Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Australia Security Wireless Networking

Sydney Has 10,000 Unsecured Wi-Fi Points 176

daria42 writes "A bunch of researchers have been driving around Sydney, Australia, and scanning for unsecured Wi-Fi networks. You'd think that in this day and age, with all that we've learned about security, that Wi-Fi security would be almost universal ... but the truth is that about 2.6 percent don't even have basic password protection. Extrapolating a little, that adds up to 10,000 unsecured Wi-Fi networks across Sydney alone."
This discussion has been archived. No new comments can be posted.

Sydney Has 10,000 Unsecured Wi-Fi Points

Comments Filter:
  • No wonder they implemented a filter!
    • Maybe they all 10,000 residents read Bruce Schneier's blog:

      http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html [schneier.com]

      Also, I know TFA mentions "Residential Locations", but I wonder if there were any coffee shops dotted around which offer free wifi. Maybe none, but a short sentence in the article would help me sleep at night :)

      • Re: (Score:2, Insightful)

        Comment removed based on user account deletion
        • by Lumpy ( 12016 )

          What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

          I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

          • What kind of moron will allow unhindered free wifi? It's brain dead easy to set up a filtering proxy. Hell Privoxy and Dans Guardian will do most of it for you easily. Install DDWRT on that linksys and enjoy even basic keyword filtering.

            I even block all ports other than 80. you can use my free wifi but based on my rules and restrictions. That's the cool part about being educated on what you are doing.

            Yeah, it is cool - if you're educated on what you are doing. But for those who are not, why is anyone surprised they are running wide open?

          • by quenda ( 644621 )

            In other news, 100,000 Sydney homes have unlocked water taps (faucets to Yanks) on their unfenced front lawns.
            Shops and offices have unsecured water outlets openly visible in the car-parks and verges.
            Anyone passing by could help themselves to free water! Oh the horror.

        • Look at the guy that wrote the "pro pedo" book. No pics, just his thoughts on a page sent him to jail, aka Thoughtcrime.

          The fantasy that secured Wi-Fi spots are somehow "secure" is more dangerous than the possibility that your neighbor is looking a child porn via your access point.

          By accepting that all Wi-Fi routers should be secure so nobody can use our access points to look at child porn, we're accepting the responsibility to always be a step ahead of motivated hackers and motivated perverts.

          Open up the W

          • Mod parent up. These people are doing nothing more than trying to convince us to voluntarily give up our freedoms, by trying to make us live in fear. It won't work.
        • Excellent points. This XKCD is relevant:

          http://xkcd.com/651/ [xkcd.com]

        • If "His biggest risk is if someone uses his connection to look at child porn", then his (Schneier's) position is entirely correct. What is it about this hysterical obsession with "child porn"? Are they lurking everywhere like the commies? Do we really have to pass laws criminalizing people who have incorrect thoughts? I strongly support criminalizing adults who take advantage of minors but it is always wrong to have thought crimes. Allowing thought crimes as a category allows people who really have evil int

        • Hey look, hairyfeet is spreading lies and paranoia.

        • "His biggest risk... the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it."

          Apparently you don't keep up with the news. More and more, the courts have been ruling that an IP address does not constitute probable cause to search an individual, or in a recent case a particular home. The judge ruled that it only pointed to a neighborhood, no more. He acknowledged that it could have been anybody, including someone simply driving past in their car.

          Poliice departments have been chastised over this, and increasingly, not decreasingly, so.

          My wifi is accessible to at least 20 different

          • Comment removed based on user account deletion
            • Didn't bother to actually READ *MY* post before responding huh?

              In the US, courts have been increasingly ruling that an IP address is not probable cause.

              So there will be no seizure in the first place, and therefore no backlog, and therefore no wait to get your computer back, because it will not have been taken in the first place!

              There. Fixed that for you.
        • His biggest risk is if someone uses his connection to look at child porn, or even attempts to look at non existent child pron, since the FBI is known to set up "honey pots" of fake files and then not bother to record the referrer so today that URL shortened link could actually get your door kicked in and you arrested if you click on it.

