In a study of almost 2,500 access points in Indianapolis, presented at the Workshop on the Economics of Information Security at the University of Cambridge on Monday, researchers found that 46 percent were not running any form of encryption.
"People just really don't care about Wi-Fi security, and open Wi-Fi at home is a nice big target," said Matthew Hottell, lecturer in informatics at Indiana University. "Defaults (settings) are king."
Most of the secured networks used routers whose security setting had been pre-installed by the vendor, rather than having being activated by the end user. Some used WEP encryption wizards to encourage people to turn on the security settings.
"Education seems to have little effect. People with a higher economic status are not responsive to the heightened risk of privacy erosion, and people in general don't recognize that higher population density (heightens risk)," Hottell said.
However, security expert Bruce Schneier argued that as long as people's devices were secure, having a secured network was unnecessary.
"I have a completely open Wi-Fi network," Schneier told ZDNet UK. "Firstly, I don't care if my neighbors are using my network. Secondly, I've protected my computers. Thirdly, it's polite. When people come over they can use it."
University of Cambridge security expert Richard Clayton also questioned the assumption that unsecured networks were necessarily insecure.
"What is your definition of secure?" Clayton asked the researchers. "Did you try to exploit the systems?" Hottell said the wardriving team had not attempted to hack any systems or read any network traffic.
Microsoft's chief privacy adviser for Europe, Caspar Bowden, said there seemed to be a consensus among security experts that having a Wi-Fi network open to sharing has positive sides, but warned that people could not rely on WEP encryption if they wanted to secure networks.
"If you do want to secure your network, look at end-to-end solutions rather than some of the dodgy crypto around like WEP," Bowden said. "There's only one thing worse than no security, and that's a false sense of security," he added.
Tom Espiner reported for ZDNet UK.