Risk: Informational
Wi-fi access equipment will be installed in lampposts and road signs that will enable anyone in the City of London to access the Internet outside of offices.
Security concerns are growing about the Square Mile's wi-fi, particularly as many PCs operating on Windows XP and 2000 have the automatic searching for wi-fi connection spots facility enabled. If a computer can't set up a wireless connection, it will establish an ad hoc connection to a local address. This is assigned with an IP address, which Windows then associates with the SSID of the last wireless network it connected to. The machine will then broadcast this SSID, looking to connect with other computers in the immediate area. The danger arises if an attacker listens for computers that are broadcasting in this way, and creates a network connection of their own with that same SSID. This would allow the two machines to associate together, potentially giving the attacker access to files on the victim's PC. Although firewalls should be able to stop this happening, and those using Windows XP Service Pack 2 are not thought to be at risk, the repercussions of this feature being exploited could be disastrous. Microsoft plans to adjust the default behaviour in a future Service Pack, however, it does not plan to release the next XP Service Park until the second half of 2007.
A large number of financial organisations inhabit the Square Mile, which may mean that it is a very tempting target for attackers. The service is due to go live in a couple of months, with full access to be available within six months.