56% of wireless networks in Ireland’s cities vulnerable to attack

Publish date

Limerick has most secure wireless landscape

Residential wireless security better than business

Over 80% of public networks are insecure

56% of observed wireless networks in Dublin, Cork and Limerick are vulnerable to attackers, according to the latest wireless vulnerability assessment by Deloitte. This means that over half of the 6545 networks that were scanned across the three cities are not protected against attacks on their information, exposing sensitive personal or business data to unauthorised users.

The findings of the assessment, which was expanded this year to include Cork and Limerick, has shown that once again the use of wireless encryption to protect wireless networks remains poor. The 56% of networks found to be vulnerable used either no encryption to protect communications (19%), or weak encryption which can be trivially broken in a matter of minutes by hackers (36%).

By analysing those networks that can be identified as either residential or business networks (i.e. excluding public networks), it was found that the incidence of unsecured wireless network drops to 46%. In addition, further analysis of the business and residential networks reveals that Limerick has the most secure wireless landscape (at 62%) compared to Dublin and Cork (54% and 53% respectively). The survey shows that the level of wireless security in Dublin has remained consistent with last year, when 54% of connections were also found to be insecure in the capital city.

With regard to business security compared to residential security, identifiable residential networks were found to be more secure than identifiable business networks. In Dublin, 63% of residential networks are secure while only 51% of identifiable business networks use the more secure Wi-Fi Protected Access (WPA) and WPA2 protocols. This trend is also present in Cork (60% versus 50%) and Limerick (66% versus 60%).

The analysis also found that only 13% of wireless networks analysed are not broadcasting their network identifier (SSID). Concealing the SSID provides several security benefits - most significantly, the function of these networks cannot be determined from their broadcasts.

Commenting on the results, Colm McDonnell, Partner, Enterprise Risk Services, Deloitte said: “The results of this analysis will certainly be of concern for businesses across the country. This is the third year in a row that we have performed this survey and it’s clear that the popularity of wireless networking has not led to a corresponding awareness of wireless security. This is somewhat surprising given that there have been a number of incidents both at home and abroad that have highlighted the importance of adequate encryption. It’s quite simple – without the sufficient security measures in place sensitive data will be lost.

“While the residential connections fare slightly better in this analysis, there is still considerable scope for improvement. Individuals and businesses alike must remember that the default settings that come with their wireless devices are not intended to ensure the security of the network and may not be sufficient for the needs.”

As part of the analysis, Deloitte also looked at public networks in isolation to get a picture of how secure these are, given that they are used by a significant number of people. Of the public networks identified, over 70% have no encryption at all in place, and over 80% are classified as insecure (using either no encryption or just WEP encryption). These include many well-known wireless hotspot providers, as well as the wireless networks at many well-known hotels, restaurants and conference centres. All of these networks are vulnerable to data interception by users eavesdropping on connections.

Colm McDonnell commented: “Public networks often have weaker encryption in place because their owners regard the purpose of encryption as securing the network against unauthorised users, protecting the information transmitted is seen as a secondary concern on these ‘public’ networks. In reality, unsecured public networks may allow attackers to intercept the communications of users of the network; observing their activities and steal sensitive information such as passwords or even financial data.”

“The clear message that arises from this year’s analysis is that there is still not enough awareness surrounding the security pitfalls that wireless connectivity brings – we would encourage wireless users both at home and in the office to address this as a matter of priority,” concluded McDonnell.

Colm McDonnell will be speaking on risk management, including IT security issues, at the upcoming CEO Forum, sponsored by Deloitte and Enterprise Ireland, on November 12th in Dublin Castle.

About the survey

This is the third time that Deloitte has carried a wireless vulnerability assessment in Dublin and the first year in which wireless vulnerability has been assessed in Cork and Limerick. In total 6545 connections were examined. Scanning was performed both from a car and on foot, and tracked the locations of the networks based on GPS co-ordinates.

To read the full report, please click here.

Deloitte Profile

Deloitte’s 1,100 people in Dublin, Cork and Limerick provide audit, tax, consulting, and corporate finance services to public and private clients spanning multiple industries. With a globally connected network of member firms in 145 locations, Deloitte brings world class capabilities and deep local expertise to help clients succeed wherever they operate.

Deloitte's 165,000 professionals are committed to becoming the standard of excellence. Deloitte's professionals are unified by a collaborative culture that fosters integrity, outstanding value to markets and clients, commitment to each other, and strength from diversity. They enjoy an environment of continuous learning, challenging experiences, and enriching career opportunities. Deloitte's professionals are dedicated to strengthening corporate responsibility, building public trust, and making a positive impact in their communities.

Legal disclaimer

Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its Member Firms.

These materials and the information contained herein are provided by Deloitte & Touche and are intended to provide general information on a particular subject or subjects and are not an exhaustive treatment of such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal, investment, consulting or other professional advice or services. The information is not intended to be relied upon as the sole basis for any decision which may affect you or your business. Before making any decision or taking any action that might affect your personal finances or business, you should consult a qualified professional adviser. These materials and the information contained therein are provided as is, and Deloitte & Touche makes no express or implied representations or warranties regarding these materials or the information contained therein. Without limiting the foregoing, Deloitte & Touche does not warrant that the materials or information contained therein will be error-free or will meet any particular criteria of performance or quality. Deloitte & Touche expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness for a particular purpose, non-infringement, compatibility, security and accuracy.

Your use of these materials and information contained therein is at your own risk, and you assume full responsibility and risk of loss resulting from the use thereof. Deloitte & Touche will not be liable for any special, indirect, incidental, consequential or punitive damages or any other damages whatsoever, whether in an action of contract, statute, tort (including, without limitation, negligence) or otherwise, relating to the use of these materials or the information contained therein.

Last Updated: