Wireless insecurity rising

In the past, wireless security concerns seemed exaggerated. Given the limited enterprise adoption of wireless LANs and mobile data, stories about researchers cracking wireless encryption codes in labs made a good read but hardly portended a widespread breakdown of network security.

Now users are buying WLAN gear and signing up for mobile data services in droves – often without consulting their IT departments. Suddenly, we are confronted with two problems. First, with users installing inexpensive WLANs and signing up for mobile data services on their own, there is a lack of consistent and well-planned security. Second, the rapid spread of wireless data products and services is creating security problems never before encountered.

Today, anyone can create a wireless network or wirelessly extend an enterprise network using inexpensive wireless routers and client adapters from major retail chains. But making it easier for hackers to access enterprise data is by no means the only security risk that companies face. Individuals intent on stealing music or uploading porn prefer to borrow someone else’s network. And unauthorized wireless nodes can cause interference to authorized nodes, disrupting network operations.

There is also a flip-side problem. Thanks to inexpensive wireless adapters and chipsets with integrated wireless, a growing percentage of notebook PCs support Wi-Fi. According to wireless network software vendor Cirond, notebook PCs connected to wire networks may broadcast data or provide back-door access if ad hoc wireless networking mode inadvertently is left on.

Cell phone-based mobile data is mushrooming. For years, vendors and analysts assumed the goal was wireless access to the Web and e-mail. Instead, the killer applications are downloading ring tones, games and screen savers, and exchanging text, picture and voice messages.

The good news is that mobile phone networks are closed systems. You can download new software for your handset – but only software approved by your service provider. Still, the freedom to send and receive text, picture and voice messages from virtually anywhere creates unique security problems.

For example, text messaging during meetings can be used for more than just arranging lunch dates. It’s also conceivable that cameras will become a standard feature on mobile phones. Consider the ramifications of employees and visitors having cameras with the ability to instantly transmit pictures to the Internet always at the ready.

A voice application of mobile data technology – push-to-talk service – could result in embarrassing interruptions and disclosures. Push-to-talk lets other users grab your attention by speaking over your push-to-talk handset’s loudspeaker without ringing or waiting for you to answer as you would a regular phone call. If you forget to turn this feature off, someone else may blurt out who-knows-what over your phone during a meeting, in front of a customer or in a packed elevator.

The good news is dozens of companies are springing up to address these and other wireless security issues. Let’s hope they do – and fast.