Tag Archives: Wireless

Virgin Media set to provide Wi-Fi at London Underground Stations

London Underground has awarded Virgin Media the contract to provide a Wi-Fi service for the London Underground stations.  By the start of the Olympic Games, the Wi-Fi service will be available at 80 of the 217 stations. By the end of the year, this is expected to have increased to 120 stations. The Wi-Fi service will only be accessible at platforms, ticket offices and escalators. This will be disappointing news for a number of London Underground commuters but there is sound reasoning why the Wi-Fi service will not be available in the network’s tunnels.

Huawei, a Chinese telecoms equipment company, investigated the possibility of implementing a 3G service throughout the underground tunnels, but it was soon discovered that building work would have to be conducted because of the lack of space between the trains and tunnels. Virgin Media would have faced the same problems if they wanted to supply a Wi-Fi service in the underground tunnels and therefore it wasn’t viable or feasible to consider doing so.

Kevin Baughan, Virgin Media’s director believes that the limited Wi-Fi service will be welcomed and not met with disappointment. Baughan stated “Every Wi-Fi station you pass through is going to give you the chance to stay connected, by quickly updating Facebook, Twitter, email and the like. Even while travelling, people will have a great experience.”

This Wi-Fi service will be free for everyone to use during the Olympic and Paralympic Games. However, once these events have finished, commuters who want full internet access will have to pay on a pay as you go service. This will not affect existing Virgin Media as it will be incorporated into their existing tariffs. The pricing tariffs have yet to be confirmed but it is expected that they will be released once the Wi-Fi service is up and running.

London’s mayor, Boris Johnson is particularly happy with the news that a Wi-Fi service is set to be available at London’s Underground stations. Johnson proclaimed “It’s vital that we harness the massive opportunities stemming from the digital revolution, by creating a vibrant, world class industry to attract investment and create jobs for Londoners. Millions of passengers will now be able to connect to their work, friends or access the latest news and travel information whilst on the move.”

Wi-Fi Hotspots Expected to Grow 350% by 2015, and with it, Security Risks

The Wi-Fi world is set to grow by nearly 6 million hotspots by 2015, according to a recent study commissioned by the Wireless Broadband Alliance last Wednesday and compiled by research firm Informa. This explosion in Wi-Fi usage signals a new era in mobile computing and data backup systems, but to many cybersecurity consulting agencies, it’s a headache in new security threats.

The study, which included a comprehensive survey of 259 global Wi-Fi vendors and service providers, revealed that the mobile industry was the major contributor in the increase of Wi-Fi hotspots. Data usage from cellular devices and tablet PCs, it states, is at an all time high with mobile data traffic to reach 16.84 million terabytes by 2014.

To WBA Chairman Chris Bruce, this growth heralds in a new era of computing.”The findings show we are about to enter the golden age of public Wi-Fi, with hotspot deployments set to soar,” he said. “Fixed operators are extending broadband services beyond the home and office, and Wi-Fi is supporting busy mobile broadband networks.”

But to consulting firms like Errata Security, this explosion in data traffic is worrisome in an age where people are using their smart phones in public Wi-Fi locations to access sensitive data, such as bank accounts, credit card purchases, and personal emails.

Robert Graham, CEO of Errata Security says most public Wi-Fi service providers don’t require encryption of data that travels between a personal device and the Internet.

“If you’re using Wi-Fi in a public place and you’re not getting hacked, it’s only because there’s nobody around bothering to do it,” said Graham.

One of the biggest security concerns is “Wi-Fi eavesdropping,” the monitoring of one’s online activities. Anyone can eavesdrop; all they have to do is download a free Wi-Fi monitoring program, such as Firesheep or SniffPass.

“An eavesdropper can sit up to 100 feet away and monitor what you do on the Net,” says Rick Farina, security engineer for wireless security firm AirTight Networks.

