Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sydney Has 10,000 Unsecured Wi-Fi Points

Posted by samzenpus on from the throw-a-dart dept.

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."

11 of 176 comments (clear)

  1. How many of those were buinesses..... by robthebloke · · Score: 4, Insightful

    .. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

    1. Re:How many of those were buinesses..... by Cimexus · · Score: 4, Insightful

      That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

      However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

      10,000 points in a city the size of Sydney is hardly that amazing though...

    2. Re:How many of those were buinesses..... by bemymonkey · · Score: 3, Informative

      I wish that were the case here in Germany as well. Unfortunately the laws around here say you're responsible for your own unsecured WiFi - if the neighbors download illegal stuff, you're to blame for not securing it.

      Hence, nearly everything around here is encrypted... even cafes and other places of business are switching to ticketed systems that allow them to track, pinpoint and restrict user activity. This isn't a problem for most patrons per se, but the prohibitive cost and added complication of such systems (compared to a few WiFi access points) is making a lot of places drop WiFi altogether of start charging for it.

      Very unfortunate :(

    3. Re:How many of those were buinesses..... by L4t3r4lu5 · · Score: 3, Informative

      There's a service called FON which has caught on with BT; Subscribe with FON, run a second open wireless network and share your broadband connection, authenticate to a FON account over VPN and share wireless all over the world where there is a FON wireless network.

      More common in residential areas where there are no companies to be tied in with other subscribers.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    4. Re:How many of those were buinesses..... by Zouden · · Score: 3

      Your computers will be broadcasting their MAC addresses in all the packets they send, so it takes just one captured packet to obtain a valid MAC address that can be used to connect to your network. That's actually less secure than WEP, which requires thousands of packets to obtain a valid key. Not to mention more effort, since if someone legitimately wants to connect, you have to whitelist their MAC address.

      You'd be better off using WPA - more secure, more convenient.

      --
      "A week in the lab saves an hour in the library"
    5. Re:How many of those were buinesses..... by tagno25 · · Score: 3, Informative

      I just checked my FON router, and the entire captive portal is via https.

  2. Hell we have a few thousand on campus by Sycraft-fu · · Score: 4, Insightful

    We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

    It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

  3. Some might be intentional by the_other_chewey · · Score: 4, Interesting

    Some of those might be intentional: I run an unencrypted wifi AP which is
    bandwidth limited and routed through Tor as a public service. It is used regularly.

    Also not covered will be those with open APs but additional authentification/encryption
    layers, e.g. using a VPN.

    Around here (not Australia, admittedly), open wifi is nearly non-existent (and all open
    ones I've encountered over the last two years or so seem to fall into the categories above) -
    WEP "secured" APs are another story however, there is still a worrying number of those around.
    And I'm certain most WEP users are entirely unaware of their de-facto openness.

    1. Re:Some might be intentional by chewedtoothpick · · Score: 4, Interesting

      What is sad is that most of those WEP AP's were done (some likely recently) by supposedly knowledgeable people, such as WorstBuy's IdiotSquad.

      As a consultant it's infuriating how often I will come across new clients (even many companies) whose WiFi networks were secured by those morons out of incompetence. I have even seen them install small business servers with direct-to-internet connections and not even a NAT firewall, because "You can't have a VPN server behind a firewall" which we all know is bullsh**.

      --
      Erutangis ym si siht.
    2. Re:Some might be intentional by the_raptor · · Score: 3, Interesting

      It doesn't matter if they are intentional. From local coverage about the "issue" here in Australia I think certain groups are trying to push the idea that having unsecured Wi-Fi is criminal negligence at best.

      The articles are amusing in that they make it seem like unsecured Wi-Fi is mostly used for illegal activities and then say that having unsecured Wi-Fi could land you in trouble for what guests do through your link. If the first is true then it can used as a defence in the second instance. Especially as more and more judges are realising that having IP logs doesn't prove much and dismissing such cases.

      The recent surge in stories about this "issue" is imo a reaction to such developments.

      --

      ========
      CINC, 4th Penguin Legion
  4. Re:No password =/= unsecured by Lumpy · · Score: 4, Interesting

    I do it easier.. I have a spare 54GL sitting at the peak of my attic without any internet on it broadcasting about 60 AP's that say... Linksys, netgear, dlink, etc all open and unsecured. The cool part is the AP sits on a metal plate SHIELDING it's signal from my home. you cant see the AP's it's broadcasting from inside the house. (Knowing how RF works is a good thing)

    It had two effects.

    1 - it chased all the neighbors away from the channel I have them all broadcasting on.
    2 - it forced all the neighbors to actually configure their routers to not have the name "linksys, dlink, netgear....." and they added encryption as they all show locks now.

    Works great, and I am sure I give the wardriving kiddies as well as leaches fits when they try to connect to them. the one real AP up there called "FreeWifi" is my throttled and filtered free wifi AP I provide. works great and last time I checked it was getting used at least 5 times a week. It times out and drops you to a capture page every 50 minutes to annoy the cheap neighbors trying to leach. And no it does not mess up my WiFi as I use the channel it's on. it's the quietest channel for 4 blocks around because of my broadcaster.

    --
    Do not look at laser with remaining good eye.