Insecure wireless networks exposed

[InfoSec News <isn () c4i org>]

http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=1026145015373&call_page=TS_Business&call_pageid=968350072197&call_pagepath=Business/News&col=969048863851

By Tyler Hamilton
Technology Reporter
Sept. 10, 2002

A local consulting firm launched a controversial Web site yesterday
that shows gaping security holes in hundreds of wireless networks
throughout the downtown core, including many in the financial district
and some government and university areas.

The consulting firm, irreverently called IpEverywhere, says about 75
per cent of the more than 1,000 downtown wireless networks it has
detected so far have no evidence of security and leave organizations
wide open to information theft, data destruction, networking spamming
and other cyber attacks.

The company plotted its findings on a map found at
http://www.nakedwireless.ca, which went live on the Internet yesterday
afternoon. The map marks vulnerable networks with red pins, while
black triangles indicate networks protected with WEP - "wireless
equivalent privacy" - encryption.

"We never anticipated finding so many (open networks)," said J.P.  
Tanguay, chief executive officer of IpEverywhere. "The initial map
only took one day to do. The first night we picked up more than 500
access points in under an hour."

He plans to release similar maps for Oakville, Mississauga, Markham,
Scarborough and other areas in and around the GTA, with a longer-term
goal of mapping cities across the country.

"It's a neat tactic," said Lawrence Surtees, telecommunications
analyst with IDC Canada Ltd. "Anything groups or experts can do to
promote awareness is a great idea."

Despite media reports about the lack of security in wireless networks
based on the 802.11b standard - dubbed "Wi-Fi" - Tanguay said
companies using these networks continue to ignore the risks and
falsely believe the products they use are secure by default, when the
opposite is often true.

Wireless networks are typically connected to internal corporate
networks. Unprotected wireless networks can provide a back door to an
organization's larger network, offering intruders free Internet access
and a way to impersonate employees, tamper with sensitive company data
or send in destructive computer viruses.

Tanguay said the Web site was launched to draw more attention to the
issue, which he considers a "growing national crisis."

"If the site is controversial, that's great," Pat Mason, chief
operating officer of IpEverywhere, said. "We want to have more
discussion about this problem. Knowledge and awareness is good. The
enemy in this issue is complacency and ignorance."

The company, which provides network-security consulting services for
large businesses, acknowledges its actions may be perceived as a way
to drum up business for itself. But Tanguay said companies visiting
the site have no obligation to use IpEverywhere's services.

Other experts in the community confirmed the company's findings.

"I'd say their findings are not surprising," said Keith D'Sousa,
senior manager of information security services at KPMG LLP in
Toronto. "From our own experience, we've had a 50-per-cent hit rate."

A study done by RSA Security Inc. found that 67 per cent of all Wi-Fi
networks detected in London, England, were unencrypted and open to
attack.

Last year, reporters from The Star went "war driving" with KPMG and
found 43 Wi-Fi networks in less than 15 minutes — 80 per cent of which
were not secure. War driving is when a person drives around city
streets and attempts to intercept unprotected wireless networks, using
mainly a laptop, some free software and a cheap antenna.

When using a plane, the practice is called "war flying." Meanwhile,
"war chalking" is when hackers mark buildings or sidewalks with chalk
to signal vulnerable networks to other hackers.

"For some reason, companies have woken up to security on their
computers and the Internet, but they've fallen asleep on wireless,"  
said Surtees.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.