Wireless Lan users risk breaching data laws

News

Wireless Lan users risk breaching data laws

Eric Doyle
Companies implementing wireless Lans could be in breach of several laws and confidentiality agreements with customers and clients.

The warning follows investigations by security specialist I-Sec into wireless Lan security in the City of London.

Many wireless Lans are installed using default settings that not only beam their presence to the streets outside the office, but also provide sufficient information to enable hackers to connect to the network undetected.

Mark O'Halloran, a barrister with Stevensdrake Solicitors, said, "Unwary companies could be in breach of the Data Protection Act's requirement for data to be processed securely; of confidentiality agreements with their partners; and, in the case of the financial sector companies, of FSA [Financial Services Authority] and Stock Exchange regulations."

Armed with no more than a Pringles crisp tube as an aerial booster and freely downloaded software, I-Sec set up a "war drive", the hackers' name for accessing wireless Lans from cars parked outside offices, to demonstrate the vulnerability of City firms.

The kit cost less than £500 and was constructed using information openly available on the Internet. I-Sec's aim was not to break the law by hacking into systems, but to detect the presence of unprotected wireless access points to show how hackers could get in.

In a 20-minute drive, 49 access points were found beaming their presence and data into the streets, with only 13 using Wireless Equivalent Privacy encryption.
This is an open door into the network behind the firewall. "You may as well open up your most secret drawer, stick the contents outside reception with a notice saying, 'Please help yourself'," O'Halloran said.

Geoff Davies, managing director of I-Sec, said, "We did this war drive because we believe it is in the public interest to demonstrate how companies put themselves at risk by not considering the security implications of implementing wireless networks."

eric.doyle@rbi.co.uk

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy