Led by Global Head of Security Research at Sophos James Lyne, the World of Warbiking project intends to raise awareness about the alarming state of wireless insecurity.
Lyne’s travels were a variant on “war driving,” an old method of driving around a city looking for open Wi-Fi networks.
A tour of San Francisco on a specially equipped bicycle revealed that many Wi-Fi networks in this high-tech city used outdated security — and that more than a thousand people were happy to connect to a random open Wi-Fi network without using any protection.
“War driving is still relevant,” Lyne said, adding that some security researchers would disdain study of such an old issue. “As security professionals, we should not ignore painfully old hacks and problems such as these. It’s still a real issue in the real world.”
In all, more than 70,000 different Wi-Fi networks were detected, and more than 190,000 individual Wi-Fi clients: smartphones, tablets, laptops and, surprisingly, a lot of Wi-Fi enabled office printers. About 20 percent of the networks were open, which sounds like a security nightmare until you remember how many cafes, parks and other public places use deliberately open networks.
The bad news came when Lyne and Wisniewski analyzed the password-protected Wi-Fi networks, whose users imagine they’re shielded by some level of security. Ten percent of the protected networks used the long-outmoded Wired Equivalent Privacy (WEP) standard, which was declared unsafe 10 years ago. Fifty-seven percent of the networks were using the first generation of the Wi-Fi Protected Access (WPA) protocol, which has various security problems of its own.
Lyne and Wisniewski also wanted to test how many people they could lure to their own open Wi-Fi hotspots. They rigged the bike’s electronics to with three open “honeypot” networks: “FreeInternet,” “FreePublicWifi” and “DO NOT CONNECT.” They had 27 people connect to the last one.
Wi-Fi wasn’t the only wireless protocol the Sophos team scanned for. On the bike were three receivers fine-tuned to pick up diffent Bluetooth protocols. A total of 3,412 Bluetooth devices were detected, mostly smartphones, satellite-navigation devices and cars themselves. Security experts recommend that users of Bluetooth devices turn off Bluetooth unless they need it — most Bluetooth connections are “paired” by a four-digit PIN, which is often factory-set to something like “1234” or “0000.”
Lyne’s war-biking tests will continue in other cities and countries in the coming months, and videos of his rides will can be seen on YouTube…https://www.youtube.com/watch?v=lM9VnujhhnM
Resources: c/net, Yahoo News, Sophos.com, YouTube
A tour of San Francisco on a specially equipped bicycle revealed that many Wi-Fi networks in this high-tech city used outdated security — and that more than a thousand people were happy to connect to a random open Wi-Fi network without using any protection.
“War driving is still relevant,” Lyne said, adding that some security researchers would disdain study of such an old issue. “As security professionals, we should not ignore painfully old hacks and problems such as these. It’s still a real issue in the real world.”
In all, more than 70,000 different Wi-Fi networks were detected, and more than 190,000 individual Wi-Fi clients: smartphones, tablets, laptops and, surprisingly, a lot of Wi-Fi enabled office printers. About 20 percent of the networks were open, which sounds like a security nightmare until you remember how many cafes, parks and other public places use deliberately open networks.
The bad news came when Lyne and Wisniewski analyzed the password-protected Wi-Fi networks, whose users imagine they’re shielded by some level of security. Ten percent of the protected networks used the long-outmoded Wired Equivalent Privacy (WEP) standard, which was declared unsafe 10 years ago. Fifty-seven percent of the networks were using the first generation of the Wi-Fi Protected Access (WPA) protocol, which has various security problems of its own.
Lyne and Wisniewski also wanted to test how many people they could lure to their own open Wi-Fi hotspots. They rigged the bike’s electronics to with three open “honeypot” networks: “FreeInternet,” “FreePublicWifi” and “DO NOT CONNECT.” They had 27 people connect to the last one.
Wi-Fi wasn’t the only wireless protocol the Sophos team scanned for. On the bike were three receivers fine-tuned to pick up diffent Bluetooth protocols. A total of 3,412 Bluetooth devices were detected, mostly smartphones, satellite-navigation devices and cars themselves. Security experts recommend that users of Bluetooth devices turn off Bluetooth unless they need it — most Bluetooth connections are “paired” by a four-digit PIN, which is often factory-set to something like “1234” or “0000.”
Lyne’s war-biking tests will continue in other cities and countries in the coming months, and videos of his rides will can be seen on YouTube…https://www.youtube.com/watch?v=lM9VnujhhnM
Resources: c/net, Yahoo News, Sophos.com, YouTube