Spammers target Wi-Fi security

Spammers are preparing to use weaknesses in corporate wireless local area networks (Lans) to send out floods of unsolicited email, a security company chief has claimed.

CipherTrust said that, as security on fixed line internet connections tightens, spammers could gear up to exploit vulnerabilities in wireless Lan security.

Steve Raber, CipherTrust's chief executive, warned that spammers could send someone out with a laptop PC looking for vulnerable networks and then hijack a company's mail servers to send junk email.

"Spam is not just a nuisance problem it is a security problem and inadequate protection for Wi-Fi is very common," he explained.

"It won't be the large companies so much as the smaller companies which buy off-the-shelf Wi-Fi networking solutions that will be most at risk."

Steve Ashmore, senior technology consultant at security company Mirapoint, agreed that an unsecured system will attract attacks.

"The smaller companies will be more vulnerable and it is very possible that someone will try and take advantage of this," he said.

"Companies tend to take a belt and braces approach to security and an unsecured Wi-Fi connection is an open invitation to anyone driving by who wants to hack into a system."

But others argue that there are much easier ways for spammers to operate, and that wireless networks can be secured with ease.

"Spammers will still search for 'friendly' ISPs that won't close their accounts, or continue to use free trials rather than use Wi-Fi connections," said Matt Sergeant, senior spam technologist at MessageLabs.

"There are also rumours that employees have allowed spammers to connect to fixed line connections with a network cable to hack company email servers.

"But if Wi-Fi spamming does start happening it is very easy to shut the door. All Wi-Fi equipment comes with 128-bit Wired Equivalent Privacy, and passwords can be set which lock out hackers."