City firms risk drive-by hacks

City and financial institutions are at risk from 'drive-by' hackers because they have not secured their wireless networks.

A group of security experts have revealed how easy it is to access data from outside a company building. Consultants from Orthus picked up signals from 124 company wireless local area networks (Lans) in and around the City.

The signals from wireless Lans in an office have a range up to 200 meters, but Orthus found two-thirds were unencrypted and easily accessible by anyone with inexpensive equipment.

The consultants needed only a laptop, a £129 wireless network card and free software downloaded from the net.

Eight areas of the capital, including the City, home to the UK's largest financial institutions, were tested in the study, sponsored by security specialist RSA.

Although security was tighter in the City, some 48 companies out of the 124, including some well-known institutions, were still exposed, with more than half using unencrypted signals.

Anyone with malicious intent could have grabbed user IDs, passwords, and even wire fund transfers, said Richard Hollis, managing director at Orthus.

"This is easy pickings for a hacker, and once breached, a wireless Lan can be used as a base to launch other attacks with complete anonymity," he said.

Data sent by users authorised to use a wireless Lan carries an identifier (SSID) that is unique to that network. These SSIDs can be used to gain unauthorised access to the network and can reveal the name of a company, making it easier for a hacker to target attacks.

But the technique, also known as 'wardriving', can be easily defended, said ethical hacker Chris McNab, now a consultant at security company Matta.

"Security should be as strong as it is for wired networks and dial-up access connections," he said.