Wi-Fi Still A Corporate Risk

As the speed of business continues to accelerate all over the world, the strategic advantages of constantly connected employees also present some high-risk problems for corporate America.

Experts say the risks are growing because computer networks are increasingly being patched together through the Internet, with more entry points into the system than ever before. Laptops, PDAs, Wi-Fi hotspots and even cell phones form a loose-knit circle of methods to accesses the Web.

“There are more opportunities for attack, and there are more ways into the network,” Phil Nobles, wireless Internet and cyber-crime expert at the Defense Academy of the United Kingdom, said.

And because most executives aren’t up-to-date on the latest cyber crimes, said Nobles, it is safe to assume that the corporate world is adding to the problem.

One particularly vexing scam to recently rear its head is known as the “evil twin,” and it preys on Internet users on the go, those who take advantage of wireless connections wherever they may pop up.

Evil twin attacks occur at Wi-Fi hotspots where hackers can easily snatch a Wi-Fi signal out of the air, set up a fake connection that looks like the real one, and then wait for information galore.

“In essence, users think they’ve logged on to a wireless hotspot connection when, in fact, they’ve been tricked to connect to the attacker’s un-authorized base station,” Nobles said.

The evil twin pages look like the real thing and may even be hijacked copies of the wireless Web log-in pages that are the gateways to Wi-Fi access.

“Once the user is connected to the ‘evil twin’, the cyber criminal can intercept data being transmitted, such as bank details or personal information,” Nobles said.

Business executives who use wireless hotspots in airports and hotels need to be wary of these sophisticated phishing scam, he added. Corporate users are urged to use hotspots only for Web surfing — not for checking bank accounts or accessing databases, which require passwords or confidential login information. Experts advise users to enter passwords or data only into Web sites that contain a Secure Sockets Layer key at the bottom-right of the Web browser. Turning off or removing wireless cards from the system are another good way to prevent a malicious third party from accessing the computer.

These attacks are being driven by businesses because so much business, so many transactions, are done over the Internet,” said Mike Miller, a director at Dallas-based Cirond, a vendor of wireless security software.

Information security pros are paying closer attention and enlisting the help of government agencies, which are increasingly on the lookout for new hacking and computer-related identity theft schemes.

In fact, cyber crime has become the FBI’s third-highest priority, after counterterrorism and counterintelligence, according to a recent report.

Security wonks said browser developers might be able to help secure the Wi-Fi networks. They predict the next generation of browsers will include tools that examine the underlying information being fed to the laptop computer by the Wi-Fi network, matching it against the real digital signature of the actual provider.

News Around the Web