Are rogue wireless hotspots stealing business secrets?

Finance IT chiefs are still not taking wireless security seriously enough, with many wi-fi networks still operating insecurely.

Wireless networks are becoming increasingly popular because they mean staff don't have to be stuck at their desks with their PCs. Yet even in banking environments basic security precautions are still being forgotten, potentially opening up companies to hacking attacks.

IT security company RSA Security's area VP of international marketing, Tim Pickard, says: "Execs travelling want to get access wherever they can and that means hotspots."

And security companies are already raising the spectre of 'rogue hotspots' that could be used to steal corporate data from unwary wireless users.

According to research by RSA, wireless security in the City of London still leaves something to be desired. The company found that 26 per cent of wireless networks used by business networks in the capital are unsecured, and 22 per cent of access points still have default settings.

Wireless is the "low-hanging fruit" from the hackers' perspective, according to Pickard. He says hackers are "absolutely" trying to get into corporate networks through unsecured wireless connections.

Pickard told silicon.com: "Wireless is a very attractive technology - users love it because it gives them freedom and it's easy to deploy. Companies spend a lot of money trying to protect their networks and here is a backdoor into the network that is relatively undefended."

And a separate survey by antivirus company Kaspersky Labs tested wi-fi networks in and across London and found that almost half (49 per cent) are open to attack from hackers because the networks are not using data encryption.

But the burgeoning financial centre of Canary Wharf proved to be the most secure of all the areas tested in London, with just 40 per cent of networks running unencrypted.

Take into account that some of the networks which make up this 40 per cent are public access points in shopping centres located at Canary Wharf - which are deliberately open - the overall level of security is likely to be the same or better than the City.

Even so, a number of unprotected networks could be found, Kaspersky said. Standing 20 metres from the building of a "well-known bank", the researchers detected a very strong signal emanating from a wi-fi point within the building.

Despite this, Kaspersky's senior virus analyst Alexander Gostev says awareness of wireless security is improving - even as our increasing fondness for wireless is opening the door to new threats.

Experts say worries about wireless security should be taken seriously, warning that identity theft is a risk as fake hotspots - masquerading as well-known brands - could be used to capture credit card, or usernames and passwords. RSA said it is impossible to know how many rogue hotspots are in existence as they tend to be deployed for short periods of time and are then removed.

But as a rogue hotspot would quickly capture more personal information than an email phishing attack, mobile users need to be educated about the risks of sending information over unencrypted wireless networks. Otherwise checking into the corporate network over a free wireless hotspot could turn out to be a very expensive mistake.