A word of warning to Las Vegas Strip visitors, especially if you’re planning to play a spot of legalized online poker when you’re in town: check your Internet network. A recent experiment conducted by UK cyber-security firm Sophos found that a worrying amount of people on the Strip were using unsecured networks, with little or no regard for their own protection, thus exposing themselves, their bank details and their online poker accounts to possible fraud.
Global head of security at the firm James Lyne said he was shocked how many people were using the Internet on such networks at their own personal risk, with almost half of WiFi users on the Strip – and beyond – guilty of careless browsing.
“What was clear was just how easy it would be for attackers to secretly join WiFi networks all over the city and directly attack computers or devices to steal money or information,” he said.
Nearly Half of Connections Unsecured
Lyne gathered his information by riding a bicycle equipped with a solar-powered computer along the Strip and through other business and financial areas of the city. He recorded 56,198 networks, of which 47.39 percent were unsecured. Lyne said he expected to find a lot of such networks because of the large amount of hotel resorts in the vicinity; however, he was surprised how few people took any steps to protect themselves while using them.
Even among the networks that were protected, he found that 30 percent used WiFi Protected Access, which he considers to be vulnerable, and 3 percent used Wired Equivalent Privacy, a system that he says is easily compromised. Sophos wants to raise awareness about Internet security at a time when an increasing number of people are connected to the Internet via their mobile devices
“It’s the kind of behaviors you might attribute with tourists having a Vegas blowout,” said Lyne. “We need to fix the gap between convenience and security.”
Having spent six hours “war biking” up and down the Strip scanning for networks, Lynn then set up a wireless hotspot of his own. Over 4,700 people connected the phony hotspot for the three hours it was transmitted, significantly more than when the same experiment was conducted in London and San Francisco.
“It’s like shouting your personal or company information out of the nearest window and being surprised when someone abuses it,” he said. “It would have been trivial to attack nearly everyone in the study. We were ethical, but that doesn’t mean the next person coming along with that readily available kit will be.”
Lyne was quick to reassure us that he didn’t intercept or keep any sensitive personal information and all data was deleted after the study had been completed. However, the Brit admits that he found some of the sites that people were viewing a bit of an eye-opener: “There was a real appeal to seeing what people would browse in one of the most entertaining cities in the world,” he said.
Lyne will continue his crusade to expose the frailty of our Internet connections with more stops around the world – his next planned visits will be New York, Hanoi, Sydney and Tokyo, so be careful what you browse.
You’ve been warned.