What is wardriving?

In cybersecurity, wardriving refers to the practice of searching for publicly accessible Wi-Fi networks, typically done from a vehicle in motion using a laptop or smartphone. The necessary software for wardriving can be easily found online.

The concept of wardriving originates from the 1983 film WarGames, where the character portrayed by Matthew Broderick participates in an activity known as war dialing, which entails using a computer to dial numerous phone numbers to locate a functioning modem. Wardriving is considered a progression of this technique.

What is wardriving?

Your smartphone occasionally notifies you of available wireless networks and prompts you to connect. This is because when your smartphone’s wireless feature is activated, it continually scans for Wi-Fi signals, detecting when you pass within range of an accessible network. Essentially, this is the essence of wardriving.

Wardrivers utilize both hardware and software to locate Wi-Fi signals within a specific vicinity. Often, their aim is to pinpoint vulnerable Wi-Fi networks for potential exploitation. Operating from moving vehicles (the ‘driving’ component of wardriving), they seek out susceptible networks to potentially exploit in future attacks (the ‘war’ aspect of wardriving). Upon discovery, wardrivers may document this information on third-party platforms to generate digital maps.

The motivations behind wardriving can be either malicious or benign. Malicious intentions may involve seeking unsecured Wi-Fi to steal personal or financial data or exploiting unsecured networks for criminal activities, thereby holding the network owner liable. Conversely, benign motivations might involve ethical hackers identifying network security weaknesses to enhance overall security.

Wardriving encompasses various modes of transportation, such as warbiking, warcycling, warwalking, warjogging, warrailing, wartraining, and warkitting. It is also known as wireless network mapping or access point mapping.

Although wardriving has existed since the early internet era, where individuals roamed to identify unprotected Wi-Fi access points, its popularity has dwindled in recent years due to advancements in wireless network security, transitioning from WEP to WPA, WPA2, and WPA3 encryption protocols.

The concept of wardriving draws inspiration from the 1983 film WarGames, although the term itself was coined by computer security researcher Pete Shipley. In 2000, Shipley developed scripts to interface with GPS devices, automating the wardriving process. These scripts enabled him to plot Wi-Fi access points on maps using coordinate information from the GPS, eliminating the need to manually record locations while driving to locate unsecured wireless access points. Shipley’s findings revealed that only 15% of surveyed Wi-Fi networks were protected by encryption at that time.

How does wardriving work?

Wardrivers employ a combination of software and hardware to accomplish their objectives. This typically involves:

1. Mobile device – such as a smartphone, laptop, or tablet.
2. Wireless network card and wardriving antenna – some wardrivers utilize their phone’s integrated antenna, while others employ a separate wireless network card or antenna to enhance scanning capabilities.
3. Wardriving software – enabling wardrivers to bypass network security measures. Popular options include KisMAC, Aircrack, Cain & Abel, CoWPAtty, iStumbler, InSSIDer, and WiFiphisher.
4. GPS, sourced from either a smartphone or a standalone device – essential for accurately determining the location of vulnerable networks.

While some wardrivers aim to identify all vulnerable wireless networks in a given area, others may focus on discovering a single susceptible network. Wardriving data can be shared on specific websites or applications, which utilize it to construct digital maps of networks within neighborhoods.

In the event of hackers exploiting your network through a wardriving attack, they could potentially engage in malicious activities such as installing malware on your home computer and other connected devices. Additionally, they might perpetrate online fraud, such as identity theft, utilizing the private information obtained from your computer and other network-connected devices.

Is wardriving illegal?

Simply put, there are no specific laws prohibiting the gathering or compilation of data from wireless networks or the creation of computer-generated maps. However, engaging in wardriving can cross into illegal territory if it involves exploiting insecure networks to access private information.

The ethical considerations surrounding wardriving are not always clear-cut. While the data collected through wardriving can be shared on various platforms or websites to create digital maps of specific network areas, this practice is akin to mapping street addresses for mailbox labels. Consequently, interested parties may legally utilize this information for various purposes. Nevertheless, due to the potential for malicious actors to misuse such data, this remains a contentious area with regard to privacy.

