‘Warbiking’ Reveals Hundreds Open To Hackers
Friday, August 16th, 2013
on behalf of Scottish Business Resilience Centre
Security expert James Lyne conducted a ‘warbiking’ mission, cycling across the capital scanning for unsecure wireless (or WiFi) networks with a large wireless antenna and logging the results on his solar powered computer.
From a sample from the centre of Edinburgh, the results revealed that out of 3092 wireless networks found during the exercise, 650 were classed as insecure.
Broken down the 650 failures consisted of 432 completely open networks and 228 WEP (Wireless Equivalent Privacy) networks – perhaps the worst category as people think they are secure but can actually be hacked in only a couple of minutes.
It was also revealed that SMEs were at higher risk of an attack compared to residential networks because they tended to have older hardware systems in place that they would update less often.
Many of the unsecure networks shared a similar trait; default names. The most common list of insecure networks were linksys, NETGEAR, O2WirelessXYZ and BT BusinessHubXYZ. Of course, these results present a best case picture. The test was conducted within legal constraints (unlike cyber criminals) and so would not attempt to guess passwords. Some networks listed as secure might use a password like ‘password1’ and so the figures may actually be worse.
The risks associated with an insecure network are serious. Attackers can join WiFi networks secretly and directly attack computers or devices to steal data, invade your privacy or go after your finances. They can also ‘sniff’ your network traffic, for example to view websites you’ve visited, read your emails and capture your private information such as passwords.
Police Scotland also have concerns about the lack of security which has proved to be a potential problem for householders, making them vulnerable to attacks from hackers who can secretly download child pornography to avoid detection on their own computers.
James Lyne, Global Head of Security Research at IT security giants Sophos, said: “The main aim of warbiking is to raise awareness of network security to help businesses and homes to stay safer online. People have moved on to new security concerns but unfortunately basics like WiFi security still aren’t in place.
“These results show the true extent of the number of businesses and homes that are vulnerable and how easy it is for hackers to get into a network and potentially attack personal data. If you are a small business or a consumer and your network is wide open, anyone can connect to your network.
“Anyone concerned should check their wireless is using WPA2 and a strong password – you can find more tips online.”
The project was supported by the Scottish Business Resilience Centre (SBRC), which safeguards the economic wellbeing of Scottish businesses.
Mandy Haeburn-Little, Director of the SBRC, said: “These figures are surprising and frustrating and actually they fully demonstrate why we all need to wake up to being better cyber resilient. Through the SBRC we are running a 12 month programme of awareness and advice for business and, if anything, these results show me we need to do much, much more. We need to significantly turn up our volume on this.
“None of us, not one business, can be complacent. Our next focus will be business and social media so watch this space.”
Detective Superintendent Steven Wilson, Head of e Crime, Specialist Crime Division, Police Service of Scotland added that householders and people using mobile phones or dongles are just as vulnerable to attacks.
He said: “The results of the warbiking really highlight why you should have proper security on your WiFi in place.
“You wouldn’t leave your car door unlocked, so you shouldn’t leave your network open to criminals either.
“Putting in place secure passwords so that people cannot pick up a signal and download illegal images or commit online criminal acts is one of the best things people can do to prevent criminal activity and to protect personal information.”