Speaking at a hacking workshop in Sydney on Friday, WhiteHat's chief executive Jason Hart explained how he and a colleague drove around the CBD for 30 minutes on Thursday with a laptop to scan for wireless networks.
To conduct the 'Wardrive', Hart used a standard IBM laptop loaded with NetStumbler and Kismet -- both of which are freeware WLAN detection tools. Of the 751 wireless networks discovered, 75 percent were unencrypted and 35 percent were broadcasting their default station ID (SSID), which Hart said is a sign that they were 'rogue' access points unknown to administrators of the systems on which they resided.
Hart said he was not surprised by the results of the test: "No, it is not a surprise. But my concern is how many companies are aware that those access points are within their business? Probably in the majority of cases [administrators] do not know about them."
According to Hart, the test demonstrated that although companies spend millions of dollars buying security products to protect their business, far too many still 'leave the back door open'.
He advises administrators to 'sweep' their buildings for wireless networks at least once a month but preferably once a week.
"It should be part of somebody's job description to sweep the building. It doesn't cost anything except a bit of time -- and you are minimising risk within the business. Download NetStumbler and walk about your building," added Hart.