Wi-Fi access points in Hong Kong don't come with encryption technologies considered highly secure, said the Hong Kong Wireless Technology Industry Association (WTIA).
The WTIA announced Monday the results of its annual field survey entitled War Driving Survey 2008 completed last December. The annual survey has been a joint effort between WTIA and Professional Information Security Association (PISA) since 2003, with funding support from Hong Kong's Office of the Telecommunications Authority under the Public Awareness Campaign on WiFi Safety.
The 2008 survey had the most comprehensive coverage capturing 30, 457 unique access points in four days, said WTIA, adding that survey areas include tram routes, Kowloon, New Territories, and Victoria Harbour, WTIA added.
Survey results indicated that while 78% of access points in Hong Kong are encryption enabled, only 7% of them are encrypted with WPA AES or WPA 2 AES.
Ken Fong, vice chairman of WTIA said that WPA AES or WPA 2 AES are considered the only highly secured encryption technologies at present. 'WPA TKIP and WPA 2 TKIP, deployed among 24% of APs, were regarded as secure, but researchers have found loopholes of these technologies recently,' he noted.
According to the results, 47% of APs were encrypted with WEP, which can be easily cracked by attackers within 10 minutes, said Fong, adding that some of the APs, at 22%, are live without any encryption at all.
'People are increasingly aware of WLAN security, but hackers have also improved their tricks,' said Alan Ho, vice-chairperson at PISA. 'Thus it's important for users to update their encryption technologies on a regular basis.'
Besides, about 30% of users haven't changed the default SSIDs (service set identifier), said Fong. 'That might also mean other system settings including the administrator passwords have remained unchanged for a long period of time,' he noted.
To make Wi-Fi access more secured, Fong suggested users to enable the hidden SSID function and change SSIDs not to reflect their own identity and or names.
Full Story
Computerworld Hong Kong