By Tom Espiner
June 27, 2006
People 'just don't care' about Wi-Fi security according to
researchers, but some senior security experts argue there's no need to
secure networks at all
A large percentage of Wi-Fi networks are "horribly insecure",
according to researchers at Indiana University.
In a study of almost 2,500 access points in Indianapolis, presented at
the Workshop on the Economics of Information Security at the
University of Cambridge on Monday, researchers found that 46 percent
were not running any form of encryption.
"People just really don't care about Wi-Fi security, and open Wi-Fi at
home is a nice big target," said Matthew Hottell, lecturer in
informatics at Indiana University. "Defaults [settings] are king,"
Most of the secured networks used routers whose security setting had
been pre-installed by the vendor, rather than having being activated
by the end user. Some used WEP encryption wizards to encourage people
to turn on the security settings.
"Education seems to have little effect. People with a higher economic
status are not responsive to the heightened risk of privacy erosion,
and people in general don't recognise that higher population density
[heightens risk]," said Hottell.
However, security expert Bruce Schneier argued that as long as
people's devices were secure, having a secured network was
"I have a completely open Wi-Fi network," Schneier told ZDNet
UK."Firstly, I don't care if my neighbours are using my network.
Secondly, I've protected my computers. Thirdly, it's polite. When
people come over they can use it."
University of Cambridge security expert Richard Clayton also
questioned the assumption that unsecured networks were necessarily
"What is your definition of secure?" Clayton asked the researchers.
"Did you try to exploit the systems?"
Hottell said the wardriving team had not attempted to hack any systems
or read any network traffic.
Microsoft's chief privacy advisor for Europe, Caspar Bowden, said
there seemed to be a consensus among security experts that having a
Wi-Fi network open to sharing has positive uses, but warned that
people could not rely on WEP encryption if they wanted to secure
"If you do want to secure your network, look at end-to-end solutions
rather than some of the dodgy crypto around like WEP," said Bowden.
"There's only one thing worse than no security, and that's a false
sense of security," he added.
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.