Almost one-third of 34,476 wireless networks in central Sydney had no security encryption or were using easily broken WEP security, according to a novel study by security vendor Sophos. This finding was part of Sophos’ global ‘warbiking’ project, which involved James Lyne, the company’s global head of security research, riding a computer-equipped bike through major cities to detect wireless networks. Sydney is the latest stop on this journey, a different take on ‘wardriving’ – the act of searching for wireless networks from a moving vehicle. Lyne’s bike is equipped with the Raspberry Pi credit-card-sized computer, a network card, battery, and GPS device. Lyne tracked unsecure wireless networks and examined user behaviours that could be exploited by hackers, during rides over two days through the Sydney CBD and across the Harbour Bridge to Milsons Point. Sydney stacked up well compared to other cities when it came to the use of WEP but 3.98 per cent of networks were still using the algorithm, Lyne said. This compared to 9.4 per cent in San Francisco and 6.34 per cent in London. During the Sydney rides, Lyne discovered that 23.85 per cent of the networks were open; 28.15 per cent used the depreciated WPA security algorithm; and 44.02 per cent used WPA2. A further 35 per cent used WPS, which enables users to unlock the password for a network using a PIN or time-based connection, removing the need to type a long password. Lyne said this is equivalent to printing a long password, putting it in a paper bag labelled ‘please don’t look in me’ and putting it in the middle of the street. “This feature has a number of astonishingly dumb problems. For example, you can actually across the majority of these devices … brute force all of the PINs in about 11 to 12 hours. “The majority of WPS implementations using the ‘Reava attack’ could enable you to break into one of these networks in less than a couple of hours. “A very high percentage of [these networks] could be broken into using that Reava attack by an attacker that’s a little more patient compared to the average cybercriminal.” Lyne said that some manufacturers still have built-in WEP as an option in their devices, which he regarded as “outright negligence” given how broken it is. “You will still find providers that use WEP by default. Only a couple of weeks ago, we found a payment card merchant system that only supported WEP. We told them they were in violation of PCI and they said ‘what’s PCI?’” “As a society we are failing measurably to do the basics in network and wireless security,” he said. Throughout his ride, Lyne also created honeypot SSIDs – ‘free public Wi-Fi’, ‘free Internet’, and ‘Do not connect’, with 994 people in Sydney connecting to the networks. “We gave them a captive portal page to tell them we would be logging high level information about their browsing and the protocols that they used,” he said. The most popular websites visited at all locations included Facebook, Twitter, Internet banking portals, Google Maps, webmail, Snapchat, and believe it or not adult websites such as Ashley Madison. Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia Follow Byron Connolly on Twitter:@ByronConnolly Related content Opinion How can CIOs protect Personal Identifiable Information (PII) for a new class of data consumers? Enterprises and data owners must ensure customer data privacy while training their machine learning models. Let us learn how. By Yash Mehta Mar 22, 2023 10 mins Data Privacy Data Science Machine Learning News ServiceNow continues workflow platform expansion with Utah release The company also doubles down on its customer success automation efforts, but bucks the trend by omitting GPT. By Peter Sayer Mar 22, 2023 7 mins CIO Build Automation Enterprise Architecture BrandPost Don’t buy into the hype of network observability to realize digital transformation success Just collect the right data and follow it to where it leads you. By Jeremy Rossbach, Chief Technical Evangelist, Broadcom Mar 22, 2023 3 mins Networking Feature How culture and strategic partnerships help fuel transformation Marc Hale, CTO for AIA New Zealand, recently spoke with Cathy O’Sullivan, editor for CIO New Zealand, about navigating the complexities of digital transformation, and focusing on culture to enable healthier outcomes for customers. By CIO staff Mar 22, 2023 7 mins CTO Digital Transformation Change Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe