Even after the world has witnessed major Wi-Fi security incidents, such as Google’s Wi-Fi snooping controversy, a recent survey has indicated that WEP based Wi-Fi networks are still operational in large numbers, even though, WEP, at present, is widely understood as an easily broken security protocol.
The survey was conducted by security vendor Sophos by taking a cycling tour of London on a bike fitted with necessary equipment, and it revealed that 19% of Wi-Fi networks were secured using the outdated WEP, and 8% of networks were unencrypted out of total number of 106,874 wireless networks detected across 91 miles of London.
As revealed from the survey, such a large-scale dependency on the WEP based networks is really a big threat for the associated users, because automated tools, such as aircrack-ng are easily and freely available on the web, to break the WEP key in matter of minutes. And, once the key is cracked, the security of the WEP user can be compromised in multiple ways, including the theft of passwords, snooping into personal communications, malware implantation, etc.
Noting the high number of WEP Wi-Fi networks, James Lyne, director of technology strategy at Sophos, hinted that widespread use of WEP could be partly down to the large number of legacy routers in the Capital. He further added, “There is clearly a legacy [hardware issue] that needs to be handled...but, as long as it is still working, people don’t bother changing it.”
Latching onto an old set of devices capable of handling WEP only security or old WEP configuration just because they still work reflects a careless attitude of users from a security perspective. This needs to be changed urgently, taking note of easily available sniffing and cracking tools, unless WEP users are not bothered by security breaches.
WPA/WPA2, which is an easy and more secure alternative to WEP, is available on almost all Wi-Fi routers for quite a long time now. It is also supported by the large percentage of WPA/WPA2 Wi-Fi networks (~33%) which is reported in the survey. Therefore, WEP users can easily switch to this alternative to continue using Wi-Fi services in a more secure way. Although recently, hackers have also find the way to crack easy and short passphrases on WPA/WPA2-PSK networks, a strong and relatively long passphrase is still uncrackable.
Regarding the 8% of open Wi-Fi networks, as reported in the Sophos survey, most of them should belong to public hotspots, such as coffee shops, as open configuration tends to be convenient for both the hotspot user and the hotspot provider. Open Wi-Fi networks do not provide any security to their users, and therefore they must use application-level security mechanisms, such as VPN services and https based browsing when connected to open Wi-Fi.
One important aspect of the survey was the use of bike to search of insecure Wi-Fi networks making the term ‘Warbiking’ more practical. I hope more observers more will follow the ‘Warbiking’ trend in near future, comparing it to the prevailing method of ‘Wardriving’.