London Wi-Fi still poorly secured
WEP lives on under damp stones.
By Joan Goodchild, CSO | Published: 08:34, 29 October 2008
Too many organisations are relying on primitive security protection when it comes to wireless networks according to a survey from RSA. London comes out especially badly with 20 percent of wireless access points unencrypted and half of the remainder relying on poor security technology.
The seventh annual Wireless Security Survey from security firm RSA finds wireless networks continue to grow at a rapid pace in the major cities around the world. Besides looking at London, the survey examined New York and Paris and examined the security of corporate wireless access points, public hotspots and in-home networks, according to the company.
The survey revealed that London is the 'most wireless city' with a total of 12,276 access points, which exceeded the number in New York City by more than 3,000. Public hotspots - designed to allow anyone with a wireless device to access the Internet on a pay-as-you-go or pre-paid basis - continue to grow in prevalence across all three cities, said RSA officials. New York City is the leader in concentration of hotspots.
The survey also examined how many of the wireless access points detected were secured with some form of encryption, excluding hotspots. RSA officials said the 2008 results show some dramatic improvements in security practice. In New York City, 97 percent of corporate access points had encryption in place - up from 76 percent last year. The results are the best in the survey's history, said RSA. In Paris, 94 percent of corporate access points were encrypted, only London's 20 percent was disappointing.
Now that Wired Equivalent Privacy (WEP), the original wireless encryption standard, is discredited, "the 2008 survey paid close attention to the types of encryption in-play, and the relative adoption of more advanced forms of wireless encryption, including Wi-Fi Protected Access (WPA) or WPA2," RSA said in the statement. "Overall, the adoption of non-WEP advanced encryption is encouraging."
Paris lead the way in non-WEP security, with 72 percent of access points (excluding public hotspots) found to be using advanced security. New York City and London were more modest at 49 percent and 48 percent respectively. A majority of wireless access points relied on either on WEP or used no encryption at all, according to the survey.
Sam Curry, vice president of Identity and Access Assurance at RSA, criticised WEP and said it "barely constitutes paper-thin protection in the face of today's sophisticated hackers."
"We would strongly urge wireless network administrators to discount WEP as a viable security mechanism and upgrade to WPA - or stronger - without delay," said Curry.
"It is also critical that business access points are protected by encryption - even if the corporate network itself can only be accessed via an encrypted VPN. Not using WPA1 or WPA2 can leave the organisations involved vulnerable to whole classes of attacks against both access points and wireless client computers."