Naked Security: WiFi Networks In London Found To Be Insecure
6 Sep 2012
If you think you're safe using WiFi, think again.
Research conducted by British internet security company Sophos, and published by their "Naked Security" news information letters, has revealed a mass of unsafe WiFi networks in London.
27% of networks were discovered to be totally unsafe, with the remaining networks acceptable as long as passwords were not default or simple to guess at (mother's name, etc).
This is after at least a decade of WiFi being widespread, and the growing use of IPods and other mobile devices, not mentioning notepads and even cellphones with internet access.
The recent Olympics in London showed that over 35% of Olympic news was accessed by mobile devices.
While the research was conducted in London, there is no reason to suppose London is the only city with unsecure networks.
Many wireless networks in London are still using either outdated weak encryption or no encryption at all, according to research released today.
James Lyne changed out of the tweed jacket he normally wears when giving presentations for Sophos, and jumped on his bicycle for a 91 mile (147 km) cycle ride across central London.
With help from a GPS, two dynamos, and a computer pimped up with solar panels, thousands of unsecured wireless networks were discovered as you can see in the video below.
Here's a quick summary of the top findings of Project Warbike:
106,874 individual hotspots detected across more than 91 miles of central London
8 percent of the hotspots used no encryption and appear to be both home and business networks (this figure excludes a large number of coffee shops and other open hotspots which were identified by name of hotspot)
19 percent of the hotspots used WEP, an obsolete encryption technology that can be cracked by hackers in seconds. WEP is obsolete, and more secure options are available.
The remaining networks used WPA or WPA2 encryption, which represents acceptable security, providing they are not configured with default or easy to guess passwords
A wireless network that isn't properly protected runs the risk of being snooped upon - meaning your data is open for anyone to see. So think twice and always use a VPN (virtual private network) or SSL (secure sockets layer) if you have to use an insecure wireless network.
The warbiking experiment found the highest density of poorly-secured networks along streets which had a high number of small businesses. However, wireless security levels were pretty similar across all areas of London.
At the very least, wireless networks should be using WPA or WPA2 encryption. Even with those make sure that the network has a strong password, and don't use a predictable default name for your SSID.
del.icio.us