As a dedicated cyclist, not to mention a security guy, I’ve undertaken a World of Warbiking project at Sophos. It involves traveling around the globe, riding the streets of major cities with my computer-equipped mountain bike, and looking for wireless connections along the way to sneak a peek at the companies and regular people who are using them. (Don’t worry, it’s all perfectly legal.)
The World of Warbiking is an ambitious project to find out how our hunger to be online at all times is leaving millions of people and companies and their sensitive data exposed to hackers and spies. Our experiment kicked off this week in San Francisco, where we found a disturbingly large number of people willing to connect to an open wireless network we created, without any idea of who owned it or whether it was trustworthy.
Incredibly, conventional wireless network security is still a major issue, although the security industry thought it had figured out the problem years ago. A massive quantity of businesses and home users employ insecure, poorly implemented or even defunct wireless protocols. Just as disturbing is many people’s total disregard for basic security.
San Francisco warbiking: What we found
When we set up an insecure Wi-Fi network in San Francisco, 1,512 users happily connected to our open wireless network without any idea whether we were honest or out to do them harm. If you connect to a network, the owner of that network could insert code on your computer or redirect you to a malicious website.
Of the 1,512 users that connected to our wireless network, an alarmingly large number of users did not have the latest software. It’s essential that you keep your operating system and web browser patched with the latest security updates at all times (that goes for you too, Mac users). With a few extra command line arguments, it would have been trivial to attack nearly everyone in the study.
Compounding the issue is the growing number of devices that are permanently identifying themselves via procedures such as Bluetooth; this kind of behavior is increasingly putting everyone’s valuable data out in the open and at risk. It’s like shouting your personal or company information out of the nearest window and being surprised when someone abuses it.
Even though many people get security wrong, that doesn’t mean it has to be difficult. There are lots of easy ways to improve your security. I urge you to read these 10 tips to learn more: sophos.com/tips.
I will be continuing this warbiking project in more cities in more countries around the world, carrying the message of better security with me. Definitely check out the cool video below, which we made of my warbiking tour of San Francisco for our presentation at RSA Conference 2014 this week.
How will other cities around the world compare? Find out when the World of Warbiking presented by Sophos comes to a city near you.
James Lyne is Global Head of Security Research at Sophos. You can follow him on Twitter: @JamesLyne