London Warbiking Reveals Worrying State of Wireless Security
Published on: 30th Apr 2014
A review based on cycling around the UK's capital city London with a Wi Fi sniffer has found what one security firm calls a "worrying state of wireless security".
IT security company Sophos sent security expert James Lyne and his computer-equipped bicycle onto the streets of London to test how safe homes, businesses, and even people on mobiles phones are from cyber criminals.
"Incredibly, conventional wireless network security is still a major concern, despite the security industry assuming such issues had been resolved years ago. Many would assume these methods are 'old hat' but it is still a very viable attack vector that demonstrates basic security best practice is not being adopted. " says Lyne.
Conducted over two days around the streets of the capital, Lyne's warbiking exercise revealed that of 81,743 networks surveyed, some 29.5 percent were using either the known-broken Wireless Equivalent Privacy (WEP) algorithm, or no security encryption at all.
A further 52 percent of networks were using Wi-Fi Protected Access (WPA) - a no longer recommended security algorithm.
Just as worrying was many people's total disregard for basic security. "Our experiment found a disturbingly large number of people willing to connect to an open wireless network we created, without any idea of who owned it or whether it was trustworthy, Compounded by the growing number of devices that are permanently identifying themselves via technology like Bluetooth, this kind of behavior is increasingly putting everyone's valuable data at risk."
What Londoners are connecting to when out and about
The open wireless network created during the London experiment also offered an insight into what people are connecting to when they are out and about. Social media sites such as Facebook and Twitter were high on the list of most requested pages, along with webmail access and news websites.
But, it appears many people are also choosing to access websites and services that could prove even more attractive to cybercriminals:
"Despite the fact that this was an open network, once connected many people seemed happy to access online banking sites, even though they had no idea who was running the access point. Only a tiny minority (2 percent) actually took responsibility for their own security by using a Virtual Private Network (VPN) or forcing secure web standards.
"Our test was conducted strictly within the confines of the law," explained Lyne, "but the cyber criminals won't have the same concerns, so our experiment shows why people need to be much more aware of the potential dangers of connecting to open wi-fi networks when they are out and about."