60% of WiFi networks lack protection according to a PandaLabs survey
Panda Software has published the “Security in Wireless Networks”, report by PandaLabs, highlighting the security deficiencies in WEP, the most widely used protocol in Wi-Fi environments, as well as underlining the relative reliability of other current systems, such as WPA or WPA-PSK. In fact, almost 60 percent of networks, according to the survey, had no security system at all.
The study includes an introduction to wireless networks and a series of basic concepts, before describing the main security protocols, such as WEP and WPA and their main weaknesses. Similarly, the document looks at security in captive portals, used to regulate connections in open networks, such as airports, hotels or other public places. The study can be downloaded from: http://www.pandasoftware.com/wifi/
“This survey aims to highlight security levels in wireless networks from a didactic perspective, examining security methods and how their design limitations, or even incorrect configuration, can make them vulnerable”, explains Luis Corrons, director of PandaLabs. “This will enable users to avoid the dangers that lie in wait when deploying a WiFi network if the correct measures are not taken.”
The conclusions of the study are clear: security of WiFi networks is, in general, insufficient. While the most widely used protocol for the security of the network, WEP, has many vulnerabilities, the most effective protocols, such as WPA or WPA-PSK, are hardly used at all. PandaLabs was able to verify this circumstance through a series of wardriving surveys carried out internationally in countries such as, Sweden, Slovenia, Canada or Argentina, in which almost 60% of networks lacked protection. Wardriving involves detecting wireless networks on a specific route using a WiFi equipped laptop, and software for detecting the networks.
Wireless networks represent an infection channel for “silent’ malicious code as well as targeted attacks, as they are an entry point to corporate networks. Not only do they allow hackers to infiltrate, but also malicious code of all types: including those designed to target a specific and types of spyware created specifically for a certain size or type of company, etc.
“Although it is true that wireless networks have not been exploited extensively for malicious ends, it would seem clear that users are not sufficiently aware of the threat that they could represent to security ” explains Corrons. “This is more sensitive in the case of companies: if corporate networks with WiFi are not correctly protected, the scope of the potential attack is more concerning, as security could be compromised across the company, with the WiFi network representing an entry point for both malware and targeted attacks through any of the techniques explained in his latest report.”
The document ends with a series of basic recommendations for protecting WiFi networks, based on the findings of the study, and an analysis of the outlook for the future.
The document can be downloaded from: http://www.pandasoftware.com/wifi/
About PandaLabs
Since 1990, its mission has been to analyze new threats as rapidly as possible to keep our clients save. Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPreventâ„? Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users (more info at www.pandasoftware.com/pandalabs.asp).