http://ne
ws.zdnet.co.uk/internet/security/0,39020375,39277577,00.
htm
By Tom Espiner
ZDNet UK
June 27, 2006
People 'just don't care' about Wi-Fi security according
to
researchers, but some senior security experts argue there's
no need to
secure networks at all
A large percentage of Wi-Fi networks are "horribly
insecure",
according to researchers at Indiana University.
In a study of almost 2,500 access points in Indianapolis,
presented at
the Workshop on the Economics of Information Security at the
University of Cambridge on Monday, researchers found that 46
percent
were not running any form of encryption.
"People just really don't care about Wi-Fi security,
and open Wi-Fi at
home is a nice big target," said Matthew Hottell,
lecturer in
informatics at Indiana University. "Defaults
[settings] are king,"
added Hottell.
Most of the secured networks used routers whose security
setting had
been pre-installed by the vendor, rather than having being
activated
by the end user. Some used WEP encryption wizards to
encourage people
to turn on the security settings.
"Education seems to have little effect. People with a
higher economic
status are not responsive to the heightened risk of privacy
erosion,
and people in general don't recognise that higher
population density
[heightens risk]," said Hottell.
However, security expert Bruce Schneier argued that as long
as
people's devices were secure, having a secured network was
unnecessary.
"I have a completely open Wi-Fi network,"
Schneier told ZDNet
UK."Firstly, I don't care if my neighbours are using
my network.
Secondly, I've protected my computers. Thirdly, it's
polite. When
people come over they can use it."
University of Cambridge security expert Richard Clayton also
questioned the assumption that unsecured networks were
necessarily
insecure.
"What is your definition of secure?" Clayton
asked the researchers.
"Did you try to exploit the systems?"
Hottell said the wardriving team had not attempted to hack
any systems
or read any network traffic.
Microsoft's chief privacy advisor for Europe, Caspar
Bowden, said
there seemed to be a consensus among security experts that
having a
Wi-Fi network open to sharing has positive uses, but warned
that
people could not rely on WEP encryption if they wanted to
secure
networks.
"If you do want to secure your network, look at
end-to-end solutions
rather than some of the dodgy crypto around like WEP,"
said Bowden.
"There's only one thing worse than no security, and
that's a false
sense of security," he added.
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
|