That is the conclusion of a recent survey of Clinton, Iowa wireless network access points conducted by Clinton technology consulting firm, Riverfront Technology, Inc.
“Almost all of the commercial internet service providers now supply their customers with WiFi enabled routers. Many of these come with instructions for enabling the wireless but the default condition is often an open system; one that allows anyone to connect,” explained Riverfront Technology Systems Engineer, Zach Peters, who was in charge of the survey.
“If the system is open, then not only can anyone connect to the Internet through that connection, but that also puts them ‘inside’ the firewall and exposes all the computers in that residence or business to an intruder,” Peters continued.
Riverfront Technology conducted its survey in early November. In 30 minutes, using about $60 in hardware and free software they collected data on 530 unique access points while driving on city streets in a normal manner, at the speed limit. The software used only collected information that the access points actively broadcast to the world. Riverfront Technology did not connect to any network during this survey.
Google Maps mashup of Clinton wireless survey results.
Of the 530 access points surveyed, 171 (32%) had no security or encryption turned on at all, meaning they were open to anyone. 27 (5%) leaked information about the internal network without even connecting and 15 (2.8%) access points revealed their location within the building including floor, wing or room number. Of the 359 access points that did have security enabled, 148 (87% of encrypted, 28% of all access points) used the weakest security system, Wired Equivalent Privacy or WEP.
Riverfront Technology Vice President, Connor Anderson asserted that these results are probably a pretty good sample of any community. “I expect we could repeat this anywhere in the United States and get results within just a few percentage points of what we see in Clinton,” he said.
The Internet router provides a basic security barrier between the Internet “on the wire,” and the computers in the house. However, the WiFi connection is part of the inside of the network and connects the residential PC’s. “An open wireless connection is like leaving your house doors locked but leaving the bay window facing the street open all the time,” said Peters.
Anderson stated, “The market if now full of devices that are wireless enabled; from handheld smart phones, to netbook and laptop PC’s that can now be purchased for about $500 or less. This means we are seeing an explosion of businesses and residences adding wireless service.”
For most people the solution is pretty straightforward. Most of these devices come with instructions or software “wizards” that allow the users to set the security on their wireless networks. Riverfront Technology recommends that users who don’t understand the instructions either contact tech support at their internet service provider, the device manufacturer, or contact someone who can help them set this up.
Anderson said that businesses especially need to be aware of the problem and not think that just because they ran the WEP wizard they are secure. Credit Card fraud is a multi-billion dollar global business. “If your business handles credit card transactions, of if you are a financial services or health care provider then you need to make sure you are using proper encryption and authentication. WEP is just barely okay. It’s like putting a hook on your screen door and leaving the inside door open. WEP can be cracked by any reasonably skilled hacker in just a few minutes. It is not good enough for business,” he said.
A google map of the results is available here: here. Riverfront Technology is publishing these results for several reasons: 1) the data does not give any information on how to get into a secured network, 2) Unsecured networks are just that, unsecured. Obscurity does not equal security and considering the utter simplicity of gathering this data, it does no harm, 3) it is sincerely hoped that those who find their unsecured networks in this survey will take steps to fix that condition.
Conner! Dude! You are screwing up my wardrivin’. I shouldn’t have to pay those thieves at Mediacom the big bucks for access. The internet wants to, should be FREE, FREE, FREE!
[...] One Third Of Wireless Networks Are Exposed To Intrusion [...]