June 27, 2006 5:19 PM PDT

Does Wi-Fi security matter?

A large percentage of Wi-Fi networks are "horribly insecure," according to researchers at Indiana University.

In a study of almost 2,500 access points in Indianapolis, presented at the Workshop on the Economics of Information Security at the University of Cambridge on Monday, researchers found that 46 percent were not running any form of encryption.

"People just really don't care about Wi-Fi security, and open Wi-Fi at home is a nice big target," said Matthew Hottell, lecturer in informatics at Indiana University. "Defaults (settings) are king."

Most of the secured networks used routers whose security setting had been pre-installed by the vendor, rather than having being activated by the end user. Some used WEP encryption wizards to encourage people to turn on the security settings.

"Education seems to have little effect. People with a higher economic status are not responsive to the heightened risk of privacy erosion, and people in general don't recognize that higher population density (heightens risk)," Hottell said.

However, security expert Bruce Schneier argued that as long as people's devices were secure, having a secured network was unnecessary.

"I have a completely open Wi-Fi network," Schneier told ZDNet UK. "Firstly, I don't care if my neighbors are using my network. Secondly, I've protected my computers. Thirdly, it's polite. When people come over they can use it."

University of Cambridge security expert Richard Clayton also questioned the assumption that unsecured networks were necessarily insecure.

"What is your definition of secure?" Clayton asked the researchers. "Did you try to exploit the systems?" Hottell said the wardriving team had not attempted to hack any systems or read any network traffic.

Microsoft's chief privacy adviser for Europe, Caspar Bowden, said there seemed to be a consensus among security experts that having a Wi-Fi network open to sharing has positive sides, but warned that people could not rely on WEP encryption if they wanted to secure networks.

"If you do want to secure your network, look at end-to-end solutions rather than some of the dodgy crypto around like WEP," Bowden said. "There's only one thing worse than no security, and that's a false sense of security," he added.

Tom Espiner reported for ZDNet UK.

See more CNET content tagged:
Wi-Fi network, security expert, researcher, WEP, Wi-Fi

7 comments

Join the conversation!
Add your comment
Wifi Security
To all who think you don't need to secure Wi Fi, What are you going to do if some neighbor or hacker decides to use your net to download child porn, or use your system for other illegal purpose? If it comes through your IP address you will have to explain it to the investigating agency. My advice, use at least PSK to secure your window on the world.
Posted by Harry OJam (2 comments )
Reply Link Flag
Security Unnecessary?
It's shame to get comments like these from security experts. As Mr. Harry OJam correctly stated, what if a cracker uses your network for illegal purposes like launching an attack?

What is worse than having a false sence of security? It's ignorance!
Posted by baloushi (7 comments )
Link Flag
Reply to Harry's comment:

"some neighbor or hacker decides to use your net to download child porn"

??? This is paranoia and an urban myth. Be honest. Have you EVER known anyone who uses, looks at, distributes or is even aware of "child porn"? Of course you haven't. This is a stupid reason for wireless security, especially on a home router. You think your neighbor is outside in your bushes, or down the hall of your building, rubbing his hands together and flinging dirty pictures of children all over the Web using YOUR router? Give me a break. And what "investigating agency" are you referring to? You think the US government is flying up to people's doorsteps and accusing them of cyber-crime? They're a little busy trying to convince us we're about to be terrorized. I'd love to know what "investigating agency" you are afraid of here.

I'm not against you personally, because you did NOT create this lie. I'm against it being repeated any further. People do not borrow other people's router signals to gawk at naked babies. This is as brainless and uninformed as the idea that microwave ovens cause cancer or going swimming after eating causes drowning. Please educate yourself.

People "secure" their home routers for the same reason that they put up ugly fences around their yards. They are afraid of the world, and very unfriendly.

And if you think your neighbor is capable of using or distributing "child porn," what kind of neighborhood do you live in? My suggestion: Move.
Posted by suchamuggle (1 comment )
Link Flag
Wi-Fi BIG on laptop security
An unsecured Wi-Fi network is like a loose cannon - at any time someone can pull the trigger and cause problems for a whole lot of people. Now Schneier is correct in that a home network does not need to be protected as long as the computers are secure, however high-powered wireless at the office is a different story. I have noticed that unsecured corporate WI-Fi connections can branch out far beyond the company's intended zone, which gives more people the option to use the connection.

An alternate solution would be to have an unsecure wireless connection, but also have remote laptop security. <a class="jive-link-external" href="http://www.essentialsecurity.com/howitworks_laptop.htm" target="_newWindow">http://www.essentialsecurity.com/howitworks_laptop.htm</a>

This type of security allows you to access your laptop from elsewhere and not worry about exposing your files over an unsecured connection. This way you can have an unsecured connection while making sure your files are completely encrypted and safe on your computer.
Posted by Nkully86 (59 comments )
Reply Link Flag
So "security expert" Schneier wouldn't mind if I sniff his transmissions?
Hopefully, he checks his bank/brokerage accounts routinely. I do hope he does online purchases. Oh wait, since it's only "polite" to leave your door open, could he please provide us with his home address?

Nothing like a little airnort'ng for fun and profit. And people can use his comments here as legal defense - it's "only polite" to provide strangers with your finances.
Posted by kamwmail-cnet1 (292 comments )
Reply Link Flag
You do realize,
that bank/brokerage accounts are encrypted Before they leave the browser? There is nothing left to sniff.

If you really care about keeping your data safe, encryption should start as soon as possible, and not just when sending over a network.
Posted by Marcus Westrup (630 comments )
Link Flag
Mostly Hype
I'm not sure where all these unsecured connections are, but in my apartment complex I can see 7 to 9 wifi signals at any given time. All but 1 are secured. Maybe it's a fluke, but I think more people secure their wifi than we're led to believe.

As for securing your own wifi, it's a no-brainer. You SHOULD secure it. Even if the danger is overhyped (I think it is), you should still be cautious. I live in a very safe town, does that mean I don't lock my doors? Nope, the deadbolt gets turned as soon an I walk inside.
Posted by JerzeyRich (17 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.