[ISN] UK firms haemorrhaging data to drive-by hackers

[InfoSec News]

http://www.vnunet.com/news/1161837

Robert Jaques
vnunet.com 
10 Mar 2005

The explosion of wireless networks is leaving global businesses wide 
open to 'drive-by hacking' and other security risks, experts have 
warned.

According to research released today, more than a third of businesses 
worldwide with wireless networks are open to abuse from hackers and 
criminals in the street or a neighbouring building.

The study, commissioned by RSA Security, estimated that wireless 
networks in Europe's financial capitals alone are growing at an annual 
rate of 66 per cent, and more than a third of businesses remain 
unprotected from this type of attack.

"For a potential hacker it is almost a case of walking down the street 
and trying all the doors until one opens. It is almost inevitable that 
one will," said John Worrall, vice president of worldwide marketing at 
RSA Security.

The research was based on studies in the business centres of New York, 
San Francisco, London and Frankfurt.

Some 38 per cent of businesses in New York, 35 per cent in San 
Francisco, 36 per cent in London and 34 per cent in Frankfurt were at 
risk from drive-by hacking.

The study also revealed that many businesses had failed to take even 
basic security precautions such as reconfiguring default network 
settings.

This means that wireless network access points could still be 
broadcasting valuable information that could be used by potential 
hackers and assisting them in launching an attack.

In London 26 per cent of access points still had default settings, 30 
per cent in Frankfurt, 31 per cent in New York and 28 per cent in San 
Francisco.

In addition to the business security issues, researchers also found an 
explosion in public access wireless hotspots; 12 per cent of all 
wireless network access points in London fell into this category, 
compared with 24 per cent in Frankfurt, 21 per cent in New York and 12 
per cent in San Francisco.

"These figures are another stark warning to unsecured businesses to 
get their act together," said Phil Cracknell, chief technology officer 
at NetSurity and the author of the research.

"The rapid rise of wireless public access hotspots runs in parallel to 
the increased risk to businesses that operate wireless networks with 
little or no security.

"Accidental or intentional connection to a corporate network can bring 
with it a series of security issues including loss of confidential 
data and installation of malicious code.

"Fuelled by the availability and abundance of hotspots, mobile users 
now expect to find, and know how to use, a wireless network. The 
question is whose network will they access, and what will they do when 
they are there?"

Worrall added: "These results reinforce why it is crucial to increase 
the understanding of security risks in the wired and wireless world.

"This is the fourth year of our survey and the situation shows no sign 
of improvement. While it is clear that business are benefiting from 
the flexibility and ease-of-use of wireless technology, they must also 
ensure that the right security steps are taken to protect against 
exploitation."

The researchers used a laptop computer and free software available 
from the internet to pick up information from company wireless 
networks simply by driving around the streets.