Gadgetory

first and foremost tell us what war biking actually is so it sounds very dramatic war biking is essentially the evolution of war driving which comes from war dialing and it's basically cycling around a city picking up all the mobile devices all the wireless access points and building a map that shows the various levels of security of all those different devices now talk us through the kit you've when you're riding around so it's a fairly Heath Robinson setup I've got to admit which I enjoy thoroughly I've got a Raspberry Pi at the core of everything wonderful little you know fifty dollar computer designed for children to learn how to program and that's connected up to a series of wireless scanners for different types of wireless we then connect it up to a GPS so that we can identify you know where that particular network was located and some custom software that exports all of that into a wonderful high-tech rotating google maps image that makes security actually visual which is hard to do and when you're out there what's the data you're collecting so at a high level we're collecting the beacons and probes that's basically your phone's way of saying have you seen this network that I've connected to previously and your device typically will send out 10 to 15 of the networks that you've previously seen those in themselves can be fascinating as it may give away where you work a hotel you stayed at recently some cases some embarrassing information and and maybe personally identifiable we then have of course the network's beacons as well so any of the coffee shops in the area will be broadcasting out a network name and the security level as well and that's what we're collecting now you've been we've been out this morning having a bit of a ride round you've war biked around cities all over the world how does Sydney compared so Sydney's actually one of the better cities or as I prefer to put it one of the least terrible I mean a couple of statistics for you so about four percent of the networks in Sydney we're using wet WEP is a security protocol that has been known just horribly horribly broken for about more than 10 years actually so it really shouldn't be in widespread use we've still got thousands of networks here in in Sydney with that problem but compare that to London little over six percent San Francisco the hotspot of America awful pun at about nine point five percent so so actually you know sydney's doing quite well but still really need to make some changes so when people are using this sort of like poor security or non-secured not even just businesses but in their home what are they actually risking what can happen to people if other people can connect to the wireless internet I mean there's a whole myriad of different attacks that can occur let's take the most common scenario you go to a coffee shop you connect to the open network or maybe get the shared password that everyone's using you go through the little captive portal and register and thereafter you're on the Internet of course most people assume the coffee shop is securing their traffic but all of that information is being shouted out for anyone with a forty dollar transmitter to pick up several hundred meters away with readily available software that means they can see where you're browsing they can see maybe what you're shopping for they can see usernames and passwords potentially of services you log onto like social media or your email in extreme cases it could even be used to distribute malicious code that could go further to do things like turning on the webcam on your mobile device or pc we're talking serious invasion of privacy in the digital and the physical world so should people not be using public Wi-Fi well I'm a big user of public Wi-Fi I travel a lot and it's it's pretty important it's a good convenience that the best thing to do is really to assume that someone is watching so what I like to do is set up my devices with a VPN virtual private network I use an online account for my personal device and as a business we have a corporate VPN so it's something that both consumers and small businesses can do and that encrypts all of my information end-to-end kind of wrapping it in tunnel so that even if someone is sitting there listening to that open network all my information is protected in a bubble and they can't get access to it or tamper with anything I do so preparation really is the best strategy now you've done kind of the reverse as well you've written out with publicly available hotspots to see here connects what data can you get from that the other way around yeah this is actually I think one of the most terrifying parts of the study because it reveals human behaviors so this hotspot that we set up had three names free public Wi-Fi free internet and do not connect wonderful name now we did see in Sydney just just under a thousand people connecting to those those hot spots that we created where we then provide a connection to the internet with a small warning we didn't with our hotspot do anything nasty we didn't certainly malware we didn't hijack any pages but with the tools we were using it would have been trivial to do so so when someone asks for you no internet bank X or X Y Z and webmail provider we redirect them to a fake page where we can collect their username and password easy to do in our case we just collected high-level information about the sites that people were using what was most common and the security mistakes that were being made and I can tell you it's a fairly depressing picture what could've thought so I think for me that the most damning statistic was the fact that only one point two percent of users were using a VPN so the majority of users were just connecting to Wi-Fi in a very trustworthy fashion and going about browsing very unimportant websites like internet banking for example I mean what could possibly go wrong as a security comedian and general cynic there was one small beacon of hope in the little over sixty percent of the websites that people are visiting we're using HTTPS or encrypted HTTP which is actually a big step forward over years previous so not completely horrifying but again we need to think about how we behave on these public hot spots when we connect with our mobile devices