2015 - 2016
From TrasguTIC we have intended to find out how safe is the Smart City of Tarragona concerning to wireless networking.
For that purpose, armed with a laptop and a long range wifi antenna, we have placed at strategic points throughout the city with the aim of analyzing the number of detected wireless networks and their level of security, with particular emphasis on knowing what percentage of wifi networks detected are potentially vulnerable and why.
A vulnerable wifi network will allow a hypothetical attacker to connect to your router without permission, in the best case, with the solely intention of using our Internet connection. Its immediate consequence would be that our available bandwidth would be reduced, which could make us to notice a reduction in speed of browsing or downloading, to the point that if there are several intruders who prey on our vulnerable network we could even have trouble navigating properly.
From there, consequences of the hypothetical attack could have no limit: password stealing (mail accounts, social networks, online banking ...), copy and/or deletion of sensitive data (maybe even confidential) stored on our computer, introduction of malware or trojans on our computer to facilitate a subsequent access or any other criminal purpose, local network misconfiguration (so maybe something stops working or even the use of your own connection is limited or blocked) and a long list of possibilities.
Obviously, if the vulnerable wifi network belongs to a company, the magnitude of the attack could increase exponentially and cause irreparable damage, even catastrophic economic losses. For all this, in some corporate environments considered as critical, wireless networks are even not allowed.
Keep in mind that a wireless network is not always vulnerable by neglect or misuse of its owner, at least not directly. Incomprehensibly, even today, the default configuration of some routers has what we might call security holes that make possible that our wireless network is an easy target for any casual attacker. In this sense, "plug and play" sometimes can cost us dearly.
Although it is true that if an advanced and customized attack is suffered, the security of virtually any wireless network would be violated, for this statistical study we have considered vulnerable those wifi networks whose security is potentially liable of being broken by simple, massive (non-customized) techniques available to anyone (with suitable hardware and software.
Naturally, at all times we have relied on theoretical tests, comparing collected data with pattern-based vulnerabilities and known vulnerabilities specific to the most popular router models. In no case we proceeded to break the security of any network, nor any password has been cracked nor any external device has been accessed without permission.
Only time and subsequent studies may clarify whether we are increasingly aware in Tarragona and our wifi networks are becoming more secure, or if instead we are becoming more overconfident and careless, and they are increasingly vulnerable.