The experiment was conducted over two days by Sophos’ director of technology strategy, James Lyne. The project involved using a bike equipped with dynamos and solar panels to power a computer designed to scan for wireless networks – a technique known as ‘wardriving’, or in this case ‘warbiking’. In addition, a GPS-enabled device allowed the creation of a ‘heat’ map, depicting levels of security of wireless networks around central London.
Lyne passed more than 1,000 wireless hotspots for every mile he rode, and found that at least one in four had poor security. Analysing the geographic mapping of the hotspots and the level of security they demonstrated revealed some interesting trends. Residential areas largely had reasonable default configurations – although many devices had default network names like ‘SKY-XYZ123’, they often had the strong ‘WPA2’ encryption standard enabled. At a micro level, the worst offending areas, consistently across London, were streets with collections of small businesses.
Of the overall number of networks, 9 percent were using default network names with no random element, such as 'default' or the vendor name. This makes password hacking even faster. This figure increased to 21 percent if networks which used the default name but which had some random element per device, e.g. 'Default-165496' are included. These figures excluded default names of obviously identifiable, intentionally open hotspots such as those in hotels and cafes. Some providers offering packaged solutions with a plug and play router generate truly random names by default, and supply these on a sticker on the bottom of the router. It's therefore reassuring to see some vendors following best practice here, helping consumers in particular to be more secure out of the box.
Crucially, Sophos only collected high level data within the confines of the law, which revealed the general state of wireless security (and is therefore representative of awareness of steps taken to secure networks). However, it should be noted that cybercriminals have significantly more offensive tools in their armouries and could relatively easily take this exercise further.
“With the tools available we could have gone much further but we carefully stayed in the confines of the law. This exercise doesn’t paint the complete picture, but it shows enough to demonstrate that security best practice and education still need a lot of focus.” said James Lyne, director of technology strategy at Sophos.
“Pretty much every wireless device can be configured to use secure wireless networking out of the box, so poorly configured devices show a lack of awareness rather than a lack of capability to be secure,” added Lyne. “It’s easy to take simple steps to protect your wireless network, making it a far less attractive target for anyone trying to snoop on your internet activities or steal personal information. If an attacker gains access to a wireless network they can cause a lot of damage, such as intercepting usernames/passwords, taking control of computers on the network, changing browsing to websites (for example to deliver malware or capture credentials), or using the network to perform any manner of anonymous or illegal activities. Unfortunately many networks are still like a Rolo – hard on the outside but soft and gooey on the inside. Without good security as per our top tips, an organisation won't know they’ve been attacked until perhaps the police come knocking.”