Wireless London is wide open

[InfoSec News <isn () c4i org>]

http://news.bbc.co.uk/hi/english/sci/tech/newsid_1892000/1892510.stm

Tuesday, 26 March, 2002

Almost all the wireless networks in London are vulnerable to attack.  
A comprehensive seven-month audit found that 92% of the 5,000 wireless
networks in the capital have not taken basic steps to protect
themselves against casual attacks.

The survey, sponsored by the International Chamber of Commerce, used
some novel software tools that can spot networks many other networking
sniffing tools miss.

Many of the networks readily hand out internet connections to anyone
that connects to them and almost all pass around confidential
information in an easy to interpret form.

Site seizing

The survey shows just how popular wireless networks have become in
only a few short years, and the risks companies are taking with
sensitive information.

"It's the old story where you have convenience that has taken over
prudence" said Pottengal Mukundan, director of the ICC's
crime-fighting division.

Previous audits of the wireless networks in London have tended to
concentrate on one area, such as Docklands or the City, and the
networks found have numbered in the tens rather than hundreds.

But Simon Gunning of technology security firm Digilog has found that
the capital is home to more than 5,000 wireless networks that are
being used in offices, government buildings, prisons, police stations
and even at the Palace of Westminster.

"I really didn't expect to find so many," he said.

He found them thanks to a software tool, freely available on the
internet, that can spot wireless network access points that try to
hide by turning off their ability to broadcast their presence.

Mr Gunning carried out the survey by driving around London in a car
carrying a laptop fitted with the network-spotting software.

Networks exposed

Although wireless networks do have some basic security features
built-in, the vast majority of networks found during this latest
survey had not turned them on.

Even the few that had turned on the basic encryption system were using
default settings, making it easy for an attacker to guess the key
needed to unscramble data.

As a result, anyone gathering up packets of data from these networks
would be able to read the text within them easily, said Mr Gunning.

Those not interested in stealing data could piggyback on the fast net
connection linked to the wireless network.

Now "war-driving" as it has become known is a popular pastime with
many curious computer enthusiasts.

Mr Gunning said many people are experimenting with long-range antenna
that let them pick up signals from many kilometres away.

Security company i-sec has shown how an antenna made from an old can
of Pringles crisps can help pinpoint networks.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.