The number of wireless access points – including public hotspots and business networks – continues to rise at an explosive rate in the world’s major financial centres. But a disturbing number of them are vulnerable to hacking.
This was revealed today by research commissioned by RSA, The Security Division of EMC, which also indicates that the call for stronger security in wireless networks is starting to resonate among businesses.
The largest year-over-year increase in wireless adoption was found in London, where there are 160% more wireless access points (APs) than in 2006. The percentage increase in New York was a substantial 49%; and in Paris, 44%.
Looking purely at business access points, London also leads, with a 180% leap over last year, as compared to jumps of 57% and 45% New York and Paris, respectively.
As measured by the use of either advanced encryption or Wired Equivalent Privacy (WEP), London experienced notable improvement in the security of business wireless networks over the last year. In contrast, security levels in New York and Paris improved only incrementally.
Over the course of the past year, use of wireless security measures in business networks increased as follows:
* In London – from 74% in 2006 to 81% in 2007;
* In New York – from 75% in 2006 to 76% in 2007; and
* In Paris – from 78% in 2006 to 80% in 2007.
The survey results raise concerns about the continued use of WEP, despite awareness of its limitations, but traction in the use of more advanced encryption options is encouraging.
Across all three cities there was significant use of advanced encryption, as measured by the implementation of 802.11i and Wi-Fi Protected Access (WPA). In London, 48% of the secured business access points detected had implemented advanced forms of encryption. In Paris the figure was lower, at 41%, and New York was comparable to London at 49%.
Yet as wireless access continues to become more pervasive, one-quarter to one-fifth of business wireless networks in three of the world’s most important business centres remain wide open.
“As we evolve toward a ‘wireless everywhere’ world, we are witnessing enormous leaps in wireless connectivity, as highlighted by London’s explosive growth in access points over the course of the last year,” says Christopher Young, vice-president: consumer & access solutions at RSA.
“It is encouraging that almost half of all secured business access points are now using advanced forms of encryption, and we expect to see these numbers increase as awareness grows around the perils of operating inadequately secured wireless networks.”
The survey also measured the number of wireless networks still configured according to default, out-of-the-box settings – which can make it easier for attackers to find ways to penetrate a network:
* In London, 30% of access points still had default settings – a big slide backward from 22% last year;
* New York improved slightly, with 24% of access points using default settings, down from last year’s 28% ; and
* Parisian businesses and consumers are least at risk, with 13% of access points displaying default manufacturer settings, down from 21% last year.
Public hotspots continue to proliferate in the many places where people seek connectivity, such as coffee shops, airports and hotels. Last year’s research detected 364 wireless hotspots on the London route; by 2007 this figure had risen to 461 – a 27% increase.
In New York the annual growth rate was 17%, and 15% of all wireless access points were found to be hotspots – by far the highest percentage across the three cities.
In Paris, hotspots increased 37% and represented 11% of all access points.
Near these hotspots are significant numbers of unprotected business networks – that are clearly not hotspots, but still offer access to those who might accidentally or intentionally connect to them. This has added a new and disturbing dimension to the wireless security problem; the massive growth of hotspots for mobile users means that there are large numbers of mobile users who frequently seek connections throughout their travels.
This introduces an even greater threat to businesses operating wireless networks with little or no security. Fueled by the availability and profusion of hotspots, mobile users expect to find wireless networks – and know how to connect to them.