Virus analyst firm Kaspersky Lab has suggested that even IT professionals do not pay enough attention to IT security issues, following an analysis of network security at the Cebit 2006 ICT trade fair last week.
Local experts agree that WiFi network security in SA is mostly overlooked, and is often relegated to "last on the list" status.
The annual Cebit event, held in Hannover, Germany, attracted thousands of exhibitors and visitors this year, prompting the Russian company to research WiFi network security at the venue.
The company's senior virus analyst Alexander Gostev and senior research engineer at Kaspersky BNL Roel Schouwenberg conducted the exercise. They collected data on 300 access points on 9 and 10 March.
The researchers did not attempt to intercept or decrypt any traffic, but the data collected indicated that not enough attention was paid to network security at Cebit, says Kaspersky Lab.
Attracting hackers
"The choice of Cebit as a site for the study wasn't coincidental. Firstly, trade fairs don't only attract users, software and hardware manufacturers. Hackers are also attracted by the opportunity to break into the networks of companies taking part in such fairs," the company notes.
Almost all firms which participate in such events set up their own local networks, which often connect to the company's main server, Kaspersky Lab points out. It adds that these local networks usually have low security settings, and are set up quickly.
"These factors increase the risk of hacker attacks. Naturally, one of the main ways of attacking such networks is via WiFi."
Secondly, the group claims, hackers use trade fairs not only as an opportunity to attack companies; they also target visitors.
"One example is InfoSecurity London last year, where a group of scammers installed several fake access points, which provided a fake interface to connect to the public network. Unsuspecting users connected, and entered their passwords and other confidential data, and this information was sent directly to the hackers."
SA even worse
Richard Hurst, BMI-TechKnowledge telecoms analyst, says the Cebit findings are not surprising.
"WiFi network security is often last on the list of things to do. People set up networks and simply don't bother with security. In most cases, these networks lack even the most basic forms of security," he says.
Hurst noted that the exercise in Germany is most likely an indication that the situation in SA is even worse, considering the lax attitude of local IT professionals.
"So many people still have the attitude 'it can't happen to me'. Web encryption can be a tedious task, and no one seems prepared to do it. But the reality of the situation is that until you fall off the bicycle, you won't feel the pain."
South Africans still do not fully perceive the threat created by inadequate WiFi network security, says IS Digital Networks MD Barry Cribb.
Cribb refers to reformed hacker Kevin Mitnick's comments at the ITWeb Security Summit that he detected a number of 'open' wireless networks - those not using Wired Equivalency Privacy (WEP) encryption - belonging to many high-profile technology companies in Sandton.
"I've been saying this for the past year, and there's been no drastic change in people's awareness," says Cribb.
"I suppose it will take a major publicised event for people to sit up and take notice."
Related stories:
Mitnick on 'wardrive' in Sandton
Share
