RSA in its seventh annual Wireless Security Survey from London, New York City and Paris reveals the continued, dramatic growth of wireless networks in the world's major financial centers.

In August 2008, an international band of hackers was indicted in the U.S.A. for allegedly exploiting a number of business enterprises poorly-secured wireless networks to steal more than 40 million credit card numbers.

Significant growth in the number of wireless networks

Paris broke all the records with a 543% year-over-year increase in the number of wireless access points. London and New York City was slower than in 2007. In London the number of access points grew 72% and New York City saw a rise of 45%. London retains its position as the 'most wireless city', with a total of 12,276 access points detected - exceeding the number we found in New York City by more than 3,000.
Public hotspots are designed to grant anyone with a wireless device to access the Internet on a pay-as-you-go or pre-paid basis. Paris rolled largest leap, with numbers maximizing by over 300% and comfortably exceeding the comparative growth in New York City (44%) and London (34%). New York City continues to be the leader in respect to its concentration of hotspots


All encryption is not created equal

As in previous editions, the survey examined wireless access points detected were secured with some form of encryption (hotspots excluded). The 2008 results show some dramatic improvements in security practice here: in New York City, 97% of corporate access points had encryption in place - up from 76% last year. In Paris, 94% of corporate access points were encrypted - although in London, 20% of all business access points continue to be completely unprotected.

However, with WEP - Wired Equivalent Privacy, the 2008 survey paid close attention to the types of encryption in-play, and the relative adoption of more advanced forms of wireless encryption, including Wi-Fi Protected Access (WPA) or WPA2. Paris once again led the way, with 72% of access points (excluding public hotspots) found to be using advanced security; however the numbers in New York City and London were more modest at 49% and 48% respectively, with a majority of wireless access points relying either on WEP or using no encryption at all.

WEP can be routinely cracked at the speed at which it constitutes paper-thin protection in the face of today's sophisticated hackers. “Mr. Cury warned strongly to wireless network administrators to discount WEP as a viable security mechanism and upgrade to WPA - or stronger - without delay”. It's also important that business access points are secured by encryption - even if the corporate network itself can only be accessed via an encrypted VPN. Non deployment of WPA1 or WPA2 can leave the organizations involved vulnerable to whole classes of attacks against both access points and wireless client computers."

In-home wireless networks: The next wireless explosion and they're more secure

RSA Wireless Security Survey discovered the number of personal wireless networks in evidence on the routes around London, New York City and Paris - and how secure they were:

• In London, the volume of personal wireless access points was greater even than the number of corporate ones: a total of 6,730 - or 55% of all access points detected - were identified as belonging to home-users

• In New York City, 18% of access points were in-home and in Paris the figure was 21%

Home based network users appear to be more security-savvy than their corporate counterparts. In Paris, 98% of in-home networks are encrypted - a first-class result - with New Yorkers just behind at 97%, followed by 90% of Londoners who have deployed encryption at home.

• Paris: 75% are using advanced encryption (better than WEP), compared with 72% of the city's business access points

• New York City: 61% of home users have deployed advanced encryption, with just 50% of business access points protected in the same way

• London: 48% are using advanced encryption in the home - the same percentage as in London's business sector.