Sophos' warbiking tour hits Sydney.
Warbiking is a method of riding around a city on a bicycle to search for wireless access points. It's a method similar to wardriving, in which you would drive around looking for wireless networks, but since you can't fit the same gear on a bike that you can in a car (namely, a laptop), you have to make some compromises.
Sophos recently used warbiking in Sydney to examine the state of affairs of the city's wireless networks. Are they secure? What type of security is in use? How many free networks are there? It used a regular bicycle fitted with some choice hardware in order to find out.
The cutting list included a Raspberry Pi to record the data, which was collected by an Alfa branded wireless network adapter, and plotted on Google Earth using a GPS device. There's a lot more to it than that, of course, including the need for connection interfaces (Bluetooth for input, for example), and power from external batteries, and all of this stuff was mounted to the bike in the most streamlined way possible.
Sophos' warbike was equipped with a Rasperry Pi computer.
A wireless adapter was strapped to the frame.
GPS hangs from the seat.
Riding the bike over two days was Sophos' global head of security research (and huge Firefly fan), James Lyne. His computer-equipped bicycle surveyed up to 34,476 wireless networks around Sydney's streets, recording the type of security used by each network, but not going any further to try and access those networks and determine password strength — it was all above board as far as the law is concerned.
James Lyne has done this warbiking tour in other cities as well, including Hanoi, Las Vegas, London, and San Francisco. Compared to those cities, Sydney's networks fared quite well, with over 44 per cent of them using the latest data encryption, WPA2. For comparison, London had only 17.26 per cent of surveyed networks using the latest standard, and San Francisco had 13.53 per cent. This could indicate that many Sydney homes and businesses are ahead of the curve when it comes to implementing new networking infrastructure.
Sophos put together this great flyover of the Sydney warbiking tour using Google Earth. The green circles indicate the locations of WPA2 security, while the red circles are the locations of the most vulnerable networks.
Open networks are a risk
The use of the easy-to-defeat WEP standard was low in Sydney at just under 4 per cent, but Lyne did find a very high number of networks without any encryption at all. Approximately 24 per cent of networks were reported to have no encryption, compared to just under 20 per cent for San Francisco and just over 23 per cent for London. Lyne warned that while many of these open networks are set up with Web page portals to allow users to log on to them, this offers a false sense of security as the data flowing over them is not encrypted.
Sign up for CIO Asia eNewsletters.