          Do you realize that by worrying about this, you are worse than the people who are worried about terrorist attacks in the US? That your odds of this happening are so extremely low, that by worrying about it and not worrying about getting killed by people throwing rocks on the freeway, you are being irrational? Because your chance of the latter is more likely.

  • by Anonymous Coward

    This 'bunch of researchers' wasn't Google was it?

  • by robthebloke ( 1308483 ) on Monday July 18, 2011 @04:16AM (#36797928)
    .. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!
    • by Cimexus ( 1355033 ) on Monday July 18, 2011 @04:27AM (#36797976)

      That was my thought at first too. Are some of them businesses? Or are some of them 'open' (in terms of not having a WEP/WPA password) but actually still require further authentication once connected (e.g. a VPN or a gateway which requires a username/password).

      However now that I read TFA, I see that the observations were made only in residential areas (i.e. suburban streets). You would not expect to find many businesses in these areas. I'm sure a couple might have been, but not that many. So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

      10,000 points in a city the size of Sydney is hardly that amazing though...

      • by L4t3r4lu5 ( 1216702 ) on Monday July 18, 2011 @05:25AM (#36798162)
        There's a service called FON [wikipedia.org] which has caught on with BT; Subscribe with FON, run a second open wireless network and share your broadband connection, authenticate to a FON account over VPN and share wireless all over the world where there is a FON wireless network.

        More common in residential areas where there are no companies to be tied in with other subscribers.
        • by Inda ( 580031 )
          I tried to connect to one of these.

          1. They wanted 3.00 GBP for 24hrs surfing
          2. They wanted 10.00 GBP for a week.

          3. And this is a big three: They wanted CC information. There was no HTTPS; I knew the router was sat in someone's living room; alarm bells rang loud.

          Sounds like a good idea, but in practice, barge-poles and all that stuff.
      • by chrb ( 1083577 )

        So yeah it'll mostly be clueless people who haven't secured their home WiFi networks, it seems.

        You mean clueless people like Bruce Schneier [schneier.com]?

      • Well, one of them might be mine. I run unencrypted WiFi - but try and actually connect, and you'll find I have a list of MAC addresses I accept, so you won't get a connection. And yes, I'm in Sydney.

        • by fnj ( 64210 )

          Because of course they can't sniff the list and clone the MAC address.

        • I'm no security expert, but my understanding is any time one of your accepted devices attempts to connect to your network, it happily sends its MAC address over the air in plaintext and anyone with a free sniffer can grab the legitimate address, spoof it on their device and connect. Good for keeping out casual traffic, but anyone determined to get access won't see this as a barrier, I guess it depends what your aim is though (maybe you're happy to share with people who are techie enough to bypass the MAC au
        • by Zouden ( 232738 ) on Monday July 18, 2011 @05:55AM (#36798260)

          Your computers will be broadcasting their MAC addresses in all the packets they send, so it takes just one captured packet to obtain a valid MAC address that can be used to connect to your network. That's actually less secure than WEP, which requires thousands of packets to obtain a valid key. Not to mention more effort, since if someone legitimately wants to connect, you have to whitelist their MAC address.

          You'd be better off using WPA - more secure, more convenient.

        • And even though no one would clone your mac addresses, aren't you worried of someone eavesdropping your connection in general?
        • by Bert64 ( 520050 )

          What about the traffic going over the network? That's now open to interception by anyone within range...
          Also its not hard to spoof a MAC address.

        • Why?

          It doesn't stop snooping on the traffic. It doesn't stop someone who knows what a MAC address is from connecting.

          All it seems to do is make it more difficult to connect a new machine on the wifi when friends visit or you buy a new laptop.

      • by bberens ( 965711 )
        It could be clueless people like me who have a separate secured and open wifi network. If you only scanned my house you'd see 50% of the world is unsecured wireless!
        • True - but people you you or I, or Slashdotters in general, aren't the norm. For each person who is intentionally running an open access point like yourself, I'd wager there's at least ten who have open access points unintentionally (or simply don't care).

