Vendors flunk wireless security test

Wireless networks at the Cebit show had no encryption enabled

More than half of the wireless networks deployed at the Cebit technology show in Hanover, Germany, last week had no encryption enabled, making the systems behind them prime targets, according to Kaspersky Lab, a security vendor.

"The number of unprotected access points is unacceptably high," Kaspersky said. "It should again be stressed that these points provide access to the local networks of companies participating in Cebit -- a prime target for hackers."

Kaspersky detected 300 wireless networks on March 9 and 10, during which 56 percent lacked security while only 44 percent used the WEP (Wired Equivalent Privacy) security protocol. The findings are surprising considering the IT-savvy crowd at the trade show and increasing awareness of computer security issues.

But even WEP encryption has fallen out of favor for WPA (Wi-Fi Protected Access) and WPA 2 protocols, said Roel Schouwenberg, senior research engineer for Kaspersky, who, along with senior virus analyst Alexander Gostev, wrote a posting available at the Kaspersky Web site about Cebit wireless security. "WEP is more insecure because the encryption algorithms are not that complex," he said.

Still, the figure was better than the worldwide average. According to Kaspersky's research, about 70 percent of Wi-Fi networks do not use encryption.

Hackers attend trade shows to demonstrate how they can break into networks, which are often connected to a company's main servers, Kaspersky said. Many vendors quickly set up wireless networks with low security settings for the shows' duration, Kaspersky said.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies