Panda Software has published the “Security in Wireless Networks” report by PandaLabs, which highlights the security deficiencies in WEP, the most widely used protocol in Wi-Fi environments, and underlines the relative reliability of other current systems, such as WPA or WPA-PSK. According to the survey, almost 60 percent of networks had no security system at all.
The study describes primary security protocols, such as WEP and WPA, and their main weaknesses, and includes an overview of wireless networks. The report looks at security in captive portals used to regulate connections in open networks, such as those in airports, hotels and various public locations.
“This survey highlights security levels in wireless networks, examining security methods and how their design limitations, or even incorrect configurations, can make them vulnerable,” explains Luis Corrons, director of PandaLabs. “This will enable users to avoid the dangers that lie in waiting if the correct measures are not taken while deploying a WiFi network.”
The conclusions of the study are clear: security of WiFi networks is insufficient. While the most widely used protocol for the security of the network, WEP, has many vulnerabilities, the most effective protocols, such as WPA or WPA-PSK, are hardly used at all. PandaLabs was able to verify this through a series of wardriving surveys carried out internationally in which almost 60 percent of networks lack needed protection. Wardriving involves detecting wireless networks on a specific route using a WiFi equipped laptop, and software for detecting the networks.
Wireless networks represent an infection channel for silent malicious code as well as targeted attacks, as they are an entry point to corporate networks. This allows hackers and all types of malicious codes — including those designed to target a specific institution — to infiltrate networks.
“Although wireless networks have not been exploited extensively for malicious ends, it would seem clear that users are not sufficiently aware of the threat this poses to security,” explains Corrons. “This is a highly sensitive issue for companies — if corporate networks using WiFi are not correctly protected, the scope of the potential attack is increasingly dangerous, as security could be compromised across the company because the WiFi networks represent an entry point for malware and targeted attacks through any of the techniques explained in this latest report.”
The document concludes with basic recommendations for protecting WiFi networks based on the findings of the study, and an analysis of the outlook for WiFi security in the future.
