Orthus and RSA Security report back from a City of London investigation into the susceptibility of financial institutions' wireless networks to unauthorised eavesdropping, or drive-by hacking.
Wireless local area networks (WLANs) are becoming increasingly popular with large organisations mainly due to such operational requirements as hot desking and accessing system information from portable laptops, pocket computers, electronic notebooks and PDAs from corporate boardrooms and meeting areas.
The emanations from a typical commercial WLAN range from 60 to 200 metres (boosters can increase this range up to 500 metres) enabling everyone within range to potentially connect to the system. While commercial encryption technology is available for WLANs in the form of WEP, it has been implemented in a way that makes it susceptible to so-called drive-by hacking, or the interception and exploitation of these emanations by unauthorised personnel. A hacker can literally sit in a car outside of an office building using a WLAN and easily monitor and capture data as it travels over the wireless system.
In order to better understand the scale of this issue, Orthus in conjunction with RSA Security, conducted an impromptu survey of the WLAN emanations found in the main inner districts of the City of London in the United Kingdom. This report details their findings and security recommendations for implementing a WLAN followed by recommended best security practices for WLAN systems.
» Download the document now 449Kb PDF