Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sydney Has 10,000 Unsecured Wi-Fi Points

Posted by samzenpus on from the throw-a-dart dept.

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."

22 of 176 comments (clear)

  1. How many of those were buinesses..... by robthebloke · · Score: 4, Insightful

    .. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

    1. Re:How many of those were buinesses..... by Cimexus · · Score: 4, Insightful

      That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

      However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

      10,000 points in a city the size of Sydney is hardly that amazing though...

    2. Re:How many of those were buinesses..... by bemymonkey · · Score: 3, Informative

      I wish that were the case here in Germany as well. Unfortunately the laws around here say you're responsible for your own unsecured WiFi - if the neighbors download illegal stuff, you're to blame for not securing it.

      Hence, nearly everything around here is encrypted... even cafes and other places of business are switching to ticketed systems that allow them to track, pinpoint and restrict user activity. This isn't a problem for most patrons per se, but the prohibitive cost and added complication of such systems (compared to a few WiFi access points) is making a lot of places drop WiFi altogether of start charging for it.

      Very unfortunate :(

    3. Re:How many of those were buinesses..... by L4t3r4lu5 · · Score: 3, Informative

      There's a service called FON which has caught on with BT; Subscribe with FON, run a second open wireless network and share your broadband connection, authenticate to a FON account over VPN and share wireless all over the world where there is a FON wireless network.

      More common in residential areas where there are no companies to be tied in with other subscribers.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    4. Re:How many of those were buinesses..... by SimonInOz · · Score: 2

      Well, one of them might be mine. I run unencrypted WiFi - but try and actually connect, and you'll find I have a list of MAC addresses I accept, so you won't get a connection. And yes, I'm in Sydney.

      --
      "Cats like plain crisps"
    5. Re:How many of those were buinesses..... by Zouden · · Score: 3

      Your computers will be broadcasting their MAC addresses in all the packets they send, so it takes just one captured packet to obtain a valid MAC address that can be used to connect to your network. That's actually less secure than WEP, which requires thousands of packets to obtain a valid key. Not to mention more effort, since if someone legitimately wants to connect, you have to whitelist their MAC address.

      You'd be better off using WPA - more secure, more convenient.

      --
      "A week in the lab saves an hour in the library"
    6. Re:How many of those were buinesses..... by Bert64 · · Score: 2

      What about the traffic going over the network? That's now open to interception by anyone within range...
      Also its not hard to spoof a MAC address.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    7. Re:How many of those were buinesses..... by tagno25 · · Score: 3, Informative

      I just checked my FON router, and the entire captive portal is via https.

  2. Hell we have a few thousand on campus by Sycraft-fu · · Score: 4, Insightful

    We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

    It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

  3. Some might be intentional by the_other_chewey · · Score: 4, Interesting

    Some of those might be intentional: I run an unencrypted wifi AP which is
    bandwidth limited and routed through Tor as a public service. It is used regularly.

    Also not covered will be those with open APs but additional authentification/encryption
    layers, e.g. using a VPN.

    Around here (not Australia, admittedly), open wifi is nearly non-existent (and all open
    ones I've encountered over the last two years or so seem to fall into the categories above) -
    WEP "secured" APs are another story however, there is still a worrying number of those around.
    And I'm certain most WEP users are entirely unaware of their de-facto openness.

    1. Re:Some might be intentional by chewedtoothpick · · Score: 4, Interesting

      What is sad is that most of those WEP AP's were done (some likely recently) by supposedly knowledgeable people, such as WorstBuy's IdiotSquad.

      As a consultant it's infuriating how often I will come across new clients (even many companies) whose WiFi networks were secured by those morons out of incompetence. I have even seen them install small business servers with direct-to-internet connections and not even a NAT firewall, because "You can't have a VPN server behind a firewall" which we all know is bullsh**.

      --
      Erutangis ym si siht.
    2. Re:Some might be intentional by the_raptor · · Score: 3, Interesting

      It doesn't matter if they are intentional. From local coverage about the "issue" here in Australia I think certain groups are trying to push the idea that having unsecured Wi-Fi is criminal negligence at best.

      The articles are amusing in that they make it seem like unsecured Wi-Fi is mostly used for illegal activities and then say that having unsecured Wi-Fi could land you in trouble for what guests do through your link. If the first is true then it can used as a defence in the second instance. Especially as more and more judges are realising that having IP logs doesn't prove much and dismissing such cases.

      The recent surge in stories about this "issue" is imo a reaction to such developments.

      --

      ========
      CINC, 4th Penguin Legion
  4. On the other hand.. by cc1984_ · · Score: 2

    Maybe they all 10,000 residents read Bruce Schneier's blog:

    http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

    Also, I know TFA mentions "Residential Locations", but I wonder if there were any coffee shops dotted around which offer free wifi. Maybe none, but a short sentence in the article would help me sleep at night :)

    1. Re:On the other hand.. by Alex+Belits · · Score: 2

      Hey look, hairyfeet is spreading lies and paranoia.

