Almost one-third of 34,476 wireless networks in central Sydney had no security encryption or were using easily broken WEP security, according to a novel study by security vendor Sophos. This finding was part of Sophos’ global ‘warbiking’ project, which involved James Lyne, the company’s global head of security research, riding a computer-equipped bike through major cities to detect wireless networks. Sydney is the latest stop on this journey, a different take on ‘wardriving’ – the act of searching for wireless networks from a moving vehicle. Lyne’s bike is equipped with the Raspberry Pi credit-card-sized computer, a network card, battery, and GPS device. Lyne tracked unsecure wireless networks and examined user behaviours that could be exploited by hackers, during rides over two days through the Sydney CBD and across the Harbour Bridge to Milsons Point. Sydney stacked up well compared to other cities when it came to the use of WEP but 3.98 per cent of networks were still using the algorithm, Lyne said. This compared to 9.4 per cent in San Francisco and 6.34 per cent in London. During the Sydney rides, Lyne discovered that 23.85 per cent of the networks were open; 28.15 per cent used the depreciated WPA security algorithm; and 44.02 per cent used WPA2. A further 35 per cent used WPS, which enables users to unlock the password for a network using a PIN or time-based connection, removing the need to type a long password. Lyne said this is equivalent to printing a long password, putting it in a paper bag labelled ‘please don’t look in me’ and putting it in the middle of the street. “This feature has a number of astonishingly dumb problems. For example, you can actually across the majority of these devices … brute force all of the PINs in about 11 to 12 hours. “The majority of WPS implementations using the ‘Reava attack’ could enable you to break into one of these networks in less than a couple of hours. “A very high percentage of [these networks] could be broken into using that Reava attack by an attacker that’s a little more patient compared to the average cybercriminal.” Lyne said that some manufacturers still have built-in WEP as an option in their devices, which he regarded as “outright negligence” given how broken it is. “You will still find providers that use WEP by default. Only a couple of weeks ago, we found a payment card merchant system that only supported WEP. We told them they were in violation of PCI and they said ‘what’s PCI?’” “As a society we are failing measurably to do the basics in network and wireless security,” he said. Throughout his ride, Lyne also created honeypot SSIDs – ‘free public Wi-Fi’, ‘free Internet’, and ‘Do not connect’, with 994 people in Sydney connecting to the networks. “We gave them a captive portal page to tell them we would be logging high level information about their browsing and the protocols that they used,” he said. The most popular websites visited at all locations included Facebook, Twitter, Internet banking portals, Google Maps, webmail, Snapchat, and believe it or not adult websites such as Ashley Madison. Follow CIO Australia on Twitter and Like us on Facebook… Twitter: @CIO_Australia, Facebook: CIO Australia, or take part in the CIO conversation on LinkedIn: CIO Australia Follow Byron Connolly on Twitter:@ByronConnolly Related content feature 8 change management questions every IT leader must answer Designed to speed adoption and achieve business outcomes, change management hasn’t historically been a strength of IT orgs. It’s time to flip that script by asking hard questions to hone change strategies. By Stephanie Overby Nov 30, 2023 10 mins Change Management Change Management IT Operations feature CIO Darlene Taylor’s formula for success: Listen, drive, care This Motor City CIO says building and maintaining credibility starts with an empathy-driven approach, which has the potential to render you highly appealing to top talent. By Michael Bertha Nov 30, 2023 6 mins Automotive Industry IT Leadership news MENA IT Spending to Grow 4% in 2024 By Andrea Benito Nov 30, 2023 2 mins Artificial Intelligence brandpost Sponsored by Huawei 400G: Building bandwidth for the next lap By Jane Chan Nov 30, 2023 5 mins Networking Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe