State of wireless security implementations in the United States and Europe - empirical data

摘要

The ubiquitous nature of wireless devices today, and the potential presence of 10 billion such devices over the next decade, has fueled the recent interest in their security properties in general, and in that of wireless networks, such as 802.11x. The problem is exacerbated by the fact that sophisticated members of BLACKHAT communities can potentially compromise all 10 billion of these devices. Once compromised they can (unwillingly) come under the control of the attacker, and be part of an attack on both Government and the Corporate Global Infrastructure. Why is the problem getting worse not better? Recent empirical data collected by the Wireless Systems Security Research Laboratory (WSSRL) highlights one of the main reasons. Namely, the study confirms earlier reports, see www.Tomshardware.com, that wireless networks are being deployed at a rapid pace with an almost criminal disregard for security. The study of 2300 wireless networks in the state of Massachusetts found that an astonishing 54% of the networks were deployed with no security at all. The same study found that 62% of the residential networks were totally open, and a whooping 47% of business networks (including networks in High Tech Companies, Financial Institutions, and Banks) used no security to protect their infrastructure. In this manuscript we will present the results of an updated study conducted by the WSSRL team, in the fall of 2007 and the spring of 2008 during a field visit to France and Italy, which encountered a dramatic different picture. Close to 90.78% of approximately 1,000 wireless networks in France were protected with 802.11i like technology. These differences can be attributed primarily in the way that wireless networks were deployed and configured in France. This manuscript summarizes the findings of the WSSRL study, presents several hypothesis as the reasons why a large number of networks in the US are being deployed with none or poor security protections, and suggests ways in which-- the deployment can be improved.