    • by bemymonkey ( 1244086 ) on Monday July 18, 2011 @04:40AM (#36798018)

      I wish that were the case here in Germany as well. Unfortunately the laws around here say you're responsible for your own unsecured WiFi - if the neighbors download illegal stuff, you're to blame for not securing it.

      Hence, nearly everything around here is encrypted... even cafes and other places of business are switching to ticketed systems that allow them to track, pinpoint and restrict user activity. This isn't a problem for most patrons per se, but the prohibitive cost and added complication of such systems (compared to a few WiFi access points) is making a lot of places drop WiFi altogether of start charging for it.

      Very unfortunate :(

    • by mjwx ( 966435 )

      .. .providing a nice free service for their customers? heck, I even use the free unsecured internet access on the bus these days!

      This, Every McD's has an unsecured wifi these days. Almost every Cafe too.

  • Honestly I don't think this will come as a shock to ANYONE who has a wifi enabled device. There are unsecured access points everywhere in any given metropolitan space. I can get wifi reception in most places of three forks montana, a town with a population of less than 2000!
  • by Sycraft-fu ( 314770 ) on Monday July 18, 2011 @04:22AM (#36797952)

    We'll probably have 10,000 or more when done. The goal is to have a complete coverage network, I'm talking everywhere, no drops. The building I work in has a couple hundred (we actually found a bug in old Intel wireless drivers, they couldn't handle over 99 visible APs). Every one has an unsecured network on it. The reason is we wish to provide visitors and guests with an easy way to get on the Internet. It is limited, web only, speed filters and so on, but it is open. The same APs also have secured networks on them, there is a WPA2-Enterprise network that you can access with your campus login and password that then has no speed or port restrictions, but of course you need a campus login. There is a VoIP network too (the reason for total coverage) but it is just for testing at this point.

    It has nothing to do with being unaware of security, everything to do with not being assholes. A PSK security system would be worthless. It would be an unadministratable nightmare to try and change the password often enough and distribute it to do any good. Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests, or just the public who wants to use our facilities (and we are a public institution and so have a duty to them). So open is the answer. You get on, it directs you to a "You agree to this shit," page, and away you go.

    • by TheLink ( 130905 )

      . Enterprise security works great for students, employees, and so on but isn't very helpful when you are talking guests,

      The problem is the WiFi standards are broken/braindead (even after so many years). You can't easily provide secured WiFi channels to guest users.

      They could have copied "https" where the clients can be anonymous and still have secured channels. They could have worked with Microsoft, Apple, dlink etc to set up a standard where the WiFi clients will try "WPA2 Enterprise" and log on as "anonymous" with password = "anonymous" (prompting/warning the user before that if the AP's fingerprint is new/different).

      In p

  • by the_other_chewey ( 1119125 ) on Monday July 18, 2011 @04:22AM (#36797954)
    Some of those might be intentional: I run an unencrypted wifi AP which is
    bandwidth limited and routed through Tor as a public service. It is used regularly.

    Also not covered will be those with open APs but additional authentification/encryption
    layers, e.g. using a VPN.

    Around here (not Australia, admittedly), open wifi is nearly non-existent (and all open
    ones I've encountered over the last two years or so seem to fall into the categories above) -
    WEP "secured" APs are another story however, there is still a worrying number of those around.
    And I'm certain most WEP users are entirely unaware of their de-facto openness.
    • by chewedtoothpick ( 564184 ) <[moc.liamtoh] [ta] [kciphtootdewehc]> on Monday July 18, 2011 @04:44AM (#36798034)

      What is sad is that most of those WEP AP's were done (some likely recently) by supposedly knowledgeable people, such as WorstBuy's IdiotSquad.

      As a consultant it's infuriating how often I will come across new clients (even many companies) whose WiFi networks were secured by those morons out of incompetence. I have even seen them install small business servers with direct-to-internet connections and not even a NAT firewall, because "You can't have a VPN server behind a firewall" which we all know is bullsh**.

