Background and Project Description
In August 2015, the Malaysian Communications and Multimedia Commission (MCMC) had collaborated with F-Secure Corporation to conduct an investigation on the security of access to a wireless network (Wi-Fi). F-Secure had carried out the same experiment in London in 2014, in collaboration with EU’s Law Enforcement Agency, the European Police Office (Europol). Their objective was to raise public awareness on the security of using Wi-Fi across Europe.
During the previous experiment, MCMC undertook to configure a bogus public Wi-Fi hotspot to lure unsuspecting users to make use of the service. Those utilizing the hotspot had their information recorded for analysis. Malaysia identified high-traffic public venues in the Klang Valley area for the experiment, specifically at the KL Sentral, Suria KLCC and MidValley Shopping Center.
The experiment showed that there was a 58% possibility in Kuala Lumpur that a hacker could gain personal information by just setting up a bogus public Wi-Fi hotspot. This proves that there is a critical need for public education and awareness on the security of usage of public Wi-Fi in Malaysia. The finding was presented and discussed during TEL53.
The workshop was supported by Thailand and the Philippines, and has been included as one of the deliverables by Malaysia in the APEC TELWG 2016 Work Plan.
Malaysia took note of the interests of a number of economies on our wireless security project. In response to a request by Japan during TEL53, who is preparing for the Tokyo Olympics in 2020, Malaysia has decided to conduct Phase 2 of the project in TEL54 to expand the reach of our experiment in Japan.
Similar experiments will be conducted in expanded areas in Malaysia, and [Osaka and] Kyoto before the commencement of TEL54 with the assistance from the Ministry of Internal Affairs and Communications, Japan (MIC).
The information collected from the experiment will be analyzed for reporting purposes. Malaysia confirms that there will be no actual data in transit to be recorded and kept.
Consistent with Priority Area 5.2 of the APEC TEL Strategic Action Plan 2010-2015, i.e. promotion of a secure, resilient and trusted ICT environment, this project aims to share the following objectives with the APEC member economies on wireless security issues:
I) To raise awareness on the danger of devices connected to an open/public Wi-Fi. This will educate users to value their privacy and security when going online via public Wi-Fi connections;
ii) To get an overview of users’ behaviours when using or accepting an untrusted public Wi-Fi connections;
iii) To get an insight on how attackers make use of the tools, which are publicly available for malicious purposes to gain access to users’ private credentials; and
iv) Wherever applicable, to share the findings during cybersecurity trainings with various law enforcement agencies on wireless security issues.
The primary work of this project is divided into two-fold:
1) to conduct wardriving exercises around identified areas in Malaysia and Japan. Malaysia will deploy the Wardriving Technique, a method used to search open Wi-Fi networks while moving in a vehicle in predetermined locations, using a portable computer, smartphone or personal digital assistant (PDA). This exercise, which will take no longer than 60 minutes, will make use of the combination of hardware and software to demonstrate how unsuspecting mobile phone users are attracted to use open Wi-Fi hotspots indiscriminately to access the Internet; and
2) to present and share the analysis/ findings of the experiment at TEL54. Parties relevant to/ interested in wireless security issues such as policy makers, regulatory bodies and related business operators are invited to share views on the findings and similar issues experienced in home economies.
- Wardriving exercises pre-TEL54 in Malaysia and selected area(s) in Japan; and
- A half-day workshop for presentation and information sharing during TEL54 on 2 November 2016 (Wednesday).