Wireless Security Survey
Analysis of Wireless Network Security Landscape of Lagos State
With the ever increasing use of wireless technology, there has been growing concerns about the security of wireless networks and the potential misuse of of unprotected wireless networks.
In August 2013, the Security, Privacy & Resiliency team of Deloitte conducted a wireless security survey in major business areas in Lagos, Nigeria. It was carried out using the war driving technique described on page 7. Information was collected throughout major business locations in the city (Ikoyi, Victoria Island, Ikeja and Lagos Island) with a view to understanding the area's use of wireless network technology and the possible security exposures.
The main objectives of this survey were:
- To evaluate the level of security of wireless networks in the Lagos Metropolis
- To raise awareness about the security risks of wireless networks, and provide security tips and recommendations.
- To provide statistics on the use of wireless networks in Lagos State
Our analysis revealed the following:
- Basic configuration errors like the use of default/manufacturer device names were wide spread
- Device names that revealed company details were rampant
- Many of the wireless networks either did not have encryption mechanisms or had weak encryption mechanisms.
We gathered information on more than 1,500 Wireless Access Points which included business as well as residential networks. Of the total networks sampled, about 47% appeared to be vulnerable i.e. not encrypted or having weak encryption.
In addition, about 81% of the wireless networks were broadcasting default manufacturer Services Set identifiers ('SSIDs') as their wireless network names. While we did not check whether default device passwords were in use, it was possible that default manufacturer passwords may also be left unchanged on some of these networks making them very vulnerable.
We hope the results of this survey will motivate you to adequately secure the wireless networks under your control.