      --
      Contrary to the popular belief, there indeed is no God.
  5. Monthly data quotas by quantumphaze · · Score: 2

    As an Australian I am quite surprised that the number is so high. Here it has been the norm for ISPs to tiered monthly data plans where you pay for how much you use. From cheap plans for $20/mo for a few GB aimed at old people who only forward on chain emails from 1997 right to 1TB plans for torrenting all that public domain and Creative Commons content. Once it's used up your connection is throttled to an unusable 64kb/s for the remainder of the month (though some ISPs sell data recharge things).

    Unlike Americas "unlimited" one-size-fits-all these users are losing what they paid for. Why would people be so stupid as to let their neighbours use up their 25GB on their shitty Telstra plan? Is setting up WPA2 really that difficult? Can these people read an instruction manual?

    I also find it depressing that WPS even exists.

    --
    Unicode in Slashdot
  6. This is very sad by __aailob1448 · · Score: 2

    There was a time when most WiFi hotspots were password-free and we could connect to the internet for free in most urban areas when we were travelling, with latencies and speeds that put 3G to shame.

    Now, those times are gone forever. No more free internet for the casual user. No more sharing and love.

    People like to talk about security but it's bullshit. We are not the winners in this ordeal. ISPs are. The security issues have an easy technical solution: The same one used by french ISPs to let its customers connect to other customer's WiFi.

    They have a password-free Hotspot that sends you to web login and a separated, bandwidth-shaped VLAN for guests so they can't access network shares or do anything else.

    R.I.P free WiFi. You will be missed.

  7. I leave my WiFi unsecured because I'm a nice guy by jampola · · Score: 2

    I had a spare AP, so I decided to leave it open for the public to make use of my internet during the day. The AP is on a manual time switch (you know, the one that plugs into the wall) so it switches the AP on at 8am, switches off at 5. Real technical stuff I know but seriously, what's the deal with all the press surrounding unsecured wifi nextworks? Is it still 2005? Even if people have encryption or mac address filtering, it's not going to make the world of difference? If someone wants something other than internet, I'm pretty sure 9/10 of those people know how to crack a wifi password or spoof an mac address. I think the important question is, how many people leave the default router password as the same? or how many un-patched windows/mac pc's are sitting behind that router?

  8. So what? by magloca · · Score: 2

    I'm all for security and strong passwords and all that, but so far, no one has been able to give me a good enough reason for me to bother with "securing" my wireless network.

    People can sniff your passwords! -- I don't send them in the clear; I use SSH and SSL for everything.

    You'll get viruses! -- I don't trust my network; I treat it as part of the public Internet and use sensible firewall settings.

    People will use your bandwidth! -- I don't care. My bandwidth isn't capped.

    People will use your connection for child porn and you'll be sent to Gitmo! -- This is the only argument I've heard that has at least some semblance of relevance. It's still pretty weak, though. If it were true, cafes, hotels and similar establishments would find themselves in hot water all the time and I have never heard of such a case.

    What else is there?

  9. Re:No password =/= unsecured by Chrisq · · Score: 2

    Sure, I guess a psychic could divine a working MAC address.

    Or a non-psychic could simply look for one that is currently used and being accepted. Ideally you would monitor for a while and find one that is switched off, but it seems to work (with a high error rate) if you spoof an existing MAC address even when its active.

  10. My Wireless Is Open, feel free to (ab)use it. by xiando · · Score: 2

    I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard. 5) Postcard is now sent through the postal service. Now, the postcard transport to the post office IS secure, it's in a safe, nobody can read it, it's all good and super secure. The security breaks somewhat when the postcard is delivered to the post office, just like your "secure" wireless data connection is somewhat broken when it reaches the Internet, but.. people seem to like this kind of security. If you really want security then you need end-to-end encryption like SSL and https. My view is that thinking wireless "security" gives you much real security is just dump. It does prevent people from using your wireless, and that's about it. I don't mind, fetching a web page used close to zero percent of my bandwidth anyway.

    --
    9/11: Never forget it was a false-flag operation
  11. Re:No password =/= unsecured by Lumpy · · Score: 4, Interesting

    I do it easier.. I have a spare 54GL sitting at the peak of my attic without any internet on it broadcasting about 60 AP's that say... Linksys, netgear, dlink, etc all open and unsecured. The cool part is the AP sits on a metal plate SHIELDING it's signal from my home. you cant see the AP's it's broadcasting from inside the house. (Knowing how RF works is a good thing)

    It had two effects.

    1 - it chased all the neighbors away from the channel I have them all broadcasting on.
    2 - it forced all the neighbors to actually configure their routers to not have the name "linksys, dlink, netgear....." and they added encryption as they all show locks now.

    Works great, and I am sure I give the wardriving kiddies as well as leaches fits when they try to connect to them. the one real AP up there called "FreeWifi" is my throttled and filtered free wifi AP I provide. works great and last time I checked it was getting used at least 5 times a week. It times out and drops you to a capture page every 50 minutes to annoy the cheap neighbors trying to leach. And no it does not mess up my WiFi as I use the channel it's on. it's the quietest channel for 4 blocks around because of my broadcaster.

    --
    Do not look at laser with remaining good eye.
  12. Really? That many? by jidar · · Score: 2

    So what you're telling me is, over 97% of users secure their wifi networks?
    Honestly I never would have thought we could get the percentage that high. That's good news.

    --
    Sigs are awesome huh?