The place was this year's hacker conference Defcon, and the leader of the project originated was information security engineer Rick Hill. Expanding on his earlier WarRocketing experiment, he and his team tried WarBallooning -- they rented a balloon (the type often used for real-estate photography) and sent it 150 feet into the air, along with antennas and scanning software, searching for wireless networks.
The balloon spent 20 minutes in the air, and found about 370 wireless networks. One-third of them were unsecured.
The original story is worth reading just to find out about how they got the balloon in the air, but what struck me was the unsecured-network statistic. Our reflexive reaction is to tut-tut shoddy network practices, but I have to wonder: are things really as bad as they appear?
Recently I did a bit of accidental wardriving when I fired up my iPod touch while in the car. I started to get reports of various available networks as my wife drove down the street, and my eyebrows went up when I saw the sheer number of networks, mostly unsecured, that appeared on the screen over a three-block drive.
But then I thought about where we were; we were driving down a commercial strip near my old college. It was obvious that most of the
unsecured Wi-Fi networks were in the restaurants, cafes and gaming parlors that line the street. The few that were obviously corporate were locked down. The remaining networks looked like they were home setups; most were secured, and a couple had the telltale default SSIDs like "dlink" and "default."
Thinking about the Las Vegas experiment, I wonder how many of the open networks belonged to the many hotels in the area, or other establishments that tout free wireless, versus home networks. I seriously doubt that any company with an even halfway-decent IT group is going to leave its network completely unsecured if there's any access to sensitive data, so who should we be furrowing our brows at?
My take is that it comes down to properly educating individual users to the need for securing their wireless networks. Sure, every wireless router comes with a manual that explains how to secure their network, but -- and as a technical writer, it pains me to say this -- many people simply don't read the manual, especially if there's some kind of quick and easy installation wizard. More to the point, most people don't understand why they should bother to secure their network. When we frown at the number of open networks out there, we're usually preaching to the converted. What we need to do is educate our less technically inclined brethren.