With 86 per cent of the wireless networks vulnerable in India, Wi-Fi networks make a scary security development.
According to a survey conducted by the Deloitte and Data Security Council of India, 37 per cent of wireless networks had no encryption at all, followed by 49 per cent using a lower-level protection like Wired Equivalent Privacy encryption and just 14 per cent using security layers like Wi-Fi Protected Areas (WPA and WPA2) to secure their networks.
Conducted across 12 cities and spanning nearly 40,000 wireless networks, the survey presents a grim picture, say security experts.
"It opens up whole new attack vectors that were not present with wired network infrastructures. That doesn't mean you can't do it securely. However, most users lack awareness," said Nitin Khanapurkar, senior director, enterprise risk services, Deloitte India.
Unauthorised users or hackers can easily sniff sensitive data such as bank account details, online transaction passwords and e-mail communication transmitted over the unsecured wireless network, possibly causing monetary loss to the owner.
With the Mumbai police taking active steps to avoid Wi-Fi hacks after terror e-mails that were sent before 26/11 attack, wireless security has become hard to neglect.
Terror mails were sent through unsecured Wi-Fi connections prior to the Delhi and Ahmedabad blasts.
While the mail sent before the Ahmedabad blasts was traced to the residence of US national Kenneth Heywood in Navi Mumbai, the mail sent prior to the Delhi blast was traced to a residence in suburban Chembur.
The Wi-Fi connections in both the cases were unsecured, which were used to send the terror mails.
"The terror e-mails were examples of all illegal activities performed from the owner's unsecured network. If there is a subsequent criminal investigation, logs will indicate that the owner's IP address was used to commit the illegal activity," explained Khanapurkar.
Wireless security among small and medium enterprises is also becoming a huge issue, revealed the study. In cities like Jaipur, Ahmedabad, Pune, Nagpur, Lucknow and Indore, the study revealed high network vulnerabilities.
Deloitte's report advises to move to the next generation WPA or WPA2 wireless equipment. "WPA security layer may well be enough for most small businesses. With millions of Wi-Fi enabled devices being shipped every year, we believe that users should upgrade to WPA2 within two-to-three years," Khanapurkar added.