The creativity of hackers never ceases to amaze me.

Brand Barney, Security Analyst, SecurityMetrics
By: Brand Barney
Hackers on bikes. Sounds ridiculous, right? Well, it’s a serious business security issue. It’s called warbiking. Hackers bike around the city with their laptops in a discreet backpack (or strapped in a bike trailer) and search for unprotected wireless networks. 

 With just $30 worth of software and GPS equipment, they can pick up any signal from wireless networks in homes and businesses nearby. If the wireless network is insecure (using no encryption, or WEP encryption), the hacker saves the location and status for a later date.

As weird as warbiking sounds, insecure wireless networks remain a serious business security concern. 

Why use a bike to hack someone?

On a bike (warbiking), or in a car (wardriving), hackers can gather much more information than if they were sitting at home or walking around town. For a hacker looking for information to steal, it’s a cheap way to find easily compromised systems. 

 In Seattle back in 2011, a trio of burglars hacked businesses via a Mercedes enabled with, you guessed it, wardriving capabilities. They succeeded in stealing credit card and payroll information from 13 Seattle businesses with insecure Wi-Fi networks. (For a more technological look into wardriving, check out this video from EC-Council.)

Warbiking studies find Wi-Fi has serious security issues

Sophos, a network security company, conducted a warbiking experiment in London and San Francisco to find just how many home and business wireless networks are vulnerable. What they found was pretty disturbing. 28.8% of networks were ripe for hacking with no encryption or only WEP (Wired Equivalent Privacy) enabled. 

 We conducted our own study in Salt Lake City, but instead of biking, I walked (warwalking?). Watch the video to see what we found!

Stop trusting free Wi-Fi!

Business customers who willingly connect to free wireless networks at restaurants, public libraries, and grocery stores, puts their own data at risk. If a hacker wanted to, he could sit in the corner of a free Wi-Fi McDonalds and hack every customer connected to the free Wi-Fi through their phones.

People might say they don’t care if they get hacked on public Wi-Fi because nothing on their phone is worth stealing. Woah, what? Do you login to your bank through a banking app? Do you buy items on your phone with a credit card? Do you login to Facebook on your phone’s browser? If your phone gets hacked, your bank password, credit card number, and where you live is free game. 

Here’s how to stop warbikers from cycling away with your data. 

When setting up a wireless network:
  • DON’T use WEP. It’s outdated and super insecure
  • DO use WPA2 encryption. It’s the most secure Wi-Fi encryption to date
When connecting to a wireless network via your phone or computer:
  • DO make sure it is encrypted with WPA or WPA2
  • DON’T use free public Wi-Fi, unless you’re OK risking your details

 Have a business security question? Tweet me and you may see your question answered on the next SecurityQ.

 Brand Barney (CISSP, HCISPP, QSA) is a Security Analyst at SecurityMetrics, has over 10 years of data security experience, and will totally geek out if you mention Doctor Who. Brand loves to play jazz piano and daydreams about being as great as Dave Brubeck or Thelonious Monk. Connect with him on Twitter or check out his other blog posts.
Monday, June 23, 2014