Majority of users leave their wireless networks exposed

Nearly three-fifths (57 per cent) of UK businesses are leaving themselves vulnerable to hackers by not taking simple steps to protect their wireless networks, according to new research by managed security company, Network Box. The company investigated the protocols used by businesses to protect their wireless networks and found that 41 per cent use the largely-ineffective wired equivalent privacy (WEP) protocol; staggeringly, 16 per cent use no protection at all.
 
The research also highlighted a similar lack of security awareness among home users. Forty-eight per cent use the WEP protocol, while 13 per cent use no protection – three per cent less than the figure recorded for businesses.

 
It is widely acknowledged in the security industry that the WEP protocol is being depreciated as it can protect only against hackers with the most basic programming knowledge. WEP encryption can be hacked in minutes by a determined blackhat with the requisite skills and software.
 
Network Box is urging all home users and businesses to check their configurations and switch to the wi-fi protected access (WPA) protocol. WPA affords home users and businesses a far higher level of security, as it uses a sophisticated key structure that creates new encryption keys as the system is used. This, along with other enhancements provides improved protection and  is able to counter successfully the established key recovery attacks on WEP.

Simon Heron, Internet Analyst, Network Box, says: “WEP is no obstacle for a shrewd hacker and can be sidestepped in minutes. By configuring wireless networks to WPA, businesses and home users immediately make any hacking attempt significantly more difficult. And the good news is that switching from WEP to WPA typically involves only the flicking of a switch.”
 
Data was collected on 500 commercial and domestic wireless networks in Nottingham, Tunbridge Wells and Tonbridge between March and April 2008. No attempt was made by Network Box to connect to the networks found, nor to intercept or decrypt traffic.