If you remember the article we posted a few months ago about Sophos’ warbiking tour, you’ll recall that Sophos found that only 13% of WiFi users in San Francisco were connecting to the Internet using WPA2 security, the recommended best-practice protocol and the safest security protocol currently available.
They also found that 1,500 people connected to a fake public WiFi network they set up, which could have easily been a rogue network, and that only 6% of users were using a VPN to stay safe.
Well, Sophos is at it again and this time they’ve visited Las Vegas and Sydney. And perhaps unsurprisingly, they found that users there are just as unconcerned with public WiFi security as their counterparts in San Francisco.
A Quick Refresher on Warbiking
Warbiking is a spin on wardriving, which is when hackers drive around in a car searching for wireless networks that they can hack into using a portable computer. When they find one that uses weak (or no) security, they steal login information and private information from the users accessing the network.
Instead of a car, Sophos used a bicycle equipped with a portable computer. They call this project the “World of Warbiking” and have been targeting major cities around the world to help draw attention to the fact that our desire to be online at all times are leaving us exposed to hackers and cyberthieves. Even though the security risks of open or less that optimally secured WiFi networks are well known, few people are taking the steps necessary to protect themselves.
Sophos hopes this campaign will change that.
Vegas: City of Sinfully Bad WiFi Security
In May, James Lyne, the head of security research at Sophos, visited Las Vegas with his bicycle and found that almost half of those accessing WiFi had almost no regard for their own protection.
Lyne found over 56,000 WiFi networks, and over 47% had no security whatsoever, meaning that whoever logged into these networks were completely exposed to anyone who wanted to access their information. And Lyne found that some of these public WiFi users were even visiting banking sites.
A little less than 3% of networks used old WEP (Wireless Enterprise Protocol) security, which contains very serious weaknesses that allow it to be cracked within minutes. And 30% of networks used WPA (WiFi Protected Access) security, which is outdated and no longer recommended by the Wi-Fi Alliance and IEEE.
When he set up a fake WiFi network, an astounding 4,700 people connected to it, demonstrating just how easy it would be for a hacker to steal private information from literally thousands of people.
Sydney: The Least Worst City (So Far)
When Lyne warbiked around Sydney, he found nearly 35,000 WiFi networks. Almost 4% of the networks were still using WEP security, 28% were using WPA security, and 35% used WPS (WiFi Protected Setup) security, which is vulnerable to brute force attacks. Only 44% of WiFi networks used WPA2 security, the recommended best-practice protocol and the safest security protocol currently available.
Completely open WiFi networks accounted for nearly 24% of the total number of networks, but while this number was lower than other cities, only a tiny 1.2% of users were using a VPN to protect themselves.
It’s not hard to stay safe when we access WiFi networks. Sophos offered the following tips when connecting to WiFi networks on any of your devices:
- Use WPA2 network security on your home network.
- Use strong passwords and change them often.
- Don’t use your name when naming your home network.
- Think twice before connecting to a public WiFi network.
- Make sure your computer and browser are updated with the latest patches.
- Finally, use a VPN (like PRIVATE WiFi) to keep your private information safe on all of your devices.