The latest high-profile hacking method is called war driving, whereby hackers find unprotected WLANs by driving around with a laptop and 802.11 Ethernet card. Although freeloaders may surf the Internet for free on your bandwidth, more ominous is the potential for hackers to steal corporate data, plant viruses, change Web pages, or anonymously stage a denial of service attack from your network. In many ways, your wireless LAN is the weakest security link in your IT infrastructure.
Security problems are expected to grow with the proliferation of wireless LANs. Cahners In-Stat has projected that the number of wireless LAN cards will grow from 2.6 million in 2000 to 11.8 million by 2003. These numbers are significantly higher if you include other short-range wireless technologies such as Bluetooth and IrDA.
Life is getting easier for hackers. "The level of expertise required to spy on wireless LANs is fairly high," says James Atkinson, president of Granite Island Group, an electronic security firm. But more people are acquiring that knowledge. "It used to require extraordinarily expensive hardware," he adds, "but by the end of this year, you will be able to do it with a $79 card and a piece of free software."
Dubious security
Although most wireless LAN products come with support for basic security through the Wired Equivalent Privacy (WEP) standard, many corporations fail to turn it on, or they don't change any of the passwords or settings from the default. This makes it easy for an unskilled hacker to simply log in and use the network. Security may also be compromised when employees install rogue access points that the IT department doesn't know about.
John Pescatore, a Gartner analyst, says, "A lot of our clients say, 'We don't use wireless LANs.' But then, employees set up rogue wireless LANs."
Gartner recently found that though 20 percent of corporate IT departments believe they have wireless LANs, 50 percent of the procurement offices said they had bought them. This apparent failure to consult the IT department suggests that at least 30 percent of these corporations have WLANs with dubious security.
Laptops with active 802.11, IrDA, and Bluetooth transmitters are often used in public places and can be compromised by any hacker in the vicinity. The default setting for IrDA and Bluetooth ports is to automatically network with nearby devices without requiring passwords or authentication. Hackers can exploit this and network with your laptop to gather information or to plant viruses.
Atkinson says many travelers' laptops could be easily compromised by a hacker on an airline flight. He notes, "Users are just as clueless as they were a few years ago. The problem is even more pronounced now because more and more laptops come equipped with an IrDA port." The problem could get worse when Bluetooth transceivers become standard features.
