What is warbiking?

And what does it reveal about the state of Sydney's wireless networks?

Sophos' warbiking tour hits Sydney.
Sophos' warbiking tour hits Sydney.

Warbiking is a method of riding around a city on a bicycle to search for wireless access points. It’s a method similar to wardriving, in which you would drive around looking for wireless networks, but since you can’t fit the same gear on a bike that you can in a car (namely, a laptop), you have to make some compromises.

Sophos recently used warbiking in Sydney to examine the state of affairs of the city’s wireless networks. Are they secure? What type of security is in use? How many free networks are there? It used a regular bicycle fitted with some choice hardware in order to find out.

The cutting list included a Raspberry Pi to record the data, which was collected by an Alfa branded wireless network adapter, and plotted on Google Earth using a GPS device. There’s a lot more to it than that, of course, including the need for connection interfaces (Bluetooth for input, for example), and power from external batteries, and all of this stuff was mounted to the bike in the most streamlined way possible.

Sophos' warbike was equipped with a Rasperry Pi computer.
Sophos' warbike was equipped with a Rasperry Pi computer.

A wireless adapter was strapped to the frame.
A wireless adapter was strapped to the frame.

GPS hangs from the seat.
GPS hangs from the seat.

Riding the bike over two days was Sophos’ global head of security research (and huge Firefly fan), James Lyne. His computer-equipped bicycle surveyed up to 34,476 wireless networks around Sydney’s streets, recording the type of security used by each network, but not going any further to try and access those networks and determine password strength — it was all above board as far as the law is concerned.

James Lyne has done this warbiking tour in other cities as well, including Hanoi, Las Vegas, London, and San Francisco. Compared to those cities, Sydney’s networks fared quite well, with over 44 per cent of them using the latest data encryption, WPA2. For comparison, London had only 17.26 per cent of surveyed networks using the latest standard, and San Francisco had 13.53 per cent. This could indicate that many Sydney homes and businesses are ahead of the curve when it comes to implementing new networking infrastructure.

Sophos put together this great flyover of the Sydney warbiking tour using Google Earth. The green circles indicate the locations of WPA2 security, while the red circles are the locations of the open networks. Orange indicated WEP usage, and yellow is WPA.

Open networks are a risk

The use of the easy-to-defeat WEP standard was low in Sydney at just under 4 per cent, but Lyne did find a very high number of networks without any encryption at all. Approximately 24 per cent of networks were reported to have no encryption, compared to just under 20 per cent for San Francisco and just over 23 per cent for London. Lyne warned that while many of these open networks are set up with Web page portals to allow users to log on to them, this offers a false sense of security as the data flowing over them is not encrypted.

Regarding these open networks, Lyne said “users wrongly assume this means their information is encrypted and protected when in reality it is being beamed out in clear text for anyone to pick up”. The message here is that users should refrain from sending passwords and other crucial information over these open networks. Lyne’s research went further, creating an open network with a 4G modem and a captive portal page to see how many users would log on to it.

“Our experiment found a large number of people willing to connect to an open wireless network we created, without any idea of who owned it or whether it was trustworthy”, Lyne said in a statement.

“This willingness to connect to any wireless network that professes to offer free Wi-Fi, without ensuring you have some kind of security measures in place, is like shouting your personal or company information out of the nearest window and being surprised when someone abuses it. With a few extra command line arguments, it would have been trivial to attack nearly everyone in our Sydney hotspot study”.

Most worrisome was the behaviour of users on these open networks. Lyne found that many people were logging on to Facebook and Twitter, as well as Web-based mail, and even banking sites. Lyne stated that “only a tiny minority (1.20 percent) actually took responsibility for their own security by using a Virtual Private Network (VPN) or forcing secure web standards”.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Elias Plastiras
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?