Many wireless networks in London are still using either outdated weak encryption or no encryption at all, according to research released today.
James Lyne changed out of the tweed jacket he normally wears when giving presentations for Sophos, and jumped on his bicycle for a 91 mile (147 km) cycle ride across central London.
With help from a GPS, two dynamos, and a computer pimped up with solar panels, thousands of unsecured wireless networks were discovered as you can see in the video below.
Here’s a quick summary of the top findings of Project Warbike:
- 106,874 individual hotspots detected across more than 91 miles of central London
- 8 percent of the hotspots used no encryption and appear to be both home and business networks (this figure excludes a large number of coffee shops and other open hotspots which were identified by name of hotspot)
- 19 percent of the hotspots used WEP, an obsolete encryption technology that can be cracked by hackers in seconds. WEP is obsolete, and more secure options are available.
- The remaining networks used WPA or WPA2 encryption, which represents acceptable security, providing they are not configured with default or easy to guess passwords
A wireless network that isn’t properly protected runs the risk of being snooped upon – meaning your data is open for anyone to see. So think twice and always use a VPN (virtual private network) or SSL (secure sockets layer) if you have to use an insecure wireless network.
The warbiking experiment found the highest density of poorly-secured networks along streets which had a high number of small businesses. However, wireless security levels were pretty similar across all areas of London.
At the very least, wireless networks should be using WPA or WPA2 encryption. Even with those make sure that the network has a strong password, and don’t use a predictable default name for your SSID.