Origins of the Term
first act of wardriving, as well as the term itself, was attributed to
Peter Shipley in 1999 when his findings on the large quantity of
wireless networks in urban areas was presented
to the hacking community at DEF-CON 9 in July 2001.
origins of the term wardriving originate from the term wardialing from the 1983
movie WarGames. In that movie, the protagonist uses his modem to dial random
phone numbers until he can find a line that has a modem at the other end. Wardriving is a similar technique of probing randomly to find
How Wardriving Works
idea behind wardriving is to detect IEEE 802.11 (Wi-Fi) traffic using a
wireless network card that accepts all network traffic in the area, regardless
of the signal’s intended target. Wireless access points (WAPs) broadcast frames
containing their service set identifier (SSID) and a few other items.
(Duntemann) This is done so that computers can automatically detect networks.
wardriving, one analyzes these signals to create a map of WAPs and their
coverage areas. The word driving in wardriving derives from the fact that one typically
uses a car to traverse roads while analyzing wireless network information.
perform wardriving, one typically requires the following:
computer – this can be a desktop, laptop or even PDA
wireless networking software utility (for more information, see Software for
Wi-fi client adapter
external antenna for your Wi-fi adapter – since most adapters have weak
antennas and most likely the car will shield many signals, the antenna will aid
in finding signals (optional)
GPS receiver – not absolutely necessary but it allows one to easily map the
WPAs to geographical maps (optional)
Abstraction of a typical set up for wardriving. A car contains a computer
(desktop or laptop) with Wi-fi capabilities. An external antenna is used to
strengthen the signal and the GPS unit allows the data to be organized by
geographical location. Based off an image by Jeff Duntemann.
Software for Wardriving
popular pieces of software for wardriving are NetStumbler for Windows and
for Linux, BSD and Mac OS X.
for wardriving must contain certain features. Firstly, it must be able to
interpret frames it receives from the Wi-fi client card. If the WAP is using
801.11a, 801.11b, 802.11g, and/or 801.11n, the software must be able to understand
which protocol is being used.
will collect these frames and be able to extract data from it such as SSID (if
the network is not hidden) or MAC address and determine the strength of the
signal from the user’s current location (by examining signal-to-noise ratios).
it will also provide some sort of ability to interface with a GPS in order to map
the information it acquires with geographical data.
Wardriving and Network Security
wardriving is not a malicious activity, the data from it can be used for
malicious or potentially illegal activities. Wardriving maps reveal where WAPs
can be found. While this in itself is not dangerous, the probability of these
WAPs having inadequate (or non-existent) security measures is quite high. This
is due to the fact that many WAPs are personal home networks. “Vendors are
trying to make their solutions easy to use right out of the box, so all the
security is switched off,” says Jon Gossels, president of System Experts, a
security consultancy firm.
example, though it may be difficult to gain access to a corporate wireless
network, if a telecommuter or other authorized person accesses the corporate
network from home, there is no problem. However, if above said person was using
a wireless network in his or her own home, then unless the network is secure,
the personal wireless network is open to attacks and may be used to gain access
to the corporate network. Or if an employee’s current networking option is
wired, he may buy an off-the-shelf wireless router, plug it in and the WAP is
now behind the majority of the organization’s security measures (as it likely
originally assumed one could only access the network using a wired connection).
However, these are only issues
that arrive from using data accumulated through wardriving. The act of wardriving
itself is concerned about the existence of wireless networks, not the
information being transmitted through them or the security features of WAPs.
While it is absolutely true that
there is a legitimate and lawful purpose for wardriving: to see whether there
are insecure networks, the maximum attainable bandwidth at different areas
within the proximity of the WAP and signal strength, etc., all this information
is also useful for malicious computer users as well.
Much like other security products
and techniques, there are always benevolent and malevolent uses for them.[2
There are many sites that contain
databases of information acquired through wardriving. This data may include
where a WAP is, its SSID, whether it is secure or not, whether it has WPA or
WEP activated, etc. Are these sites making already public information further
available or are they letting potentially malicious hackers know which WAPs they
can easily infiltrate?
Brad Haines, also known as Renderman, is a major Canadian
wardriver. He has given many talks on wardriving and is a respected member of
the networking technology industry. His website features a “Stumbler Code of
Ethics” which he has created based off conversations and general consensus
among wardrivers. They include things such as not connecting to networks,
avoiding trespassing for the sake of creating complete maps, not using the
personal data for gain and adopting “the hiker motto of ‘take only pictures,
leave only footprints’.” The code of ethics has been promoted and
discussed online and at worldwide wardrive events.
- Duntemann, Jeff. "Jeff Duntemann's Wardriving FAQ." Wardrive.net. Last accessed March 24, 2007 from <http://www.wardrive.net/wardriving/faq>
- Berghel, Hal. "Wireless Infidelity I: War Driving." Communications of the ACM, Vol. 27, no. 9, pp. 21-26.
- Dornan, Andy. "Roadblocks for War Drivers: Stop Wi-Fi from Making Private Networks Public." Network Magazine, Vol. 17, no. 12, pp. 30-34.
- Haines, Brad. "Stumbler Code of Ethics v0.2" Renderlab. Last accessed March 24, 2007 from <http://www.renderlab.net/projects/wardrive/ethics.html>
- Ryan, Patrick. "War, Peace or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics." Virginia Journal of Law & Technology, Vol. 9, no. 7.
Wireless Router Technology
802.11 Wireless Security
Created by Don Vo on March 24, 2007.
- Kismet is a wireless network tool for Linux, BSD and Mac OS X.
- NetStumbler is a wireless network tool for Windows.
- WarDriving.com offers information and links on how to wardrive.
- Wardrive.net offers tutorials, information and links on wardriving.