Warbiking is a method of riding around a city on a bicycle to search for wireless access points. It’s a method similar to wardriving, in which you would drive around looking for wireless networks, but since you can’t fit the same gear on a bike that you can in a car (namely, a laptop), you have to make some compromises.
Sophos recently used warbiking in Sydney to examine the state of affairs of the city’s wireless networks. Are they secure? What type of security is in use? How many free networks are there? It used a regular bicycle fitted with some choice hardware in order to find out.
The cutting list included a Raspberry Pi to record the data, which was collected by an Alfa branded wireless network adapter, and plotted on Google Earth using a GPS device. There’s a lot more to it than that, of course, including the need for connection interfaces (Bluetooth for input, for example), and power from external batteries, and all of this stuff was mounted to the bike in the most streamlined way possible.
Riding the bike over two days was Sophos’ global head of security research (and huge Firefly fan), James Lyne. His computer-equipped bicycle surveyed up to 34,476 wireless networks around Sydney’s streets, recording the type of security used by each network, but not going any further to try and access those networks and determine password strength — it was all above board as far as the law is concerned.
James Lyne has done this warbiking tour in other cities as well, including Hanoi, Las Vegas, London, and San Francisco. Compared to those cities, Sydney’s networks fared quite well, with over 44 per cent of them using the latest data encryption, WPA2. For comparison, London had only 17.26 per cent of surveyed networks using the latest standard, and San Francisco had 13.53 per cent. This could indicate that many Sydney homes and businesses are ahead of the curve when it comes to implementing new networking infrastructure.
Sophos put together this great flyover of the Sydney warbiking tour using Google Earth. The green circles indicate the locations of WPA2 security, while the red circles are the locations of the open networks. Orange indicated WEP usage, and yellow is WPA.
Open networks are a risk
The use of the easy-to-defeat WEP standard was low in Sydney at just under 4 per cent, but Lyne did find a very high number of networks without any encryption at all. Approximately 24 per cent of networks were reported to have no encryption, compared to just under 20 per cent for San Francisco and just over 23 per cent for London. Lyne warned that while many of these open networks are set up with Web page portals to allow users to log on to them, this offers a false sense of security as the data flowing over them is not encrypted.
Regarding these open networks, Lyne said “users wrongly assume this means their information is encrypted and protected when in reality it is being beamed out in clear text for anyone to pick up”. The message here is that users should refrain from sending passwords and other crucial information over these open networks. Lyne’s research went further, creating an open network with a 4G modem and a captive portal page to see how many users would log on to it.
“Our experiment found a large number of people willing to connect to an open wireless network we created, without any idea of who owned it or whether it was trustworthy”, Lyne said in a statement.
“This willingness to connect to any wireless network that professes to offer free Wi-Fi, without ensuring you have some kind of security measures in place, is like shouting your personal or company information out of the nearest window and being surprised when someone abuses it. With a few extra command line arguments, it would have been trivial to attack nearly everyone in our Sydney hotspot study”.
Most worrisome was the behaviour of users on these open networks. Lyne found that many people were logging on to Facebook and Twitter, as well as Web-based mail, and even banking sites. Lyne stated that “only a tiny minority (1.20 percent) actually took responsibility for their own security by using a Virtual Private Network (VPN) or forcing secure web standards”.