Specific analysis in London revealed that the majority of firms’ networks enabled dynamic host configuration protocol (DHCP), allowing hackers to automatically pick up an IP address, steal company bandwidth and mount third party attacks on other networks.

Orthus compiled a set of recommendations including changing the manufacturer’s default settings on both the access point and the wireless cards, and enabling Wep. Orthus said that while this was by no means secure, it would provide a temporary barrier to the hacker.

Robin Newbury, managing director of reseller CSN, warned end users that they should know what they are doing before installing wireless Lans.

“A lot of the end users have kit that is not doing what they originally thought it would do, or they don’t realise what it is doing,” said Newbury.

“The only real thing the channel can do is make people aware of the functionality of wireless product, that’s about it,” he said.

Related reading

HMRC banknotes