Utilising Video Production to Highlight Cyber Security
With regards to cyber security people are apparently giving away much more information than they are aware of. All around us there are lots of people with mobile devices, constantly searching for wireless networks they’ve previously connected to. This means, if a cyber attacker wanted to, he could go and create those networks, forcing those devices to connect to them, at which point they may give away sensitive information. This is what internet security company Sophos wanted to highlight in their Sydney Warbiking web video. Sophos engaged Shakespeare Media as their video production company during the PR campaign in Sydney.
Lycra-clad security expert James Lyne took to the streets of Sydney with a computer-equipped bike to reveal the risks of using public WI-Fi. His scanner picked up information from mobile phones as they liberally connect to any hot-spot that says it offers free internet with no idea of whether they are being monitored, manipulated or otherwise. In the bustling Central Business District, teeming with people all going about their daily lives using their mobile devices, a shocking number of these were using algorithms that are simply out of date, or known to be broken.
The experiment showed an alarming number of people still using WEP and WPA, or no longer recommended algorithms that the attackers could potentially go after. That leaves your devices and your intellectual property potentially open to attack. Some networks are even using no encryption at all, so anyone using those is just shouting their information out to the world for anyone to see. Many people simply connect first and worry about it later!
Very few people are doing this kind of research, so it's great that Sophos has James out there, riding across other cities around the globe, helping people to understand exactly what cyber criminals are up to. James’ tests in Sydney and in other cities on the World of Warbiking tour has been conducted within the confines of the law, but cyber criminals don’t tend to share the same concerns.
Video Transcript:
We’re here in the beautiful city of Sydney, Australia, the latest stop on our 'World of Warbiking Tour'. We have all embraced wireless technology in our everyday lives, but many of us unfortunately aren’t practicing security best practice. We’ve got our especially equipped bike with wireless scanning technology and we’re going to set out across the city to find out how secure we all are.
In big cities like Sydney we’re constantly swimming in wireless noise. All around us access points of local businesses and mobile devices of people walking past in the street. But how many of us are actually practicing good security when we connect up to latest coffee shop to download our email? Right here we’re connecting to over 1900 networks, but even more interesting is all these commuters walking by with one or more smartphones. Now some of them may be using wireless right now but even those who aren’t are actually at risk. They’re all beaming out a list of wireless networks they’ve previously used, ten to fifteen names which an attacker could use to create a fake network snaring them into giving away information they shouldn’t.
Of the staggering number of networks we have detected here in Sydney, we’ve found a myriad of interesting wireless security issues. From the widespread use of WEP, an archaic security protocol that’s been broken for over ten years, allowing an attacker in less that sixty seconds to recover your password. To the very widespread use of open networks. Now these networks might be open by intention to enable people to connect trivially and browse the web, but unfortunately most people don’t realise that their information is transmitted in the clear for anyone with a forty dollar transmitter to pick up hundreds of meters away.
It’s not just wireless access point security that’s the problem. Most of us are quick to connect to any wireless network that professes to offer free internet access to check our email or dive onto the latest social networking site. Through our ride we’ve offered three of our own access points, free public Wi-Fi, free internet and “do not connect”, and thousands of people have connected to them to get online. Of course, we didn’t do anything bad to them, but it would have been trivial for us to insert malicious code or direct them to scam pages to steal their usernames and passwords. Many people would consider wireless security old news, which is fantastic that Sophos has me out here proving that this is still a real issue in our society. Of course this was conducted entirely within the confines of the law, but the cyber criminals wouldn’t have the same concerns and could find even more vulnerable systems from which to steal data. If you want more information on how to protect yourself at home check out www.sophos.com/tips and if you’re a small business you could also download our secure business checklist.
James Lyne ready for Warbiking. Photo: Sophos
Sophos' James Lyne in front of the Customs building in Sydney. Photo: Sophos
Wireless internet security expert James Lyne biking in Sydney. Photo: Sophos
To read more about the event feel free to check out these links:
http://www.arnnet.com.au/article/549076/_warbiking_reveals_sydney_wi-fi_security_risk_sophos/
http://www.cnet.com/videos/warbiking-shows-the-need-for-better-wireless-security/
https://www.sophos.com/security-news-trends/security-trends/bottom-line/project-warbike.aspx
This blog claims no credit for any images posted on this site unless otherwise noted. Images on this blog are copyright to its respectful owners. If there is an image appearing on this blog that belongs to you and do not wish for it appear on this site, please e-mail us with the link and it will be promptly removed.