How dangerous is it to use the WiFi at a local cafe? You could just have your information harvested and used against you if there’s no internet security, says Sophos, which travelled across Sydney looking for open wireless connections and found quite a few.
We’re all fans of free WiFi connections at restaurants, cafes, and shops, but danger could be lurking around the corner, or inside the network, without you realising it.
To find this out, security company Sophos this week spent some time on the streets, equipping a bicycle with some computer hardware and wireless technology to look for open and closed wireless networks, making the car-based act of finding unsecured wireless networks called “wardriving” even more portable by doing it on a bicycle.
Because of this change in transportation, Sophos called the experiment “warbiking,” and went searching for wireless networks all around Sydney, with the company’s Head of Security Research James Lyne donning a bicycle helmet, mountain bike, and a small computer to see what he could find.
Over two days of warbiking later and with over 34,000 networks checked, Lyne found that almost 28 percent of the networks checked either didn’t use security, or relied on a form of security known as WEP (Wireless Equivalent Privacy), a technology that had been broken years ago.
Further to this, around 28 percent more used the older WPA (WiFi Protected Access) security, which once again hasn’t been recommended for use for a while.
These results show that over half of Sydney’s WiFi networks could be broken pretty easily, which is bad news for the data sent over this networks, with much of this being transmitted by laptops, tablets, and smartphones.
“Of greatest interest during our warbiking exercise, was that Sydney had a relatively high number of open networks,” said Lyne, adding that “whilst many were intentionally open, users may wrongly assume this means their personal information is encrypted and protected, when in reality it is available for anyone to pick up.”
“It’s clear from our warbiking exercise in Sydney that there are a large number of businesses and home users employing insecure, poorly implemented, or even defunct wireless security protocols. With our increasing desire to be online at all times, this is leaving millions of people, companies and their valuable data open to attack.”
Why is this bad?
Most people using a WiFi network don’t know and can’t really find out if the wireless network they’re relying on will be secure, and if they don’t have a virtual private network or a system deployed to encrypt their information, means their data could be captured by anyone out there wardriving or even warbiking.
In fact, Sophos found that only 1.20 percent of people used a VPN on their devices, making it possible for a would-be scammer to sit nearby without being noticed and snag some data if they so chose.
“Even within the security industry, there are myths and misunderstanding about what the real risks are with wireless,” sad Lyne.
“Many argue that the unencrypted, intentionally open networks are ‘OK’ as they use a captive portal to register users. Unfortunately the standard user doesn’t recognise that major brand XYZ wireless is not encrypted and that their information can be picked up by anyone with $40 piece of equipment available on Amazon.”
How can you help avoid getting caught in this net?
One way is to make sure you’re using secure layers when using the web, such as using the HTTPS version of websites, and another way is to investigate a VPN.
While security software can help another computer from breaking into your own, it might also be wise to rely on your mobile connection for important information, such as checking your bank balance on the go, sending emails, and transmitting and critical documents or personal details. If you need to do this on a computer, share your mobile connection and secure it with WPA2 to make it harder for a warbiker to break.