We have done security scans in Torrance and the surrounding cities of many of the WiFi access points, and there is an alarming trend. Many businesses offer guest WiFi access points for Internet access, but many of them are running unencrypted (No Password), or are providing access to the local LAN exposing critical equipment such as servers, workstations and cash registers to potential attack.
The more well known problem is if you are using a mobile device such as a phone, notebook, or tablet that someone may sniff confidential information from the connections. This could be passwords or other information that will provide further access to your data. Many people think that these bits of data are not important, but they can be used to gain further access. For example, getting in to your email can provide a means to change the password for your bank account.
The other issue, even if you don’t attach your device is security compliance. We have seen this across a wide variety of businesses, small and large, including retail, restaurants, car dealerships, government offices and medical offices. Leaving these access points open is the tip of the iceberg. Not only is it an easy attack point to the network, but likely means that there are many other security issues that have not been attended to. If you are going to hand them a credit card, or fill out a loan application some thought should be put in to this. Is their network secure?
We have notified the businesses that we scanned and the responses have been disappointing. Some do not contact us back, or hang up on the phone. Others tell us that their “IT people have it handled”. In most cases, nothing has been done to fix the vulnerabilities. With so many high profile hacks, like Equifax and Sony one would think that more caution would be taken, but too many businesses still underestimate the importance of computer security. We have a solution for this problem, and many others, but business owners and managers are not taking any action even when advised that they have a problem. We have tried unsuccessfully for a while to get these problems fixed.
The first indication that there may be a problem is an open, unencrypted access point. You can see this on your phone since the access point will have no lock next to it. Even if it is encrypted, it may be set up wrong. There are some applications that will scan the network for other devices. Ideally it should show only your phone, and the access point, but many networks will show other phones, printers, and computers. The more devices that show, the more likely there is a big issue.
What you can do....first is don’t use the network, and don’t hand them a credit card to protect yourself. Something should be said to staff about the problem. They likely won’t understand, but if enough people mention it, management may take notice. If you are a business owner or manager, a security audit of the network should be done.