News and events

Home

For Students

For Staff

Directory

• News & events home
  • News releases
    • RSS news feeds
    • Archive
  • Opinion
  • Find an expert
  • UniSANews
  • UniSA Magazine
  • Facts about UniSA
  • Calendar of events
  • Maps & virtual tours
  • Media contact
  • Subscribe/unsubscribe
  • Marketing & Development Unit home

Media Release

May 28, 2004

Wireless security under scrutiny

UniSA study the first to compare wireless security around Australia
 

A University of South Australia study comparing wireless networks and their security features in seven Australian capital city CBDs has found an alarming number are vulnerable to attack – attacks which in the most part could be easily avoided by following a few precautionary measures.

The study – conducted by Mathew Hannan and Ben Turnbull from UniSA’s Enterprise Security Management Laboratory – has found that encryption is lacking in at least 54 per cent per cent of the 729 networks detected, while more than 15 per cent of the networks are failing to make use of even the most basic security measures.

Showing how easy it can be for potentially malicious users to access wireless networks, Hannan and Turnbull drove around in a car using basic computing equipment to identify vulnerable networks in the Adelaide, Brisbane, Canberra, Hobart, Melbourne, Perth and Sydney CBDs.

Surveying the radio frequency most widely used by wireless networks, 802.11b, the researchers counted the number of active wireless networks, and looked at a range of security indicators, including Service Set Identifiers* (SSIDs) and the standard security mechanism, Wire Equivalent Privacy** (WEP).

"If an access point has both a default SSID and doesn’t utilise WEP encryption, it is unlikely that a high-level third party protection such as Virtual Private Network (VPN) is in place, in fact it’s highly probable that no security measures have been taken to protect the network," says Hannan. In other words, ‘plug and play’ devices where users have not changed the default SSID and haven’t enabled WEP are most vulnerable to attack.

Overall about 26 per cent of wireless networks detected used default SSID settings and 54 per cent did not have WEP activated, with 15.3 per cent failing to make use of either security measure. Hobart was the most insecure of the cities surveyed, with 24.1 per cent of wireless networks using default SSID and no WEP encryption, while Canberra was the most secure, with only 2.4 per cent lacking the two security measures.

Hannan, who before joining the University of South Australia worked for the Tasmanian police specialising in cyber-crime, says the results should be a wake-up call to all wireless network users.

"As wireless technology becomes cheaper, more people are adopting it as an alternative to traditional wired solutions. Many of these users have little security knowledge so there is an increased likelihood of insecure wireless networks," he says.

"Home users are attracted to the technology but retailers aren’t necessarily informing them of the security risks and what measures should be taken to protect their network."

"My advice would be to use a reputable operator with relevant qualifications and up-to-date knowledge to install your wireless network – and make sure you adhere to normal security guidelines like regularly updating software including security fixes and anti virus programs."

And while many large organisations are better protected with more costly encryption devices Hannan says there are still risks associated with any wireless network.

"Legitimate users can set up their own wireless access points and link to their company’s network, but unless specific measure are taken this can open the network up to attack – where hackers use the ‘rogue access point’ as a way to get in and gain confidential information."

"Overall this research has demonstrated the need to maintain vigilance over security risks as wireless networks become increasingly popular among commercial and private users."

Headed by Dr Jill Slay, UniSA’s Enterprise Security Management Laboratory is working on a number of wireless security-related projects, including a study to determine the frequency and type of security attacks taking place in wireless networks in Australia, and a comparative study with the University of Plymouth in the UK. For more information, visit www.acrc.unisa.edu.au/groups/security/

 

*SSID is a unique identifier broadcast by each wireless access point to allow network users to connect. Each wireless access point comes with a default SSID determined by the manufacturer, which users are advised to personalise as a security measure as part of the network’s initial set up.
**WEP is used to protect wireless communication from eavesdropping and prevent unauthorised access.

---

Media contacts

• Mathew Hannan ph: (08) 8302 9047, mobile: 0418 143 747, email: mathew.hannan@unisa.edu.au

• Charlotte Knottenbelt ph: (08) 8302 0578, mobile: 0439 807 004, email: charlotte.knottenbelt@unisa.edu.au

 

top^