Wardriving

Wardriving is "the gathering of statistics about wireless networks in a given area by listening for their public available broadcast beacons."[1] This is done using a Wi-fi enabled computer, networking software, GPS software and a vehicle for transporation. Wardriving is not to be confused with the act of finding unsecure networks and connecting to them in order to gain access to computers on the network or the Internet.

While people may be wary of the term wardriver, it is only because of the stigma attached to the world, much like "hacker." Wardrivers are not necessarily individuals who gain unauthorized access into networks and fiddle around or consume resources; most are individuals who are interested in the technology or the culture.


Contents
  1. Origins of the Term
  2. How Wardriving Works
  3. Software for Wardriving
  4. Wardriving and Network Security
  5. Ethics
  6. References
  7. See also
  8. External links

Origins of the Term

The first act of wardriving, as well as the term itself, was attributed to Peter Shipley in 1999 when his findings on the large quantity of wireless networks in urban areas was presented to the hacking community at DEF-CON 9 in July 2001.[2]

The origins of the term wardriving originate from the term wardialing from the 1983 movie WarGames. In that movie, the protagonist uses his modem to dial random phone numbers until he can find a line that has a modem at the other end.[2] Wardriving is a similar technique of probing randomly to find networks.

How Wardriving Works


The idea behind wardriving is to detect IEEE 802.11 (Wi-Fi) traffic using a wireless network card that accepts all network traffic in the area, regardless of the signal’s intended target. Wireless access points (WAPs) broadcast frames containing their service set identifier (SSID) and a few other items. (Duntemann) This is done so that computers can automatically detect networks.

With wardriving, one analyzes these signals to create a map of WAPs and their coverage areas. The word driving in wardriving derives from the fact that one typically uses a car to traverse roads while analyzing wireless network information.
To perform wardriving, one typically requires the following:
  1. A computer – this can be a desktop, laptop or even PDA
  2. A wireless networking software utility (for more information, see Software for Wardriving)
  3. A Wi-fi client adapter
  4. An external antenna for your Wi-fi adapter – since most adapters have weak antennas and most likely the car will shield many signals, the antenna will aid in finding signals (optional)
  5. A GPS receiver – not absolutely necessary but it allows one to easily map the WPAs to geographical maps (optional)
A typical wardriving setup
   Abstraction of a typical set up for wardriving. A car contains a computer
   (desktop or laptop) with Wi-fi capabilities. An external antenna is used to
   strengthen the signal and the GPS unit allows the data to be organized by
   geographical location. Based off an image by Jeff Duntemann.[1]

Software for Wardriving

Two popular pieces of software for wardriving are NetStumbler for Windows and Kismet for Linux, BSD and Mac OS X.
 
Software for wardriving must contain certain features. Firstly, it must be able to interpret frames it receives from the Wi-fi client card. If the WAP is using 801.11a, 801.11b, 802.11g, and/or 801.11n, the software must be able to understand which protocol is being used.
 
It will collect these frames and be able to extract data from it such as SSID (if the network is not hidden) or MAC address and determine the strength of the signal from the user’s current location (by examining signal-to-noise ratios).
 
Typically, it will also provide some sort of ability to interface with a GPS in order to map the information it acquires with geographical data.

Wardriving and Network Security

While wardriving is not a malicious activity, the data from it can be used for malicious or potentially illegal activities. Wardriving maps reveal where WAPs can be found. While this in itself is not dangerous, the probability of these WAPs having inadequate (or non-existent) security measures is quite high. This is due to the fact that many WAPs are personal home networks. “Vendors are trying to make their solutions easy to use right out of the box, so all the security is switched off,” says Jon Gossels, president of System Experts, a security consultancy firm.[3]
 
For example, though it may be difficult to gain access to a corporate wireless network, if a telecommuter or other authorized person accesses the corporate network from home, there is no problem. However, if above said person was using a wireless network in his or her own home, then unless the network is secure, the personal wireless network is open to attacks and may be used to gain access to the corporate network. Or if an employee’s current networking option is wired, he may buy an off-the-shelf wireless router, plug it in and the WAP is now behind the majority of the organization’s security measures (as it likely originally assumed one could only access the network using a wired connection).
 
However, these are only issues that arrive from using data accumulated through wardriving. The act of wardriving itself is concerned about the existence of wireless networks, not the information being transmitted through them or the security features of WAPs.

Ethics

While it is absolutely true that there is a legitimate and lawful purpose for wardriving: to see whether there are insecure networks, the maximum attainable bandwidth at different areas within the proximity of the WAP and signal strength, etc., all this information is also useful for malicious computer users as well.
 
Much like other security products and techniques, there are always benevolent and malevolent uses for them.[2]
 
There are many sites that contain databases of information acquired through wardriving. This data may include where a WAP is, its SSID, whether it is secure or not, whether it has WPA or WEP activated, etc. Are these sites making already public information further available or are they letting potentially malicious hackers know which WAPs they can easily infiltrate?

Brad Haines, also known as Renderman, is a major Canadian wardriver. He has given many talks on wardriving and is a respected member of the networking technology industry. His website features a “Stumbler Code of Ethics” which he has created based off conversations and general consensus among wardrivers. They include things such as not connecting to networks, avoiding trespassing for the sake of creating complete maps, not using the personal data for gain and adopting “the hiker motto of ‘take only pictures, leave only footprints’.”[4] The code of ethics has been promoted and discussed online and at worldwide wardrive events.[5]

References

  1. Duntemann, Jeff. "Jeff Duntemann's Wardriving FAQ." Wardrive.net. Last accessed March 24, 2007 from <http://www.wardrive.net/wardriving/faq>
  2. Berghel, Hal. "Wireless Infidelity I: War Driving." Communications of the ACM, Vol. 27, no. 9, pp. 21-26.
  3. Dornan, Andy. "Roadblocks for War Drivers: Stop Wi-Fi from Making Private Networks Public." Network Magazine, Vol. 17, no. 12, pp. 30-34.
  4. Haines, Brad. "Stumbler Code of Ethics v0.2" Renderlab. Last accessed March 24, 2007 from <http://www.renderlab.net/projects/wardrive/ethics.html>
  5. Ryan, Patrick. "War, Peace or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics." Virginia Journal of Law & Technology, Vol. 9, no. 7.

See also

Wireless Router Technology
802.11 Wireless Security
WiFi Security

External links

Created by Don Vo on March 24, 2007.