Jump to content

Wardriving

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Omegatron (talk | contribs) at 05:06, 31 August 2007 (United Kingdom: this section seems like biased original research to me). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA. It is similar to using a radio scanner, or to the ham radio practice of DXing.

Many wardrivers use GPS devices to measure the location of the network and log it on a website to form maps of the network neighborhood. (The most popular is WiGLE.) For better range, antennas are built or bought, and vary from omnidirectional to highly directional. Software for wardriving is freely available on the Internet, notably, NetStumbler for Windows, Kismet or SWScanner for Linux, and KisMac for Macintosh.

Wardriving was named after the term wardialing from the 1983 film WarGames, which involved searching for computer systems with software that dialed numbers sequentially to see which ones were connected to a fax machine or computer.

It was also known as "WiLDing" (Wireless LAN Driving) in the San Francisco Bay Area Wireless Users Group (BAWUG) around 2002, although this term never gained any popularity and is no longer used.

Confusion with piggybacking

Wardrivers are only out to log and collect information about the wireless access points (WAPs) they find while driving, without using the network's services.

Connecting to the network and using its services without explicit authorization is referred to as piggybacking.

The terms have been interchanged in the press, however. For instance, an EETimes article with the headline "WiFi user charged for not buying coffee"[1] refers to a user who "piggybacked off the shop's wireless Internet service for more than three months". When reposted by Engadget, the term "wardriving" was substituted, and the headline changed to "Wardriver arrested for snagging coffee shop signal".[2]

Typical wardriving software actually takes control of the wireless radio, making it impractical, if not impossible, to wardrive and piggyback simultaneously.

Other variants

Warbiking

Warbiking is essentially the same as wardriving, but it involves searching for wireless networks while on a moving bicycle or motorcycle. This activity is sometimes facilitated by the mounting of a wifi-capable device on the vehicle itself, so as to facilitate hands-free searching.

Warwalking

Warwalking is similar in nature to wardriving, except that it is done on foot rather than conducted from a moving vehicle. The disadvantages of this approach consist in slower speed of travel (resulting in fewer and more infrequently discovered networks) and the absence of a convenient computing environment. Consequently, handheld devices such as Pocket PCs, for which tasks can be conducted while walking or standing, have predominated in this area. The inclusion of integrated Wi-Fi (rather than a CF or PCMCIA add-in card) in Dell Axim, Compaq IPAQ and Toshiba Pocket PCs beginning in 2002 — and, more recently, an active Nintendo DS and Sony PSP enthusiast community possessing Wi-Fi capabilities on these devices — has expanded the extent of this practice.

Legality

There have been some arrests in conjunction with wardriving type activities in the US.read here [dubiousdiscuss]

United States

The legality of wardriving in the United States is not clearly defined. There has never been any conviction for wardriving, and there is the untested argument that the 802.11 and DHCP protocols operate on behalf of the owner giving consent to use the network, but not if the user has other reason to know that there is no consent.

A New Hampshire bill which would clarify that the duty to secure the wireless network lies with the network owner has not passed yet, due to concerns that it may create a loophole for criminal activity. The specific laws, in any case, vary from state to state. A Florida man was arrested and charged with unauthorized access to a computer network, a third-degree felony in the state of Florida, after wirelessly connecting to and hacking into a computer network. It is important to note here that the crime was piggybacking, not wardriving (see above).

Australia

It appears that Wardriving in itself is not an offence under Australian Law, but "unauthorised access, modification or impairment" of data held in a computer system is a federal offence under the Cybercrime Act 2001. The act refers specifically to data as opposed to network resources (connection), so it would appear that the mere act of Piggybacking is not an offense, although a clever lawyer might argue that the unauthorized usage of a network causing high internet traffic might be construed as impairment.

In the state of Western Australia it could be construed as "Unlawful operation of a computer system". It could also be theft or fraud if it involves deception.

Both Wardriving and Piggybacking are yet to be tested in Australian Courts.

Canada

Wardriving is an extreme grey area in Canadian law, and is addressed by Section 342.1 of the Criminal Code of Canada. According to Section 342.1, any connection to an insecure access point could result in criminal charges, however, the act of Wardriving itself may not be illegal, as it does not "obtain services" from the mapped access point. (See Section 342.1 of the Criminal Code of Canada)

United Kingdom

Piggybacking is illegal in the United Kingdom ("dishonestly obtaining electronic communications services with intent to avoid payment") through several pieces of legislation, as evidenced by arrests, cautions,[3] and one conviction.[4]

No case law has been made regarding the legality of wardriving (where this is understood to mean merely detecting the presence of networks), and no Act of Parliament has specifically legislated against it. A broad interpretation of the Computer Misuse Act 1990 could be applied, as section 1 reads:[5]

(1) A person is guilty of an offence if—

(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.

