[ISN] Wireless London is wide open

From: InfoSec News (isnat_private)
Date: Wed Mar 27 2002 - 01:38:20 PST

  • Next message: InfoSec News: "[ISN] Panel debates Samaritan-hack amnesty"

    http://news.bbc.co.uk/hi/english/sci/tech/newsid_1892000/1892510.stm
    
    Tuesday, 26 March, 2002
    
    Almost all the wireless networks in London are vulnerable to attack.  
    A comprehensive seven-month audit found that 92% of the 5,000 wireless
    networks in the capital have not taken basic steps to protect
    themselves against casual attacks.
    
    The survey, sponsored by the International Chamber of Commerce, used
    some novel software tools that can spot networks many other networking
    sniffing tools miss.
    
    Many of the networks readily hand out internet connections to anyone
    that connects to them and almost all pass around confidential
    information in an easy to interpret form.
    
    Site seizing
    
    The survey shows just how popular wireless networks have become in
    only a few short years, and the risks companies are taking with
    sensitive information.
    
    "It's the old story where you have convenience that has taken over
    prudence" said Pottengal Mukundan, director of the ICC's
    crime-fighting division.
    
    Previous audits of the wireless networks in London have tended to
    concentrate on one area, such as Docklands or the City, and the
    networks found have numbered in the tens rather than hundreds.
    
    But Simon Gunning of technology security firm Digilog has found that
    the capital is home to more than 5,000 wireless networks that are
    being used in offices, government buildings, prisons, police stations
    and even at the Palace of Westminster.
    
    "I really didn't expect to find so many," he said.
    
    He found them thanks to a software tool, freely available on the
    internet, that can spot wireless network access points that try to
    hide by turning off their ability to broadcast their presence.
    
    Mr Gunning carried out the survey by driving around London in a car
    carrying a laptop fitted with the network-spotting software.
    
    Networks exposed
    
    Although wireless networks do have some basic security features
    built-in, the vast majority of networks found during this latest
    survey had not turned them on.
    
    Even the few that had turned on the basic encryption system were using
    default settings, making it easy for an attacker to guess the key
    needed to unscramble data.
    
    As a result, anyone gathering up packets of data from these networks
    would be able to read the text within them easily, said Mr Gunning.
    
    Those not interested in stealing data could piggyback on the fast net
    connection linked to the wireless network.
    
    Now "war-driving" as it has become known is a popular pastime with
    many curious computer enthusiasts.
    
    Mr Gunning said many people are experimenting with long-range antenna
    that let them pick up signals from many kilometres away.
    
    Security company i-sec has shown how an antenna made from an old can
    of Pringles crisps can help pinpoint networks.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Mar 27 2002 - 05:26:52 PST