56pc of Wi-Fi networks in Irish cities vulnerable to being hacked

6 Nov 2009

Wi-Fi networks in Irish cities – including those in popular hotels and cafes – are vulnerable to being hacked, according to a study of more than 6,545 wireless networks in three cities.

The study of networks in Dublin, Cork and Limerick are vulnerable to attacks by hackers and are liable to exposing sensitive personal or business data to unauthorised users.

About encryption

The findings of the assessment, which was expanded this year to include Cork and Limerick, has shown that once again the use of wireless encryption to protect wireless networks remains poor.

The 56pc of networks found to be vulnerable used either no encryption to protect communications (19pc), or weak encryption which hackers can trivially break in a matter of minutes (36pc).

By analysing those networks that can be identified as either residential or business networks (ie, excluding public networks), it was found that the incidence of unsecured wireless network drops to 46pc.

Limerick most secure

In addition, further analysis of the business and residential networks reveals that Limerick has the most secure wireless landscape (at 62pc) compared to Dublin and Cork (54pc and 53pc respectively). The survey shows that the level of wireless security in Dublin has remained consistent with last year, when 54pc of connections were also found to be insecure in the capital city.

With regard to business security compared to residential security, identifiable residential networks were found to be more secure than identifiable business networks. In Dublin, 63pc of residential networks are secure while only 51pc of identifiable business networks use the more secure Wi-Fi Protected Access (WPA) and WPA2 protocols. This trend is also present in Cork (60pc versus 50pc) and Limerick (66pc versus 60pc).

SSID concealment

The analysis also found that only 13pc of wireless networks analysed are not broadcasting their network identifier (SSID). Concealing the SSID provides several security benefits – most significantly, the function of these networks cannot be determined from their broadcasts.

“The results of this analysis will certainly be of concern for businesses across the country,” said Colm McDonnell, partner, Enterprise Risk Services, Deloitte.

“This is the third year in a row that we have performed this survey and it’s clear that the popularity of wireless networking has not led to a corresponding awareness of wireless security. This is somewhat surprising given that there have been a number of incidents both at home and abroad that have highlighted the importance of adequate encryption. It’s quite simple – without the sufficient security measures in place, sensitive data will be lost.

“While the residential connections fare slightly better in this analysis, there is still considerable scope for improvement. Individuals and businesses alike must remember that the default settings that come with their wireless devices are not intended to ensure the security of the network and may not be sufficient for the needs.”

Networks in isolation

As part of the analysis, Deloitte also looked at public networks in isolation to get a picture of how secure these are, given that they are used by a significant number of people. Of the public networks identified, more than 70pc have no encryption at all in place, and more than 80pc are classified as insecure (using either no encryption or just WEP encryption).

These include many well-known wireless hotspot providers, as well as the wireless networks at many well-known hotels, restaurants and conference centres. All of these networks are vulnerable to data interception by users eavesdropping on connections.

“Public networks often have weaker encryption in place because their owners regard the purpose of encryption as securing the network against unauthorised users, protecting the information transmitted is seen as a secondary concern on these ‘public’ networks,” McDonnell said.

“In reality, unsecured public networks may allow attackers to intercept the communications of users of the network; observing their activities and steal sensitive information such as passwords or even financial data.”

“The clear message that arises from this year’s analysis is that there is still not enough awareness surrounding the security pitfalls that wireless connectivity brings – we would encourage wireless users both at home and in the office to address this as a matter of priority,” concluded McDonnell.

By John Kennedy

Photo: An analysis of the business and residential networks reveals that Limerick has the most secure wireless landscape (at 62pc) compared to Dublin and Cork (54pc and 53pc respectively).

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years