The Shady Art of Wardriving

Once upon the 20th century, we had the phreakers. Phreakers were phone hackers; they'd use various equipment and techniques to rig the public phone system, getting free calls, snooping on private calls, even running their own private network, and generally abusing the telephone system for naughty stuff. Then along came the computer age proper, and computer hackers used a technique called "wardialing", in which a programmed modem would be used to block-dial banks of phone numbers looking for a computer network online.

Our 21st century equivalent of these are wardrivers. Wardriving is the practice of driving around in heavily populated urban areas with a wireless laptop or other gear, with the purpose of sniffing out open, unprotected networks. This can be done with criminal intentions of penetrating them, or just for kicks. Note that we provide our information strictly for public education, and not for encouraging criminal activity.

How it's done:

It's surprisingly easy to do, and doesn't require much in the way of special equipment.

- A laptop, notebook, netbook, or UMPC.

- Some kind of wireless networking capability.

- An omnidirectional antenna.

- Software. 'Netstumbler' is a program with this purpose available for the Windows platform.

- A GPS unit, for mapping your hits.

- A car. No motorcycling for this trick!

Typically you will have a two-person team. One's driving and one's got the laptop open. Keeping the netstumbler (or other program open), you'll see that when you drive within range of a wireless access point, the software will display it on the screen, including such information as manufacturer, channel, AP name, GPS coordinates, and so on. That's it!

In practice, you will likely encounter hundreds of wide open points. A lot of 802.11 set-ups will just let anyone within broadcast range have access because it's just easier that way. A sizable number of 802.11 set-ups will just have WEP (Wired Equivalent Privacy) turned on and think they're protected. They are not; standard software tools can crack WEP in seconds. A handful will use WPA (Wi-Fi Protected Access) and WPA2. If anybody you encounter is serious enough about their security to use WPA2, you'd best not fool around with them. They'll also likely have somebody watching for mischief.

How to protect your own network:

In the case where you don't intentionally want to provide public access for the world, you'll want to secure your wireless network. Some steps:

- Even though it's easily cracked, you can use WEP anyway. It's a small step, and any step is a deterrent.

- Enable WPA. WPA provides far better protection and is even easier to use. Windows XP has it built-in, as does most wireless hardware these days. Full support of WPA2 is not yet there, but some day you'll have WPA2 accessible everywhere.

- Don't broadcast your Service Set ID (SSID). Just use it to set up your devices, but once that's done, turn off broadcasting.

- Reduce your wireless transmitter power! Nobody thinks of this, but if your wireless network only needs to encompass your office building, then why send the signal all the way across town? If you lower the power of your WLAN transmitter, you will reduce the range of the signal. Even if you can't control it so finely that its range perfectly fits your floor plan, you can at least minimize the chance that a wardriver will stumble upon it.

In any case, don't wring your hands over the insecurity of wireless networks. The Internet itself in insecure, and you're using that, aren't you?

Filed Under: GPS, GIS and Navigation • Mobile Computing • Mobile Internet • Security Technology • The Internetz