Years ago, with unsecured WiFi connections being used to send emails before terrorist attacks, the Mumbai Police launched a wardriving campaign to sensitize users about the dangers posed by poorly secured networks. Recently, Google has been in the news for wardriving, accused of using its Street View cars to collect the service set identifier (SSID) and media access control (MAC) addresses of WiFi networks. Google is currently facing a spate of class action suits across the world.
What is wardriving?
Wardriving refers to driving around a selected location searching for wireless local area networks (WLAN). The implications are huge, since through wardriving, details about open and secure networks can be made public. Ironically, wardriving was invented by Peter Shipley as a proof-of-concept exercise, and was first reported in 2000 in Berkeley California. It is now being done by hackers and analysts around the world for various purposes.
Information technology (IT) companies undertake wardrives for market research. Academic institutions undertake wardrives for research into technology penetration, WiFi security, and other purposes. Law enforcement agencies use wardriving to identify WiFi networks with weak or open security implementations.
What’s legal, whats not?
Wardriving is not illegal. However, it cannot be done without prior permission from law enforcement agencies. In India, written permission has to be taken from the local Police Department’s Cyber Cell. Usually, wardriving cannot be done without law enforcement agencies being involved (or present) during the drive. Data captured during a wardrive may not be analyzed and/or used for private purposes, and a report on captured raw data has to be submitted to the Cyber Cell.
Anonymous usage of open WiFi networks is a big concern for the government and police. A blackhat hacker might use a publicly available network to send a mail or for other malicious activities. In case of a breach where the source is traced back to an unsecured network, the owner may be held responsible.
Wardriving should not be confused with piggybacking. Connecting to the network and using its services without explicit authorization from the owner is referred to as piggybacking. Wardriving is restricted to collecting information about the wireless access points (WAPs), without using network services.
Executing a wardrive
The following points ought to be considered, before undertaking a wardrive:
- Location: A location must be selected to carry out the wardrive.
- Permission: Approval from the concerned legal authority (Cyber Cell) must be sought.
- Equipment: Wardriving does not require special equipment. The basic wardriving toolset comprises:
a) A Laptop - While most people undertaking wardrives prefer laptops, some opt for PDAs based on PocketPC OS or Linux.
b) A ‘Stumbler’ utility - By far, the best known is Marius Milner's Network Stumbler for Windows, which most people call NetStumbler. Major operating systems have stumbler programs, including Kismet for Linux; and for the Mac OS – iStumbler as well as Kismac (which also has features for WiFi hacking). Marius has a ported NetStumbler version for PocketPC, called MiniStumbler. Barbelo is a tool for Symbian OS phones.
c) A Wi-Fi client adapter – The adapter should be supported by your chosen stumbler utility. The most widely supported client adapters include Artheros, Broadcom, and Linksys.
d) External antenna for client adapter - Ideally, this is omnidirectional and vertical, mounted on the vehicle roof — resembling cell phone antennas. You can undertake a wardrive with nothing more than a PC card's built-in antenna, but these are handicapped due to shielding of signals by the vehicle's metal structure. Alpha WiFi adapters usually come with an external antenna.
e) A Global positioning system (GPS) receiver - Although optional, a GPS receiver allows the stumbler program to record the location of stumbled stations. The stumbled data is less useful without GPS information. GPS data capture using the stumbler can be uploaded to WIGLE.net, which is an online database where users across the world upload data and publish locations of WiFi nodes captured during their wardrives.
Where is wardriving done?
Wardriving is regularly undertaken in Pune by the ClubHack team. Findings indicate that 50% of WiFi networks in Pune are open, while 31% of the people use weak WEP (wired equivalent privacy) encryption. Only 19% of WiFi users use the more robust WPA encryption.
About the expert: Antriksh Shah is a security analyst and consultant from Goa. He is a member of null, the open security community and a resource person on HoneyPot for the Computer Society of India. He has worked with the Pune Police Cyber Cell.
(As told to Varun Haran)