* Number of encrypted networks rises in London and New York; Paris most
secure
* Almost one quarter of business networks remains unsecured in all surveyed
cities
* Number of wireless access points and public hotspots continues to rise
LONDON, and BEDFORD, Mass., May 25 /PRNewswire-FirstCall/ -- The number
of wireless networks in some of the world's major financial centres
continues to rise at an explosive rate, research commissioned by RSA
Security Inc. (Nasdaq: RSAS), the expert in protecting online identities
and digital assets, has revealed today. The largest year-on-year rise was
discovered in London, where there are 57% more wireless network access
points today than in 2005. The percentage increase in New York was an
impressive 20%. In Paris, the increase from 2004 to 2006 was 119%.
Encryption of wireless networks increases -- Paris leads the way
In both London and New York, more businesses are securing their
wireless networks by switching on the WEP encryption capability provided as
standard:
* London -- WEP usage rose from 65% in 2005 to 74% in 2006
* New York -- WEP usage rose from 62% in 2005 to 75% in 2006
* Paris -- has the highest levels of encryption at 78%, an increase on
2004's figure of 69%
This is an encouraging sign, although in all cities around a quarter of
the wireless networks identified as belonging to and operated by corporate
entities were found to have no security measures deployed. London has the
most to be ashamed of with 26% of business networks unsecured; New York is
not far behind with 25% and the Parisians come in at 22%. Clearly, work
still needs to be done to educate these organisations about the risks they
face if the appropriate defences are not deployed and enabled to protect
their wireless networks.
"This is the fifth year we have commissioned this research -- and the
first year we have seen such a dramatic improvement in the number of
secured wireless business networks," commented Tim Pickard, area vice
president of international marketing at RSA Security. "While the halting of
what appeared to be a downward spiral is good news, we should not forget
that around a quarter of business networks in these cities remain open to
attack. Such companies risk the theft of confidential and sensitive data,
planting of malicious code such as viruses and backdoor Trojans, and
potentially allowing their systems to be used as a launch pad for denial of
service attacks and other security breaches. Wireless security may have
been bolstered, but we can't relax yet."
Default values equal faulty defences
Again, overall there was a slight improvement in the number of wireless
networks still configured according to default network settings -- which
can make it easier for hackers to find ways to penetrate a network.
* In London, 22% of access points still had default settings -- an
improvement on 2005's figure of 26%.
* New York paints a bleaker picture, with 28% of access points using
default settings; this is virtually the same as last year's figure of
30.8%.
* Once again, Parisian businesses and consumers are least at risk with 21%
of access points still having default settings, demonstrating that much
progress has been made since 2004 when this statistic was 39%.
Hotspots still hot topic
The number of wireless hotspots continues to rise in some of the
world's major financial districts. Last year's research detected 210
wireless hotspots on the London route; by 2006 this figure had risen to 364
-- a year on year increase of 73%. In New York, the annual growth rate was
15%, and almost 20% of all wireless access points were found to be hotspots
-- by far the highest percentage across the three cities. In Paris, a more
modest 68 wireless hotspots, equaling 12% of all access points, were
discovered.
Rogue hotspots could provide latest platform for identity theft
Although the purpose of the research was not to look for rogue hotspots
-- temporary wireless access points designed to look like the genuine
article in order to capture users' confidential information -- they do
present a potential security issue to which business and consumers should
be alert. For example, Capgemini UK has built a test system on a laptop
which emulates a commonly-seen hotspot. In its own private tests the
company has observed devices connecting to this sample rogue hotspot,
presumably because they have been unable to distinguish it from the real
thing.
Rogue hotspots can allow Internet access and process credit card
details, which means that they could be used simply and invisibly to
perpetrate online identity fraud. The likelihood of this is relatively
high, especially given that a rogue hotspot would allow for a higher volume
of accurate details to be captured than in an email-based phishing attack.
"Rogue hotspots currently constitute one of the most serious and most
likely vehicles for wireless security breaches -- they are easy to set up
and an attacker is almost guaranteed a valuable crop of data in a short
period of time," said Phil Cracknell, Capgemini UK, Security Consulting
Practice. "For this reason, they could be used as the next platform for
phishing attacks and identity theft. In order to prevent this, all mobile
users -- either business or personal -- need to be educated about the
potential risk from rogue hotspots and taught not to send confidential
usernames, passwords and personal information over unencrypted networks."
Methodology
With a laptop computer and freely available software, the research team
was able to pick up information from wireless networks by simply driving
around the cities' streets. In the wrong hands this type of easy access to
corporate and personal networks could be used to gain access to
confidential information or disrupt business, or the network could be used
to launch a Web- based attack on another organisation.
The research, commissioned by RSA Security and undertaken by an
independent information security specialist, was conducted as part of an
ongoing study to quantify both the extent to which wireless usage is
growing in the world's major financial hubs, and how many companies'
wireless networks freely 'leak' data traffic into the street, providing
potential access to hackers from their car or a nearby building.
The survey was carried out using the laptop version of Airmagnet, with
software capable of detecting broadcasting and non-broadcasting 802.11a, b
and g WiFi devices using a Proxim Gold combination card.
When devices were detected the software once again identified the
channel, Server Set ID (SSID) and other network information before
disconnecting from that source.
The information gathered from each brief connection enabled offline
analysis of the networks to identify any of the following where available:
Server Set ID (SSID)
Frequency (a, b or g)
Channel (1-11)
WEP (Y/N)
Signal strength (For exact location purposes)
Mode of operation (Ad-hoc, station, access point, infrastructure)
MAC Address
Hardware vendor
The nature of the access point response, security levels, SSID values,
broadcasting, physical location and presence of other access points with
the same SSID enabled us to deduce which were public access systems and
which were private business systems with a high degree of accuracy.
About RSA Security Inc.
RSA Security Inc. is the expert in protecting online identities and
digital assets. The inventor of core security technologies for the
Internet, the Company leads the way in strong authentication and
encryption, bringing trust to millions of user identities and the
transactions that they perform. RSA Security's portfolio of award-winning
identity & access management solutions helps businesses to establish who's
who online -- and what they can do.
With a strong reputation built on a 20-year history of ingenuity,
leadership and proven technologies, we serve more than 20,000 customers
around the globe and interoperate with over 1,000 technology and
integration partners. For more information, please visit
http://www.rsasecurity.com
RSA is a registered trademark of RSA Security Inc. in the United States
and/or other countries. All other products and services mentioned are
trademarks of their respective companies.
For more information:
Julie Kehoe Matt Buckley
OutCast Communications RSA Security Inc.
(646) 442-3370 (781) 515-6212
rsa@outcastpr.com mbuckley@rsasecurity.com
SOURCE RSA Security Inc.
 back to top
Related links:
http://www.rsasecurity.com/
CONTACT:
Julie Kehoe of OutCast Communications,
+1-646-442-3370, rsa@outcastpr.com; or Matt Buckley of RSA
Security Inc., +1-781-515-6212, mbuckley@rsasecurity.com
|
