Sydney wallows in cesspit of WiFi obsolescence and ignorance Sophos has brought its Raspberry-Pi-powered World of Warbiking WiFi-sniffing peloton to Sydney and found, as it does everywhere around the world, that some people just can't be bothered with WiFi security. The Word of Warbiking sees Sophos' head of security research James Lynbe strap a Pi and various WiFi cards to his bicycle …
How did they control for free WiFi, such as is offered throughout the city at cafes, pubs, fast food outlets, museums and libraries*, shopping centres and in businesses - as an isolated system for guest access?
* - The Australian Museum, Museum of Sydney and MCA all had public WiFi when I was last there, as does the State Library, Customs House Library and likely all the other city Libraries.
Quite. Id like to know more details.
Im also interested in how they're doing the warbiking.
The USB power on on a rasbpi is quite low and as such wifi has a tendency to be weak / less reliable. I have a pi with 2 alfas attached to it. Its pretty good but my laptop picks up a lot of stuff the pi doesnt.
Indeed. Finding a USB hub that doesnt backpower the Pi is and can itself be powered from a portable source is tricky. I have one that I had to hack together a cable for that jacks into a solar panel, but its not perfect.
I have a solution that I cram into a peli case, its always cool to see how others solved the various problems though.
The local Cable monopoly (Rogers) have routers* that provide two SSIDs, One secured, and a guest SSID that appears to be wide open but requires you to open an HTTPS: webpage and enter a password (so all your non SSL traffic is not encrypted).
*That only need to be rebooted a few times a week.
4.2km, we can safely assume that means 1/4 (roughly 1km) was across the bridge and its on/off ramps in areas that wouldn't have much if any WiFi coverage. That leaves 3km roughly, half of which would have been in the CBD where half the WiFi networks you come across are business operated ones not encrypted but require login, registration and/or payment to get beyond the gateway.
Kinda skewers the results a lot there and gives a false high to the 23.85% unsecured number, doesn't it? I wouldn't dare say this is an adequate test of "sydney" or "sydneysiders" due to the small and heavily weighted to business-only areas sample locations chosen. Quite a poor test indeed
This got me reading Wikipedia's article about WEP weaknesses. I remember when it was first broken, and there was a linux boot image available that would capture packets and brute force WEP .. but I didn't realize that more and more problems were found till the point WEP was pretty much seen as vulnerable to anyone with the will and some skill, and a free 15 mins!
BRB gotta check my router..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
