Financial Wi-Fi easy to crack or non-existent. (IMG:J.Anderson)
A recent study by wireless security vendor AirTight Networks, conducted by researchers doing "war walks" in the financial districts of seven international cities (Boston, Chicago, London, New York, Philadelphia, San Francisco and Wilmington) from February through April of 2009, has discovered that wireless networks in those financial districts are wide open and overexposed.
To the point, the overall data showed that 57 percent of the wireless networks detected were still using WEP encryption as a form of security or, in some cases, they were simply open with no security at all. During the five minute scans used during the survey, many of the open networks were linked to internal networks and resources.
Of the open and WEP-enabled networks, 61 percent of them were being used in a corporate environment, but the device itself -- the access point -- was a SOHO or consumer-based appliance. Many of these were operating with default factory settings. This is a huge no-no when it comes to security, let alone the security on a financial business's network.
However, when it comes to companies using enterprise grade equipment, most of them were secured using WEP, when the standard should really be WPA or WPA2. In addition, the survey discovered some businesses falling for the myth of hiding SSIDs as a means of security.
"In light of some rather spectacular data breaches involving financial information in recent years -- both wired and wireless -- in financial districts, we expected to find well protected and configured networks, open or guest access isolated from corporate networks and strict enforcement of Wi-Fi security policies," said Pravin Bhagwat, CTO of AirTight.
"What we found instead should give pause to security administrators working in industries with highly sensitive information such as financial services," he warned.
The breakdown of the survey can be viewed by clicking here.
The Tech Herald: How to protect your wireless network and debunk myths