However, wardriving advocates argue that they are not using services without authorization and may not even transmit a signal at all if using passive mode software (e.g. Kismet or KisMAC) instead of active mode software (e.g. Netstumbler).

Ethical considerations

Some portray wardriving as a questionable activity, though, from a technical viewpoint, everything is working as designed: Access points must broadcast identifying data accessible to anyone with a suitable receiver. The use of listen-only software, such as Kismet, for wardriving can be likened to listening to a radio station that happens to be broadcasting in the area. In some countries even this is illegal, though. In the UK, for example, it is illegal to listen on some radio frequencies or to some transmissions (such as those used by the police or armed forces).

With other types of software, such as NetStumbler, the wardriver actively sends probe messages, and the access point responds per design. Most access points, when using default settings, are intended to provide wireless access to all who request it. Some argue that those who set up access points without adding security measures are offering their connection to the community. In fact, when people unfamiliar with wardriving see how many open access points there are and how easy it is to find them, they sometimes want to secure their own access points. Some wardrivers go to the extent of informing the access point's administrator about their insecurity and offer steps to correct it. However, it has also largely become etiquette to leave access points open for others to use, just as someone expects to find open access points while on the road. This free sharing of bandwidth is also the basis of wireless community networks which are often considered the future of the internet.

Antennas

Wireless access point receivers can be modified to extend their ability for picking up and connecting to wireless access points. This can be done with an ordinary metal wire, and a metal dish that is used to form a directional antenna. Other similar devices can be modified in this way too, likewise, not only directional antennas can be created, but USB-WiFi-stick antennas can be used as well. Tools such as Wireless Grapher-widget can be used to measure out the antenna.

Wireless network security

More security-conscious network operators may choose from a variety of security measures to limit access to their wireless network, including:

  • MAC address authentication in combination with discretionary DHCP server settings allow a user to set up an "allowed MAC address" list. Under this type of security, the access point will only give an IP Address to computers whose MAC address is on the list. Thus, the network administrator would obtain the valid MAC addresses from each of the potential clients in their network. Disadvantages to this method include the additional setup. This method does not protect data from being stolen (there's no encryption involved). Methods to defeat this type of security include MAC address spoofing, detailed on the MAC address page, whereby network traffic is observed, valid MACs are collected, and then used to obtain DHCP leases.
  • IP security (IPsec) can be used to encrypt traffic between network nodes, reducing or eliminating the amount of plain text information transmitted over the air. This security method addresses privacy concerns of wireless users, as it becomes much more difficult to observe their wireless activity. Difficulty of setting up IPsec is related to the brand of Access Point being used. Some access points may not offer IPsec at all, while others may require firmware updates before IPsec options are available. Methods to defeat this type of security are computationally intensive to the extent that they are infeasible using readily-available hardware, or they rely on social engineering to obtain information (keys, etc) about the IPsec installation.
  • Wired Equivalent Privacy (WEP) can be used on many Access Points without cumbersome setup, but offers little in the way of practical security. It is cryptologically very weak, so an access key can easily be stolen. Its use is often discouraged in favor of other more robust security measures, but many users feel that any security is better than none. In practice, this may simply mean your neighbors' non-WEP networks are more accessible targets. WEP is sometimes known to slow down network traffic in the sense that the WEP implementation causes extra packets to be transmitted across the network. Some claim that "Wired Equivalent Privacy" is a misnomer, but this is untrue in most cases because wired networks are not particularly secure either.
  • Wi-Fi Protected Access (WPA) is more secure than WEP but is not yet very widespread. Many Access Points will support WPA after a firmware update.
  • VPN options such as tunnel-mode IPSec or OpenVPN can be difficult to set up, but often provide the most flexible, extendable security, and as such are recommended for larger networks with many users.
  • Wireless intrusion detection systems can be used to detect the presence of rogue access points which expose a network to security breaches. Such systems are particularly of interest to large organizations with many employees.
  • RADIUS can be used on WRT54G router or similar not running the default firmware but firmware such as DD-WRT
  • Honeypot (computing) This involoves setting up a computer on a network just to see who comes along and does something on the open access point.

See also

Software

Concepts

References

  1. ^ WiFi user charged for not buying coffee
  2. ^ Wardriver arrested for snagging coffee shop signal
  3. ^ "Two cautioned over wi-fi 'theft'". BBC. 17 April 2007. Retrieved 2007-08-07. {{cite news}}: Check date values in: |date= (help)
  4. ^ Wireless hijacking under scrutiny, BBC News (28 July 2005)
  5. ^ Unauthorised access to computer material - Computer Misuse Act 1990 (c. 18)

See also: