Sophos, an IT security company, has launched a project called “World of Warbiking” in which they ride around major cities on a bicycle equipped with a computer. They use this computer to collect information on the wireless networks available and to gather information on the people who are connecting to these networks.
Sophos has launched this project to illustrate how our desire to be online at all times is leaving us exposed to hackers and cyber thieves. The main reason for this exposure is not that these kinds of attacks or unknown or even that sophisticated, but rather that we do not pay attention to or use best practices when connecting to wireless networks that could keep us safe.
“Warbiking” is a riff on the concept of wardriving, which is the act of searching for WiFi wireless networks by a person in a moving vehicle, using a portable computer. When they find an open WiFi network, they can easily steal login information to bank accounts, social media, and email accounts from anyone accessing it. Software for wardriving (or warbiking) is easy to install and available for free on the Internet.
It’s important here to mention the Sophos collected general statistics about networks and individuals connecting to these networks in a non-invasive and legal manner.
Sophos chose San Francisco as their first place to study, as there are tens of thousands of wireless networks which nearly everyone uses on a daily basis. What they found was disturbing.
The first thing Sophos wanted to find out was whether people were connecting to wireless networks securely. In the few days they spent collecting network information around San Francisco, they identified over 72,000 wireless networks. These networks had the following security:
- WEP (Wireless Enterprise Protocol): Nearly 10% of users were connecting to WEP networks. WEP is outdated and very old technology. Since 2001, several serious weaknesses in the protocol have been identified so that today a WEP connection can be cracked within minutes.
- No encryption: Nearly 20% of networks were public WiFi networks and offered no security whatsoever.
- WPA (WiFi Protected Access): The largest percentage of networks, 57%, used WPA, which is an updated security protocol compared to WEP, but one that is still outdated and no longer recommended by the Wi-Fi Alliance and IEEE.
- WPA2: Only 13% of networks used WPA2, the recommended best-practice protocol and the safest security protocol currently available.
- WPS (WiFi Protected Setup): WPS is a security protocol which was used by nearly 30% of the networks. While safer than WEP or WPA, WPS is vulnerable to brute force attacks in which hackers can figure out your password in as little as four hours.
We Want Network Access No Matter the Costs
Sophos also set up a fake public WiFi network to see who would connect to it, and over 1,500 people did. Although they did not steal user data using a man-in-the-middle attack, it would have been very easy to do so.
Over 50% of the people who connected to the fake network did so using their iOS or Android device, showcasing just how many people are connecting to public WiFi networks on their smartphone or mobile device. Only 30% were laptop users.
The big takeaway from this part of the experiment was that only 6% of users were using a VPN to encrypt their information. Many of us simply connect first and then worry about security later.
How to Stay Safe
Sophos offered the following advice to stay safe when connecting to WiFi networks on your laptop, smartphone, or mobile device:
- Use WPA2 network security on your home network.
- Use strong passwords and change them often.
- Don’t name your network using your own name.
- Think twice before connecting to a public WiFi network.
- Make sure your computer and browser are updated with the latest patches.
- Finally, use a VPN (like PRIVATE WiFi) to keep your private information safe on all of your devices.