      • They are shipping routers that have encryption turned off by default. And the routers have WEP as an option. The manufacturers could ship all their routers with WPA-2 and a randomized password that is shipped separately in the box. But they dont.

    • by the_raptor ( 652941 ) on Monday July 18, 2011 @05:03AM (#36798082)

      It doesn't matter if they are intentional. From local coverage about the "issue" here in Australia I think certain groups are trying to push the idea that having unsecured Wi-Fi is criminal negligence at best.

      The articles are amusing in that they make it seem like unsecured Wi-Fi is mostly used for illegal activities and then say that having unsecured Wi-Fi could land you in trouble for what guests do through your link. If the first is true then it can used as a defence in the second instance. Especially as more and more judges are realising that having IP logs doesn't prove much and dismissing such cases.

      The recent surge in stories about this "issue" is imo a reaction to such developments.

      • by kwerle ( 39371 )

        In California, public libraries and many coffee shops have open access. I'm curious what access those kinds of institutions provide down under (and in other states).

        I also have an open access point. Thank you to those of you out there in /. land who do the same.

  • Sorry, I'm just not seeing how this would be news to anyone technically adept enough to be interested in reading slashdot. Unsecured wifi is a problem in every part of the world, from third world countries just learning to use it to the most advanced countries. Ten thousand is a big number, but it shouldn't come as a surprise to anyone.
  • So what? If you use an insecure connection you know you are vulnerable to people who like to read your email and see what websites you visit. And the owner of the connection risks getting all kinds of viruses for free, and people downloading pr0n and other stuff via her network. Who else but the two people I mentioned should care?

  • by quantumphaze ( 1245466 ) on Monday July 18, 2011 @04:30AM (#36797988)

    As an Australian I am quite surprised that the number is so high. Here it has been the norm for ISPs to tiered monthly data plans where you pay for how much you use. From cheap plans for $20/mo for a few GB aimed at old people who only forward on chain emails from 1997 right to 1TB plans for torrenting all that public domain and Creative Commons content. Once it's used up your connection is throttled to an unusable 64kb/s for the remainder of the month (though some ISPs sell data recharge things).

    Unlike Americas "unlimited" one-size-fits-all these users are losing what they paid for. Why would people be so stupid as to let their neighbours use up their 25GB on their shitty Telstra plan? Is setting up WPA2 really that difficult? Can these people read an instruction manual?

    I also find it depressing that WPS [wikipedia.org] even exists.

    • Over here (UK) you can't even get a modem from an ISP that isn't defaulted to have WPA2 on (if you follow their wizard to set it up - and I have to assume anyone savvy enough to set it up without the wizard probably understands the risks or at least is making a conscious choice to go sans security). I'm more surprised that AUS ISPs don't have the same policy - the cynical side of me wonders if it's linked to the fact that they have data limits and sell extra data bundles, you're less likely to care about b
  • by Anonymous Coward

    I run a open access Wireless AP, the SSID is "free wifi" and it redirects traffic to a local rickroll/nyancat video loop (randomizes each time)

  • by __aailob1448 ( 541069 ) on Monday July 18, 2011 @04:56AM (#36798066) Journal

    There was a time when most WiFi hotspots were password-free and we could connect to the internet for free in most urban areas when we were travelling, with latencies and speeds that put 3G to shame.

    Now, those times are gone forever. No more free internet for the casual user. No more sharing and love.

    People like to talk about security but it's bullshit. We are not the winners in this ordeal. ISPs are. The security issues have an easy technical solution: The same one used by french ISPs to let its customers connect to other customer's WiFi.

    They have a password-free Hotspot that sends you to web login and a separated, bandwidth-shaped VLAN for guests so they can't access network shares or do anything else.

    R.I.P free WiFi. You will be missed.

    • The Finnish ISP Saunalahti had a "Wippies" project where you would get a free router and some cloud storage. The catch was that you complied to run a public wifi along your private network from the box.
    • Now, those times are gone forever.

