boston.com Business your connection to The Boston Globe

WiFi popularity overshadows security problems

Experts say basic encryption is hardly used

SAN JOSE, Calif. -- With a laptop in the passenger seat of his Toyota 4Runner and a special antenna on the roof, Mike Outmesguine ventured off to sniff out wireless networks between Los Angeles and San Francisco. He got a big whiff of insecurity.

While his 800-mile drive confirmed that the number of wireless networks is growing explosively, he also found that only a third used basic encryption -- a key security measure. In fact, in nearly 40 percent of the networks not a single change had been made to the gear's wide-open default settings.

''They took it out of the box, powered it up, and it worked. And they left it alone," said Outmesguine, who owns a technical services company. He frequently goes out on such ''wardrives" in search of insecure networks. And while Outmesguine says he doesn't try to break in, others aren't so benign.

While WiFi is hot, security is not.

Even the makers of WiFi routers, access points, and other gadgets privately say that as many as 80 percent of home users don't bother to enable basic encryption or other protections against connection theft, eavesdropping, and network invasion.

Experts say that while WiFi hardware makers have made initial setup easy, the enabling of security is anything but. Meanwhile, average users are no longer tech savvy. The gadgets are mainstream, appearing on the shelves of Wal-Mart and other retailers.

During his wardrive, Outmesguine counted 3,600 hot spots, compared with 100 on the same route in 2000. Worldwide, makers of WiFi gear for homes and small offices posted sales of more than $1.3 billion in 2003, a 43 percent jump over 2002, according to Synergy Research Group.

The result? A lot of wide-open networks that offer anyone within range of the WiFi signal free access to a high-speed Internet connection. Any hacking is unlikely to be noticed, while illegal activity would be traceable only to the name on the Internet account.

To make matters worse, users who don't secure their networks are often the very people who don't keep their computers up to date with the latest security patches and antivirus software.

''What we probably really have here is a whole bunch of very vulnerable systems exposed to attack or infection over a network that has no access control," said Al Potter, manager of technical services at the security firm TruSecure's ICSA Labs.

Companies that sell WiFi products want their hardware to be simple and interoperable, especially as more than just computers -- wireless TV monitors, digital music receivers, DVD players, and game consoles -- are wirelessly connecting to home networks. At the same time, they want to keep support calls and returns low, so they turn off security by default.

''We've been putting friendly front ends in front of technology for a long time," said Peter Evans, vice president of business development at AirDefense Inc., a wireless security firm. ''I'm not sure why the industry has not yet made those tools much easier to use."

Yet even knowledgeable consumers find it frustrating to set up security. It can involve punching in dozens of characters as the passphrase for each connected device, and navigating screens filled with a dizzying set of acronyms for encryption and authentication.

SEARCH THE ARCHIVES
 
Today (free)
Yesterday (free)
Past 30 days
Last 12 months
 Advanced search / Historic Archives