What is warbiking?

And what does it reveal about the state of Sydney's wireless networks?

Sophos' warbiking tour hits Sydney.
Sophos' warbiking tour hits Sydney.

Warbiking is a method of riding around a city on a bicycle to search for wireless access points. It’s a method similar to wardriving, in which you would drive around looking for wireless networks, but since you can’t fit the same gear on a bike that you can in a car (namely, a laptop), you have to make some compromises.

Sophos recently used warbiking in Sydney to examine the state of affairs of the city’s wireless networks. Are they secure? What type of security is in use? How many free networks are there? It used a regular bicycle fitted with some choice hardware in order to find out.

The cutting list included a Raspberry Pi to record the data, which was collected by an Alfa branded wireless network adapter, and plotted on Google Earth using a GPS device. There’s a lot more to it than that, of course, including the need for connection interfaces (Bluetooth for input, for example), and power from external batteries, and all of this stuff was mounted to the bike in the most streamlined way possible.

Sophos' warbike was equipped with a Rasperry Pi computer.
Sophos' warbike was equipped with a Rasperry Pi computer.

A wireless adapter was strapped to the frame.
A wireless adapter was strapped to the frame.

GPS hangs from the seat.
GPS hangs from the seat.

Riding the bike over two days was Sophos’ global head of security research (and huge Firefly fan), James Lyne. His computer-equipped bicycle surveyed up to 34,476 wireless networks around Sydney’s streets, recording the type of security used by each network, but not going any further to try and access those networks and determine password strength — it was all above board as far as the law is concerned.

James Lyne has done this warbiking tour in other cities as well, including Hanoi, Las Vegas, London, and San Francisco. Compared to those cities, Sydney’s networks fared quite well, with over 44 per cent of them using the latest data encryption, WPA2. For comparison, London had only 17.26 per cent of surveyed networks using the latest standard, and San Francisco had 13.53 per cent. This could indicate that many Sydney homes and businesses are ahead of the curve when it comes to implementing new networking infrastructure.

Sophos put together this great flyover of the Sydney warbiking tour using Google Earth. The green circles indicate the locations of WPA2 security, while the red circles are the locations of the open networks. Orange indicated WEP usage, and yellow is WPA.

Open networks are a risk

The use of the easy-to-defeat WEP standard was low in Sydney at just under 4 per cent, but Lyne did find a very high number of networks without any encryption at all. Approximately 24 per cent of networks were reported to have no encryption, compared to just under 20 per cent for San Francisco and just over 23 per cent for London. Lyne warned that while many of these open networks are set up with Web page portals to allow users to log on to them, this offers a false sense of security as the data flowing over them is not encrypted.

Regarding these open networks, Lyne said “users wrongly assume this means their information is encrypted and protected when in reality it is being beamed out in clear text for anyone to pick up”. The message here is that users should refrain from sending passwords and other crucial information over these open networks. Lyne’s research went further, creating an open network with a 4G modem and a captive portal page to see how many users would log on to it.

“Our experiment found a large number of people willing to connect to an open wireless network we created, without any idea of who owned it or whether it was trustworthy”, Lyne said in a statement.

“This willingness to connect to any wireless network that professes to offer free Wi-Fi, without ensuring you have some kind of security measures in place, is like shouting your personal or company information out of the nearest window and being surprised when someone abuses it. With a few extra command line arguments, it would have been trivial to attack nearly everyone in our Sydney hotspot study”.

Most worrisome was the behaviour of users on these open networks. Lyne found that many people were logging on to Facebook and Twitter, as well as Web-based mail, and even banking sites. Lyne stated that “only a tiny minority (1.20 percent) actually took responsibility for their own security by using a Virtual Private Network (VPN) or forcing secure web standards”.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Elias Plastiras

Elias Plastiras

PC World

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?