      And in some places, now, it also turns out that you can no longer just leave your keys in your car overnight, knowing that the only people who might drive it off without talking to you would be your neighbors, who you know will return it with more gas in the tank than they found. Not only that, the days of leaving your home unlocked seem to be fading, too. It's almost like there actually are people out there who are untrustworthy, willing to rip things off, and not at all worried about what the consequence

      • It's more the result of increasingly tyrannical government that prosecutes thought-crimes. Looking at information has victim and therefore no provable perpetrator. Of course for a long time in most places the pre-crime of leaving the keys in your car has been punishable, so maybe it's nothing new.
      • by kwerle ( 39371 )

        And in some places, now, it also turns out that you can no longer just leave your keys in your car overnight...

        Really? Which places are those?

        Do those same places have libraries? And do those libraries secure their wireless (they don't in California). What about the coffeeshops in those places?

        • Really? Which places are those?

          Sorry, I meant that it's not rational to leave your keys in your car in places where car theft is a common problem.

          I haven't personally encountered (in the last few years) a business or government entity running freely available WiFi that doesn't pass users through a terms-based and protocol-limited proxy.

  • I had a spare AP, so I decided to leave it open for the public to make use of my internet during the day. The AP is on a manual time switch (you know, the one that plugs into the wall) so it switches the AP on at 8am, switches off at 5. Real technical stuff I know but seriously, what's the deal with all the press surrounding unsecured wifi nextworks? Is it still 2005? Even if people have encryption or mac address filtering, it's not going to make the world of difference? If someone wants something other tha
    • It isn't about not wanting to be nice, nowadays when police kick the door down first and ask questions later you don't want to be in a position where the local pervert has an easy route to browse his kiddie porn through YOUR network. Even if you can later prove it wasn't you the hassle and trouble involved is just not worth the risk. Even when most use crap security there generally is no point to breaking it as there is nearly always some other moron that leaves theres open. Even from my living room where I
  • Plausible deniability.

    • Unfortunately, the pendulum of "justice" is that you're liable for wrongdoing on your connection. So if someone accessed child porn on your unsecured network, you're going to go through a big headache defending yourself.

      Which is somewhat karmic given that a lot of geeks defend hacking, that anyone with their door unlocked deserve to be robbed, i.e. the liability for poor or non existent security should be on the owner, not the hacker. Now we're seeing exactly that, the tables have now turned to what geeks

      • I refuse to live in a world where Americans need "your papers please" or where our police are thugs. I refuse to be bullied by the TSA. It is our choice what world we wish to live in. If you give in, you give up; That way lies fear, depression, and death. I live in the same bright world that Ronald Reagan spoke of, a city on a hill....
  • So, evidently, Sydney has too many secured wifi points, right? 2.6% unsecured is less than the percentage of people with no financial information or anything interesting enough to steal... grandparents who don't do banking online are buying wireless laptops. Possibly, 2.6% of Sydney wifi administrators are confident of their ability to monitor access to their networks. If the ISPs take over the anti-virus implementation, as they are starting to do in the USA, the only problem would be lost business to

  • LAWSUIT!!!
  • I'm all for security and strong passwords and all that, but so far, no one has been able to give me a good enough reason for me to bother with "securing" my wireless network.

    People can sniff your passwords! -- I don't send them in the clear; I use SSH and SSL for everything.

    You'll get viruses! -- I don't trust my network; I treat it as part of the public Internet and use sensible firewall settings.

    People will use your bandwidth! -- I don't care. My bandwidth isn't capped.

    People will use your connection for

    • Some (most) websites only use HTTPS for the initial logon, and then they switch to HTTP for the rest of the transactions. This makes it possible, for example, for someone to hijack your Facebook account by stealing the logon cookie. It's mainly an issue with poorly coded sites.
  • FTA: "In total, 382 networks were detected with 2.6 per cent operating without password protection."

