Analysts have warned that businesses using the "wireless hotspots",
announced by BT last week, could be exposed to a security threat to
company data.
BT plans to establish 400 wireless hotspots by June 2003 and 4,000
in the following two years, as part of a mobile strategy outlined
last week which is expected to net £180m per year by 2005.
The hotspots will operate at distances up to 100m from sites such
as hotels, railway stations, airports, bars and coffee shops. Users
will be able to access the Internet or corporate systems using
laptops or handheld devices at speeds up to 500kbps.
But the wireless networks will operate on the 802.11b standard,
which is fundamentally insecure owing to an error in its encryption
algorithm.
A recent "drive-by hacking" expedition by security analysts in the
City of London found that 13 out of 49 wireless Lans detected had
not enabled basic Wep [wireless equivalent privacy] security
features.
Ian Keene, an analyst with Gartner, said, "Corporate users need to
be taking extra security measures if they use this service, such as
a VPN [virtual private network].
"There should be a standards-based security solution for
authentication and encryption for 802.11b by the end of the year,
but before that BT needs to implement a proprietary means of
achieving this," he said. "There are an awful lot of insecure
wireless Lans out there and BT needs to get good security to ensure
it gets subscriptions renewed."
The plan is dependent on the Radiocommunications Agency ratifying
the 2.4GHz band for commercial use.
A BT Retail spokesman said, "BT's public wireless Lan is designed
to offer the highest levels of security, and additional IP-based
security is available as an option, thus making the public access
service highly secure."