Wireless LANs wide open to 'drive-by' hackers

City firms are leaving themselves wide open to hackers by failing to secure their wireless networks.

RSA Security picked up data from over a hundred wireless LANs just by walking around some streets in the City with a simple scanner. Two thirds of these networks used no encryption at all.

Just under half transmitted the name of the company running the network in the data packets.

Tim Pickard, marketing director for RSA, said firms who had spent millions on top of the range IT security and firewalls were leaving the back door wide open: "This is easy pickings for anyone with malicious intent. Not only can hackers get access to corporate data, but they can also get into the network to plant trojans or launch denial of service attacks."

The survey compounds fears that the rapid growth in wireless technology is leading to a new kind of "drive-by hacking". This is when the signal from wireless LANs carries on outside the building, allowing anyone nearby to get access to the data, if they are equipped with the right gear.

For the study, all RSA Security needed was a laptop, a £129 wireless network card, and two pieces of software freely available over the internet.

It picked up 124 different networks within a two mile area around the City of London, 83 (67 per cent) of which were unencrypted, meaning clear text data was available for anyone to intercept.

The widely-publicised weakness in the encryption standard for wireless networks would allow a hacker to break the code in a day, Pickard said.

RSA advises users of such networks to ensure they have the encryption activated and ensure that the wireless LAN connection points are outside the firewall, to avoid the risk of compromising the entire company.

It also recommends firms run additional encryption and authentication on top of the platform, to make hacking impossible.

RSA stresses it did not actually attempt to inspect any of the data it could detect, or try to decrypt any of the networks. It also stresses it did not need to gain entry to any of the organisations to get the info - all data was collected from the street.