In recent years, more websites and Wi-Fi service providers have been encrypting their data, making it more difficult for hackers to obtain personal information. But, Farina still estimates that 95% of data traffic on Wi-Fi servers is unencrypted. Social media sites such as Facebook, Twitter, and Yahoo, for example, still do not use SSL encryption.

This leaves hackers open to deleting contacts, sensitive documents, apps, music and video files on millions of users’ personal devices.

Eric Geier, founder of consultant NoWiresSecurity, suggests on esecurityplanet.com that Wi-Fi hotspot users regularly back up their mobile device’s data and set a lock-screen or password in addition to checking the security-encryption features.

According to a Cisco study on the global workplace, there has also been an increase in the mobile workforce in recent years – more employees than ever are filing their reports and conducting their meetings in public hotspots via smart phone, laptop, or tablet PC. In fact, according to the study, three out of five workers say they don’t need to be in the office to be productive.

This means that more sensitive data is being stored and transferred on these vulnerable mobile devices, and could potentially cause serious security risks. Companies that insist on conducting business via smart phone or laptop are advised to back their data up immediately, or replicate to a data center where their files will be properly protected.

Eric Geier says telecommuters and people who use Wi-Fi hotspots for work need to be especially careful.  “The more you do on your mobile device, the more you should be concerned about its security,” he says.

Wi-Fi hack leverages Amazon cloud technology

A hack which bypasses WPA Wi-Fi security in a few minutes has been created by a German security expert using the vast resources of Amazon’s cloud computing services in an all-out assault.

Researcher Thomas Roth has developed this hacking technique to try more than 400,000 passwords each second, by harnessing the collective power of the cloud, according to the latest reports from Germany.

By cracking the WPA-PSK encryption which protects a majority of Wi-Fi networking across the globe, observers at Infosecurity Magazine are now stating that it is no longer possible to classify any Wi-Fi interaction as totally secure.

Amazon has been contacted in order to comment on the exploitation of its cloud computing resources but, at the time of writing, it has not released a statement explaining its position.

It is thought that Mr Roth will be using the findings of his experiment in order to make a presentation at the Black Hat conference which is taking place in a few weeks in the US.

Mr Roth is one of the many security experts who uses hacking techniques in order to dispel data security myths and, in this case, identify core weaknesses in current Wi-Fi encryption which can easily allow third parties to hijack secure channels for their own nefarious means.

The cost of using Amazon’s cloud computing resources is the equivalent of 20p every 60 seconds, which means within this period more than 24 million different password combinations can have been tried in a brute force attack on a WPA-protected network.

On Roth’s first attempt it took him 20 minutes to find a password, but with some honing and refinement he dropped this down to a six minute stint. This puts the cost of hacking a typical Wi-Fi network at around £1.20, a dangerously low number for anyone who is attempting to protect their organisation from the meddling of external forces.

This issue is sure to have ripples across the world and should highlight how difficult Wi-Fi security can be to control.

Google admits to Wi-Fi data harvesting

Search giant Google has caused considerable controversy with an admission that it has been collecting vast amounts of data from Wi-Fi networks around the UK via its roaming Street View cars.

A spokesperson for Google explained that the vehicles, which had ostensibly been sent out to capture street-level 360 degree images for the firm’s online mapping service, had also been capturing data transmitted to and from various Wi-Fi hotspots.

Google’s Alan Eustace said that Google routinely captured publicly broadcast information such as the names of Wi-Fi networks, which is not in itself a particularly unscrupulous act, even if it might be seen as such by some. However, Google has admitted that some rouge code created four years ago and then transferred onto the Street View cars has caused Wi-Fi data traffic to be collected and catalogued, apparently without Google’s knowledge.

Google’s intention had been to perform a Wi-Fi census at the same time as obtaining the Street View from the vehicles, acquiring MAC addresses and network names. However, Mr Eustace has been vocal in dismissing the idea that anyone involved in the project had intended to collect other personal data using the service, or that any of this potentially sensitive information would later be used by the search giant.

