Student ‘war driver’ finds business lags on wireless network security

Seventy-seven percent of businesses use either no or weak encryption, says research

Readers will have heard about the two Pakuranga College students who humbled multinational giant GlaxoSmithKline with their chemical analysis of the vitamin C content of Ribena.

Now a 14-year-old student at Tyndale Park Christian School, in South Auckland, has been doing research in another area — going war-driving to check the security of Auckland’s wireless networks. And what he has found is disturbing.

“The results of my experiments were that residential networks use better encryption than business networks,” Auke de Boer says.

De Boer was on his way to a guitar lesson one day when his father showed him how a network-sniffer installed on his laptop worked.

“While we drove home, we could see lots of wireless networks. We picked up about 200. This started me thinking about how well these wireless networks are actually protected, so I started experimenting,” de Boer says. The resulting project was judged as part of a school competition on Friday, after Computerworld’s deadline, but whether he wins or not what he discovered makes unsettling reading for businesses.

De Boer found in 28% of the cases businesses used WEP, an older form of encryption now widely considered insecure; the more secure WPA was used in 23% of cases, and no encryption was used in 49%.

“So, basically, 77% used either no or weak encryption,” he says.

Meanwhile, 25% of personal or residential users use the stronger WPA encryption and 65% use no or weak encryption.

De Boer offers two possible explanations for his findings.

“It could be that businesses had bought their wireless router first, before good security (WPA) was available, and have not upgraded their networks,” he says.

“Or it could be that they use a VPN for their wireless networks. My network-sniffer cannot determine if a network uses a VPN, so I could not test this.”

De Boer drove six routes, each one twice, to test in three areas: Manukau City centre; Takanini and East Tamaki. He divided each into business and residential zones, using Google Earth.

Overall, he says, he detected 167 business and 213 residential networks using the Kismet sniffer, Airtrack and BackTrack 2, running on Linux.

Join the newsletter!

Error: Please check your email address.

Tags WEPWPAencryptionSecurity IDwireless networks

Show Comments

Market Place

[]