    So, out of all the networks they tested, only 9 networks we unsecured? I don't think this small a pool is very significant statistically. There could be a number of reasons for those 9 people to be operating a wifi without a password. It isn't necessarily just being "uninformed"

  • I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard. 5) Postcard is now sent through the postal service. Now, the postcard transport to the post office IS secure, it's in a safe, nobody can read it, it's all good and super secure. The security breaks somewhat when the postcard is delivered to the post office, just like your "secure" wireless data connection is somewhat broken when it reaches the Internet, but.. people seem to like this kind of security. If you really want security then you need end-to-end encryption like SSL and https. My view is that thinking wireless "security" gives you much real security is just dump. It does prevent people from using your wireless, and that's about it. I don't mind, fetching a web page used close to zero percent of my bandwidth anyway.
    • by Ksevio ( 865461 )
      But it's a lot easier for someone to sniff your wifi network to grab your data than to intercept a backbone router. Plus they have the advantage of being close by.
    • I choose to leave my wireless open. I view wireless "security" like this: 1) Write a secret message on a plain postcard. 2) Put it in to a safe. 3) Drive the safe to the post office. 4) Take the postcard out of the safe, give the post office people the postcard.

      I got this far before I realised your view of security is horribly broken.

      The point of WiFi security is to prevent others from using your wifi when you dont want them to. There are a few reasons for this,
      1) control what gets put through your network.
      2) prevent others from using your bandwidth, slowing your connection down.
      3) Prevent others from consuming large chunks of your download cap (very prevalent in Oz).

      Now how WPA works is.
      1) put your postcard (packet) in a safe (encryption).
      2) send that s

  • by ledow ( 319597 )

    Just because they were "open" doesn't mean you could actually do anything with them.

    I used to have a wireless network where all the clients were software-firewalled and the only traffic accepted over the wireless interfaces was VPN traffic to a server also on the wireless network (and that interface similarly firewalled). Hell, you didn't even have DHCP service on that interface.

    So a million people could "join" my wireless network but:

    1) None of them could talk to each other.
    2) None of them could talk to t

  • in any big city, try NYC or LA, or Detroit or Chicago, or any of the other big US Cities = full of inept people that bought PCs & laptops all connected via unsecured wifi because it is easier than running Ethernet cable all over the house
  • Computer Hackers Running Rampant Ruse of Running Runtimes

    On online newspaper has broken the story that the majority of computer terrorism happens because of downloading executables and running them. "This results in the innocent user being asked why they were running TransvestiteIslamicHookers.avi.exe."

    An internet security expert from PMITA University in Melbourne, Greg Markovy, said downloading executables could attract attacks on any devices on the same network, leading to the loss of personal da
  • I wonder how many of them are Free Public WiFi [lifehacker.com].
  • What Slashdot users know != what the general public knows.

  • by jidar ( 83795 ) on Monday July 18, 2011 @08:14AM (#36799020)

    So what you're telling me is, over 97% of users secure their wifi networks?
    Honestly I never would have thought we could get the percentage that high. That's good news.

  • Broadcasting a specific SSID from an AP that uses a captive portal and is routed out to the Internet and firewalled from other networks is not "insecure". Article is absolutely meaningless.
  • Comment removed based on user account deletion
  • My open AP sits on a segregated subnet. It is also running a captive portal. If you need to get into my private network, you must use a VPN client. If you want to browse freely on the Internet, you must authenticate to the captive portal.

  • What is one that allows you to segregate the wired from the wireless so they cannot talk to one another. I would like a wireless router that: The wireless can only access the wan. Do any of them do that? Extra points for a router that can only be administered via the wire.

  • I miss the good ol' days where you could fire up your device in a park or apartment complex or wherever and find an AP to connect to. Not any more.... You see a dozen APs, all locked down. End of an era...
  • Comment removed based on user account deletion
  • In my area, if you drive around town then a lot of places show up as "Unsecured wireless network" but if you try to access the Internet through it, it redirects all traffic to one particular location that wants you to put in a username/password (which you have to have paid for via some other channel previously).

You are always doing something marginal when the boss drops by your desk.

Working...