Since discovering the unintentional data harvest, Google has grounded the Street View vehicles, which are still in operation around the world, until it can confirm that the offending code has been completely eradicated from every one of its fleet.

Critics have been quick to brand this incident as further proof of the firm’s inadequate approach to the privacy of personal information. Consumer rights expert John M. Simpson said that the objectives and goals given to Google’s programmers were at odds with the public image presented by the firm, with clandestine data acquisition occurring until the public is made aware via an incident such as this, at which point an executive is wheeled out to contradict the damning evidence.

Google has sought the services of an independent investigative team to discover how such a startling error could have occurred, although this too has enraged critics, with many saying that Google should not have any hand in the selection of external investigators.

Businesses exposed to data loss by insecure cloud and social networking platforms

A new survey shows that UK organisations are more vulnerable than ever to attack from cybercriminals looking to exploit new weaknesses in platforms which have been adopted but not properly secured.

PriceWaterhouseCoopers (PWC) has found that denial of service (DoS) and data hacks are currently occurring at twice the rate of 2008 levels and the management of IT systems and the security of data need to be given more attention than they are currently receiving.

This jump in cyber attacks since 2008 is being attributed to the growing adoption of different, immature technologies, with which businesses are unable to keep up in terms of security. This includes the prevalence of Wi-Fi use, along with remote employee access to internal systems and VoIP services.

Small and medium sized businesses are now twice as likely to be using wireless networking, whilst 90 per cent of larger organisations allow their staff to access data and services remotely.

PWC is putting the growth in adoption of virtualisation and cloud computing solutions down to the fact that in the recession many organisations were looking to cut costs and these made it possible to do so without compromising on functionality.

The study found that over 75 per cent of businesses now rely on some kind of cloud-based platform and nearly half of this group said that third party vendors were completely controlling systems considered critical to the continued operation of their business.

Interestingly it is public sector organisations controlled by the government which have shown the greatest reluctance to switch their systems over to new platforms, particularly when significant functions have been involved.

PWC found that 25 per cent of larger businesses have been subjected to DoS attacks in the last 12 months. A further 15 per cent have recorded a security breach.

PWC’s Chris Potter said that the level of encryption that businesses apply to data held with third party vendors is currently unacceptable, as only 17 per cent of those using cloud and virtualisation services have properly protected their data.

The report also focused on the way in which social networking sites represent serious problems for many businesses, as they can easily hemorrhage personal data into the wrong hands.

Businesses encouraged to ditch WEP to ensure PCI DSS adherence

Businesses that currently operate older WEP security on their wireless networks are required to upgrade to WPA in order to comply with new Payment Card Industry Data Security Standards (PCI DSS) which come into force at the end of June.

Wired Equivalent Privacy (WEP) has been around for years and its relatively low level of security is easily exploited by hackers, as experts say that it takes seconds for malicious parties to crack WEP-protected networks and then steal personal data.

Business are required under the new PCI DSS rules to ensure that data which is transferable and accessible wirelessly is properly encrypted and requires thorough authentication before it is made available.

It is explicitly stated that the use of WEP is no longer acceptable and before the deadline of June 30th businesses will need to decommission any WEP protection and replace it with a more secure alternative.

Experts believe that the move away from WEP is a good thing and that WPA can benefit businesses of all kinds, even if PCI DSS does not actually apply to their operations. In an article for Search Security, Mike Chapple said that businesses that currently rely on WEP are doing nothing but presenting a facade of security that is easily breached by someone with only modest hacking skills.

Mr Chapple says that the barriers blocking the switch from WEP to WPA have been virtually eliminated, as hardware is generally compatible with both standards because manufacturers have had six years to adapt products.

Experts warn against complacency in these matters, as even businesses that believe they are properly protected often find that WEP is still being used in certain areas despite the existence of compatible hardware. For others, the time for an upgrade has come in order to avoid falling foul of the PCI DSS.

There is a distinct possibility that some businesses will be inadvertently running WEP, or have a so-called rogue WEP network active, forming a weak link in the chain of data protection.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal