'Warbiking' shows the need for better wireless security
'Warbiking' shows the need for better wireless security
6:55

'Warbiking' shows the need for better wireless security

Culture
[MUSIC] First and foremost, tell us what war biking actually is. So, it's sounds very dramatic. Warbiking is essentially the evolution of war driving, which comes from war dialing. And it's basically cycling around a city picking up all the mobile devices, all the wireless access points, and building a map that shows the various levels of security of all those different devices. Now, talk us through the kit you use when you're riding around. So it's a fairly Heath Robinson setup, I've got to admit. Which I enjoyed thoroughly. I've got a Raspberry Pie at the core of everything. Wonderful little you know $50 computer designed for children to learn how to program. And that's connected up to a series of wireless scanners for different types of wireless. We then connect it up to a GPS so that we can identify, you know, where that particular network was located. And some custom software that exports all of that into a wonderful hi-tech rotating Google Maps image that makes security actually visual, which is hard to do. And when you're out there, what's the data you're collecting? So, at a high level, we're collecting the beacons and probes. That, that's basically your phone's way of saying, have you seen this network that I've connected to previously? And your device, typically, will send out 10 to 15 of the networks that you've previously seen. Those in themselves can be fascinating as it may give away where you work, a hotel you stayed at recently, in some cases some embarrassing information, and, and maybe personally identifiable. We then have, of course, the networks beacons as well. So, any of the coffee shops in the area will be broadcasting out a network name and the security level, as well. And that's what we're collecting. Now, you've been, we've been out this morning having a bit of a ride around. You've warbiked around cities all over the world. How does Sydney compare? So, Sydney's actually one of the better cities. Or as I prefer to put it, one of the least terrible. they, I mean a, a couple of statistics for you. So about 4% of the networks in Sydney were using WEP. WEP is a security protocol that has been known, just horribly, horribly broken for about more than ten years actually. So it really shouldn't be in widespread use. We still have thousands of networks here in in, in Sydney with that problem. But compare that to London, a little over 6%. San Francisco, the hot spot of America, awful pun, at about 9.5%. So, so actually, you know, Sydney's doing quite well, but still really need to make some changes. So when people are using this sort of, like, poor security or non-secured, not only just businesses but in their home, what are they actually risking? What can happen to people if other people can connect to the, the wireless internet? The, I mean, there's a whole myriad of, of different attacks that can occur. Let's take the most common scenario. You go to a coffee shop, you connect to the open network, or maybe get the shared password that everyone's using. You go through the little captive portal and register, and thereafter you're on the internet. Of course, most people assume the coffee shop is securing their traffic, but all of that information is being shouted out for anyone with a $40 transmitter to pick up several hundred meters away, with readily available software. That means they can see where you're browsing. They can see maybe what you're shopping for. They can see user names and passwords, potentially. Of, the services you log on to like social media or your email. In extreme cases, it could even be used to distribute malicious code that could go further to do things like, turning on the web cam on your mobile device or PC. We're talking serious invasion of privacy in the digital and the physical world. So should people not be using public Wi-Fi? Well, I'm a big user of public Wi-Fi. I travel a lot. And it's, it's pretty important. It's a good convenience. The best thing to do is really to assume that someone is watching. So what I like to do is set up my devices with a VPN, virtual private network. I use an online account for my personal device. And as a business, we have a corporate VPN. So it's something that both consumers and small businesses can do. And that encrypts all of my information end to end, kind of wrapping it in a tunnel. So that even if someone is sitting there listening to that open network, all my information is protected in a bubble and they can't get access to it or tamper with anything I do. So, preparation really is the best strategy. Now, you've done kind of the reverse, as well. You've ridden out with publicly available hotspots to see who'd connect. [LAUGH] What data can you get from that the other way around? Yeah, this is actually I think one of the most terrifying parts of the study, because it reveals human behaviors. So this hot spot that we set up had three names- Free Public WiFi, Free Internet, and Do Not Connect. Wonderful name. Now we did see in, in Sydney, just under a thousand people connecting to those, those hotspots that we created where we then provide a connection to the internet with a small warning. We didn't, with our hotspot do anything nasty. We didn't insert any malware, we didn't hijack any pages, but with the tools we were using it would have been trivial to do so. So when someone asks for, you know, Internet Bank X or XYZ webmail provider, we redirect them to a fake page where we can collect their username and password. Easy to do. In our case, we just collected high-level information about the sites that people were using. What was most common? And the security mistakes that were being made. And I can tell you it's a fairly depressing picture. What sort of stuff? So I think for me the, the most damning statistic was the fact that only 1.2% of users were using a VPN. So the majority of users were just connecting to WiFi in a very trustworthy fashion and going about browsing, very unimportant websites like, internet banking for example. I mean, what could possibly go wrong? As a security curmudgeon and general cynic, there was one small beacon of hope. In a little over 60%, of the websites that people are visiting, were using HTTPS or encrypted HTTP which is actually a, a big step forward over years previous. So not completely horrifying. But again, we really need to think about how we behave on these public hotspots when we connect with our mobile devices. [MUSIC}

Up Next

Apple's Mysterious New Music App
230201-yt-apple-new-music-app-v05

Up Next

Apple's Mysterious New Music App

Boston Dynamics' Stretch Robot Is DHL's Newest Helper
dhl-image-without-bug

Boston Dynamics' Stretch Robot Is DHL's Newest Helper

Apple HomePod 2 Gives Great Sound, but Is It Too Expensive?
homepod-review-00-04-41-23-still113

Apple HomePod 2 Gives Great Sound, but Is It Too Expensive?

How Apple Gets Us to Care About VR
cnetstillvr

How Apple Gets Us to Care About VR

DOJ Stops Hive Ransomware Network
hive-cms-image

DOJ Stops Hive Ransomware Network

New Apple HomePod and MacBooks: What We Did (and Didn't) Get
homepodblue

New Apple HomePod and MacBooks: What We Did (and Didn't) Get

Why Streaming Is Getting More Expensive
streaming-services-seq-00-09-03-22-still001

Why Streaming Is Getting More Expensive

NASA, Boeing Reveal a New, More Sustainable Jet
nasa-image

NASA, Boeing Reveal a New, More Sustainable Jet

Corvette E-Ray Hybrid Revealed
chevy-corvette-image

Corvette E-Ray Hybrid Revealed

Tech Shows

The Apple Core
apple-core-w

The Apple Core

Alphabet City
alphabet-city-w

Alphabet City

CNET Top 5
cnet-top-5-w

CNET Top 5

The Daily Charge
dc-site-1color-logo.png

The Daily Charge

What the Future
what-the-future-w

What the Future

Tech Today
tech-today-w

Tech Today

Latest News All latest news

One Day With Samsung's New Galaxy S23 Ultra
24-hours-with-the-s23-ultra-3

One Day With Samsung's New Galaxy S23 Ultra

Apple's Mysterious New Music App
230201-yt-apple-new-music-app-v05

Apple's Mysterious New Music App

'Prehistoric Planet': The Visual Effects Behind the Apple TV Plus Show
prehistoricplanet

'Prehistoric Planet': The Visual Effects Behind the Apple TV Plus Show

Boston Dynamics' Stretch Robot Is DHL's Newest Helper
dhl-image-without-bug

Boston Dynamics' Stretch Robot Is DHL's Newest Helper

Samsung Galaxy S23 Ultra, S22 Ultra, iPhone 14 Pro Max: How Do They Compare?
yt-samsung-s22-s23-iphone14-pro-max

Samsung Galaxy S23 Ultra, S22 Ultra, iPhone 14 Pro Max: How Do They Compare?

Samsung Galaxy S23 Event: Everything Revealed
1203860653352361-tosb2t0zztw5ftnk6qic-height640.png

Samsung Galaxy S23 Event: Everything Revealed

Most Popular All most popular

Easy Ways to Lower Your Utility Bills and Save Money
yt-reduce-your-utility-bills-v3

Easy Ways to Lower Your Utility Bills and Save Money

How See-Through Solar Panels Could Bring Renewable Energy to Your Windows
trans-solar-panels-seq-00-06-11-19-still001

How See-Through Solar Panels Could Bring Renewable Energy to Your Windows

How to Delete or Disable Your Instagram Account
phoneonorange

How to Delete or Disable Your Instagram Account

We Tried These 48-Megapixel AR Glasses From DigiLens With Our Voice
digilens-7-005-mov-17-50-56-10-still002

We Tried These 48-Megapixel AR Glasses From DigiLens With Our Voice

Moto Edge 2022: First Look at Motorola's $498 Phone
motoedge-fl-00-02-03-08-still003

Moto Edge 2022: First Look at Motorola's $498 Phone

Big tech explains how it will fight foreign government hacks in US elections
senate-ceos-facebook-russian-interference-00-07-11-09-still083

Big tech explains how it will fight foreign government hacks in US elections

Latest Products All latest products

Samsung's Galaxy S23 Lineup Is Here With Big Camera Upgrades
cnets23

Samsung's Galaxy S23 Lineup Is Here With Big Camera Upgrades

Testing Apple's New M2 MacBook Pro and Mac Mini
macbook-pro-and-mac-mini

Testing Apple's New M2 MacBook Pro and Mac Mini

Hands On: Google Android Auto in Volvo's New EX90
google-booth-seq-00-08-05-25-still002

Hands On: Google Android Auto in Volvo's New EX90

Hands On: Acer's 3D Stereoscopic Screen
c0270-mp4-02-36-54-21-still001

Hands On: Acer's 3D Stereoscopic Screen

'Hey Disney' Comes to Amazon Echo Devices
ces-disneyalexa-00-01-11-14-still001

'Hey Disney' Comes to Amazon Echo Devices

Hearing Dolby Atmos in a Car Blew Me Away
ces-dolby-00-00-55-13-still001

Hearing Dolby Atmos in a Car Blew Me Away

Latest How To All how to videos

Connect a Meta Quest 2 VR Headset to a PC
pc-vr-5

Connect a Meta Quest 2 VR Headset to a PC

Cast Your Meta Quest Headset to a TV, Phone or Browser
cast-2

Cast Your Meta Quest Headset to a TV, Phone or Browser

MacOS Ventura Continuity Camera Turns Your iPhone Into a Webcam
1203246975312353-pnmdl8bwygpxcjffhlcf-height640.png

MacOS Ventura Continuity Camera Turns Your iPhone Into a Webcam

How to Clean Your Keyboard's Sticky Keys
3keyboards

How to Clean Your Keyboard's Sticky Keys

How to Play Games from PlayStation Plus on PC
psstill

How to Play Games from PlayStation Plus on PC

How to Delete or Disable Your Instagram Account
phoneonorange

How to Delete or Disable Your Instagram Account