People tend to shed their inhibitions in Sin City even when Internet privacy is concerned.
Nearly half the Wi-Fi users on the Strip this weekend logged on with little or no regard for their protection, a cybersecurity expert found. Thousands of users didn’t seem to consider the security of the networks or what they were viewing, which included everything from adult pages to banking sites.
“It’s the kind of behaviors you might attribute with tourists having a Vegas blowout,” said James Lyne, global head of security at the British firm Sophos.
Lyne collected the information by riding a bicycle, specially equipped with a minicomputer that runs off solar power and energy from the bike itself, down Las Vegas Boulevard and in other business and financial areas of the valley. He found 56,198 networks, and 47.39 percent of those networks had no security encryption. A little less than 3 percent of those networks used Wired Equivalent Privacy, a security system that is considered to be easily compromised. Las Vegas fared well when compared with other cities that use that system, he said.
“There was a real appeal to seeing what people would browse in one of the most entertaining cities in the world,” Lyne said.
Another 30 percent of networks used Wi-Fi Protected Access, which Lyne also considers vulnerable.
He spent six hours “war biking” Friday and Saturday to scan for wireless networks. Then, he set up a phony wireless hot spot on the Strip for an additional three hours.
“What was clear was just how easy it would be for attackers to secretly join Wi-Fi networks all over the city and directly attack computers or devices to steal money or information,” Lyne said.
His company wants to raise awareness about Internet security as more and more people use mobile devices to go online.
“We need to fix the gap between convenience and security,” he said.
Lyne expected a breadth of open networks on the Strip because of all the resorts, but was concerned to find that people rarely took steps to protect their own security when accessing the networks.
Lyne said he didn’t intercept or store any sensitive information and trashed all the data when he completed the study.
Other popular sites visited on insecure networks in Las Vegas: Facebook, Twitter and Snapchat.
More than 4,700 people connected to the hot spot Lyne created, compared with about 2,900 people in London and more than 1,500 in San Francisco during similar studies. His next planned stops: New York, Hanoi, Sydney and Tokyo.
“It’s like shouting your personal or company information out of the nearest window and being surprised when someone abuses it,” he said. “It would have been trivial to attack nearly everyone in the study.
“We were ethical, but that doesn’t mean the next person coming along with that readily available kit will be,” he said.
Contact reporter David Ferrara at 702-387-5290 or firstname.lastname@example.org. Follow @randompoker on Twitter.