Dublin Warbiking Reveals Worrying State of Wireless Security
London - November 28th, 2014 - IT security company Sophos this week highlighted the worrying state of wireless security in Ireland’s capital city, when it sent security expert James Lyne and his computer-equipped bicycle onto the streets of Dublin to test how safe homes, businesses, and even people on mobiles phones are from cyber criminals.
(Media-Newswire.com) - London - November 28th, 2014 - IT security company Sophos this week highlighted the worrying state of wireless security in Ireland’s capital city, when it sent security expert James Lyne and his computer-equipped bicycle onto the streets of Dublin to test how safe homes, businesses, and even people on mobiles phones are from cyber criminals.
Lyne, Global Head of Security Research at Sophos, went “warbiking” across the city to track down insecure wireless networks and spotlight user behaviours that could be exploited by rogue hackers, and he discovered some alarming results: “Incredibly, conventional wireless network security is still a major concern, despite the security industry assuming such issues had been resolved years ago. Many would assume these methods are ‘old hat’ but it is still a very viable attack vector that demonstrates basic security best practice is not being adopted.” says Lyne.
“As our Dublin Warbiking exercise found, there are an astonishing number of businesses and home users employing insecure, poorly implemented, or even defunct wireless security protocols. With our voracious hunger to be online at all times, this is leaving millions of people, companies and their valuable data open to attack.”
Dublin was the latest stop on the “World of Warbiking” tour - a global research project targeting major cities across the globe. Conducted over two days around the streets of the capital, Lyne’s warbiking exercise revealed that of the 11,098 networks surveyed, some 25 percent were using either the known-broken Wired Equivalent Privacy ( WEP ) algorithm or no security encryption at all.
“Even within the security industry there are myths and misunderstanding about what the real risks are with wireless. Many argue that the unencrypted, intentionally open networks ( the majority of the 25% ) are ‘OK’ as they use a captive portal to register users. Unfortunately the standard user doesn’t recognize that major brand XYZ wireless is not encrypted and that their information can be picked up by anyone with €30 piece of equipment available on Amazon,” said Lyne.
Users want the internet and they don’t care where they get it Just as worrying was many people’s total disregard for basic security. “Our experiment found a disturbingly large number of people willing to connect to an open wireless network we created, without any idea of who owned it or whether it was trustworthy, compounded by the growing number of devices that are permanently identifying themselves via technology like Bluetooth, this kind of behavior is increasingly putting everyone’s valuable data at risk.” Over a few hours, 1074 people connected to the hotspot SSIDs offered, to take advantage of the free Wi-Fi, disregarding the warning that we posted.
Lyne continued: “This willingness to connect to any wireless network that professes to offer free Wi-Fi, without ensuring you have some kind of security measures in place, is like shouting your personal or company information out of the nearest window and being surprised when someone abuses it. With a few extra command line arguments, it would have been trivial to attack nearly everyone in our study.”
What Dubliners are connecting to when out and about The open wireless network created during the Dublin experiment also offered an insight in to how far people go to protect themselves when using open and unknown wireless networks.
“Despite the fact that this was an open network, once connected many people seemed happy to access online banking sites, even though they had no idea who was running the access point. Only a tiny minority ( 7 percent ) actually took responsibility for their own security by using a Virtual Private Network ( VPN ) or forcing secure web standards. That said, this 7% of users is significantly better than other locations around the world which did not exceed 2%. “It looks like Dublin has more tech savvy users, but the remaining 93% are still a concern. It would have been easy to give people phishing pages to collect usernames and passwords or worse, to steal credit card details”
“Our test was conducted strictly within the confines of the law,” explained Lyne, “but the cyber criminals won't have the same concerns, so our experiment shows why people need to be much more aware of the potential dangers of connecting to open Wi-Fi networks when they are out and about.”
Details about the methodology used and results so far from the World of Warbiking project - along with tips on how to be more secure – are available at www.sophos.com/warbiking.
Related Content
Published by:
Release Date
This story was released on 2014-12-10. Please make sure to visit the official company or organization web site to learn more about the original release date. See our disclaimer for additional information.