An often-cited example illustrating the ethical ambiguity of wardriving is Google’s Street View project, which entails vehicles recording footage for online, interactive panoramas. Google initially employed this technology for wardriving, utilizing equipment to identify local-area networks (LANs), wireless hotspots, and home Wi-Fi networks. However, following privacy concerns in certain regions, Google transitioned to using Android-based mobile devices for data collection.

How to prevent wardriving attacks on your network

To mitigate the risk of a wardriving attack, consider implementing the following network security measures:

• Deactivate Wi-Fi when not in use: Turn off your Wi-Fi router when it’s not actively being used, particularly when there’s no one at home. This precautionary step prevents unauthorized access to your network by hackers.
• Modify router default password: Replace the default factory password assigned by router manufacturers with a unique username and password combination. Default credentials are often known to hackers, making it crucial to establish personalized login details.
• Use multi-factor authentication: Enhance security by implementing multi-factor authentication, requiring additional verification steps beyond a password. For instance, combine password authentication with a code sent to your mobile device for added protection against unauthorized access.
• Use encryption: Opt for the highest level of network security protocol available, such as Wi-Fi Protected Access 2 (WPA2) or WPA3 encryption. Restrict router access solely to password authentication to fortify network defenses against intrusions.
• Establish a guest network: Create a separate Wi-Fi network specifically for visitors and internet-connected devices with lower security standards. This segregation limits access to your primary network, safeguarding sensitive data.
• Install a firewall: Bolster network security with a firewall, which monitors access requests and blocks unauthorized activity from external sources. Integrating a firewall adds an extra protective layer to your Wi-Fi setup.
• Disable SSID broadcast: Prevent your network’s Service Set Identifier (SSID) from being broadcasted by default, minimizing the visibility of your network to potential hackers. While advanced software can still detect the network, disabling SSID broadcast adds an additional barrier against unauthorized access.
• Maintain device updates: Regularly update both hardware and software to incorporate the latest security patches, addressing potential vulnerabilities within your network. Access firmware updates through the router’s admin panel to ensure optimal protection.

While wardriving poses a legitimate security concern, implementing prudent security measures can effectively safeguard your home wireless network and data. Consider utilizing comprehensive antivirus solutions for continuous protection of your devices and data integrity.

FAQ’s

What is wardriving?

Wardriving involves the practice of searching for publicly accessible Wi-Fi networks, typically done from a moving vehicle using a laptop or smartphone. It originated from the 1983 film WarGames and has evolved as a method of identifying vulnerable networks for potential exploitation.

How does wardriving work?

Wardrivers utilize a combination of hardware and software, including mobile devices, wireless network cards, wardriving software, and GPS. They scan for Wi-Fi signals while in motion, aiming to locate vulnerable networks. This data can be shared to create digital maps of network areas.

Is wardriving illegal?

While there are no specific laws prohibiting data gathering or map creation from wireless networks, wardriving can be illegal if it involves exploiting insecure networks for accessing private information. However, the ethical implications are subjective and can vary based on the intent and usage of the collected data.

Why is wardriving less popular nowadays?

Wardriving’s popularity has decreased due to advancements in wireless network security, such as the transition from WEP to WPA, WPA2, and WPA3 encryption protocols. Additionally, the widespread adoption of security measures and awareness among users have made it more challenging for wardrivers to exploit vulnerable networks.

What are the ethical considerations of wardriving?

Ethical considerations surrounding wardriving are complex. While collecting data for mapping purposes may seem benign, there’s potential for misuse by malicious actors. The legality and ethicality of wardriving depend on factors such as intent, data usage, and adherence to privacy laws and regulations.

How can I ensure the security of my home wireless network?

Implementing comprehensive security measures, such as deactivating Wi-Fi when not in use, using strong passwords, enabling multi-factor authentication, encrypting network traffic, and keeping devices updated, can help safeguard your home wireless network against wardriving attacks and other security threats.

Conclusion

Wardriving, born from the WarGames movie, has transformed into a method for identifying Wi-Fi vulnerabilities. While not inherently illegal, it raises ethical concerns. Despite its declining popularity due to improved network security, vigilance remains crucial. Implementing robust security measures, such as deactivating Wi-Fi when not in use and using encryption, is vital to safeguarding against wardriving attacks. With proactive steps, individuals can protect their digital assets and uphold network integrity in today’s interconnected world.