02 Jun SAS2010: Wardriving in Limassol, Cyprus Dmitry Bestuzhev
23 Jul War walking in Dubrovnik Dmitry Bestuzhev
04 Dec Wardriving in Copenhagen, Denmark Magnus
17 Nov AVAR, China and insecure Wi-Fi networks Aleks
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Last year when we were in Dubrovnik, Croatia, I made a WiFi study. The statistics I obtained showed quite a dangerous situation regarding security in the local WiFi networks. In many cases the network traffic wasn’t encrypted at all and susceptible to a data leak.
One year later the subject of WiFi security is even more apparent. If you remember, the Google Sniffing beta recently made their own study, and my colleague Costin Raiu wrote a blog post about it, giving important security tips to protect yourself and your network from intruders.
This year our Security Analysts Summit takes place in Limassol, Cyprus. So, I decided to see what the local WiFi security situation is, and what the Google Sniffing beta would find if they performed it right here.
Aside from the beautiful views (you can see in the picture above) we can say the following:
Last month, we were over in Dubrovnik for our 10th anniversary Virus Analyst Summit: five days of presentations, brain-storming, research and interviews. At around the same time, my colleague Christian's article on the dangers of using WiFi networks on holiday was published.
Dubrovnik was full of tourists, as well as all the summit participants and journalists we'd invited, and most people were probably checking their email, using IM, or surfing social networking sites on a regular basis. With this in mind, I decided to do a bit of war-walking to check the security of the town's networks.
A few days walking the narrow streets of the old town resulted in the following data:
It's not surprising that so many of the networks were completely open; Dubrovnik is a tourist town, so a lot of cafes and bars offer free Internet access with the aim of pulling in more customers. These open networks are a classic example of the trade-off between security and usability: although easy-to-use free Internet access seems attractive, the security risks are far higher than those associated with secure networks.
We recently went on tour with some journalists through Copenhagen, the capital of Denmark, and took a quick look at the state of WiFi networks in the city. Copenhagen lies on two islands (Zealand and Amager) and is well known for its culture and the design of the city (as well as being the 14th most expensive city in the world according to Forbes List). That is the kind of information you can find in any guidebook, but what you won't find are statistics on wireless networks. So it seemed a good idea for us to take a look!
Hello from Tianjin in China, and the AVAR 2005 conference. We're 150km from Peking, near the Bohai sea. This year's conference is the eighth annual event for virus analysts from the Asian region, and it's one of the highlights of an antivirus researcher's calendar, together with VB, CARO and EICAR.
This year attendance is good, with leading virus analysts along with IT industry people and government officials. For instance, speakers include Dmitry Gryaznov and Igor Muttik from McAfee, Vesselin Bontchev from Frisk and Eugene from...well, we know where he's from.
There are also speakers from the Chinese Ministry of the Interior, which has done a lot in the past few years to combat cyber crime.
Eugene's presentation was greeted enthusiastically and there were lots of questions. While he was speaking, I started doing a bit of research. I wanted to check out the wireless Internet connections, as well as mobile devices.
I found 3 WiFi-networks straight away. None of them encrypted traffic, but all of them had built-in DHCP servers. In short, all 3 were potentially vulnerable to war drivers. By the way, tomorrow I'm going to scan other WiFi networks in Tianjin and Peking.
Next I took a Bluetooth transmitter with a 100 meter radius and walked around the conference hall scanning for Bluetooth devices in 'visible to all' mode. I found plenty:
Overall, I found 9 mobile devices with Bluetooth 'visible to all' mode enabled, 8 of them Nokia smartphones. Yes, I know. You'd think that people attending an antivirus conference would know better. In fact, I had been hoping that I wouldn't find any at all.
The good news is that none of the phones were infected with Cabir. At least, not yet...