Last week as I was working from my home office, I observed a large black Chevy SUV being driven by a 30-something male with a full beard holding a high-gain antenna out of his window driving around our neighborhood. This is a classic example of Wardriving.
What is Wardriving?
Wardriving is the practice of physically searching for unsecured wireless networks or networks that can easily be compromised. It is also known as access point mapping as the goal is to identify potential access points from which to connect to WiFi networks.
When wardriving, people may search for WiFi networks by driving around in a moving vehicle, often using a GPS device to record any wireless networks they find. They then upload this data to specific websites that process the information to create digital maps of the neighborhood networks. This isn’t necessarily a malicious act, nor is it illegal. There was some controversy when Google admitted to having gathering WiFi data while taking video footage and geolocation information to build out its Street View application. Still, the action itself wasn’t ruled to have been an illegal violation of privacy.
The main thing to note is that you need to protect it with strong passwords and network encryption if you provide a WiFi network (even your private home network for personal use only). Otherwise, anyone driving around in your around your neighborhood could hop onto your network and commit all manner of internet atrocities using a connection that’s registered to you. And if their nefarious activities get tracked, law enforcement might come knocking on your door, even though you were innocent of the computer crime.
Tools for Wardriving
To perform WiFi driving successfully, you need to use some specialized software or hardware. There are no hard and fast rules regarding what type of devices or software are used by your friendly neighborhood wardrivers. Let’s take a look at some of the tools that are used in Wardriving.
Several hardware components are required to practice wardriving.
- A mobile device – You need a mobile computing platform to conduct wardriving activities. This includes laptops, tablets, smartphones, and other devices such as the Raspberry Pi. These perform overall management of the process and are used to subvert encryption.
- Wireless network card and antenna – These are a critical part of the wardriving setup. The wardriver may use the card and antenna built into their mobile device or opt for additional hardware to increase their scanning power. This component provides the ability to monitor the discovered networks remotely.
- GPS – The GPS system is used to determine the exact location of the WiFi routers that have been located. Many of the mobile devices used for Wardriving have built-in GPS capabilities.
What can you do to protect yourself from Wardriving?
The overriding factor that makes a WiFi network attractive to a wardriving party is the lack of adequate security. A securely protected network will be impervious to these types of attacks or at least make it so difficult to access that the attackers will find another, more easily compromised target.
- Always use the highest level of encryption technology available on all devices.
- Always keep these wireless devices updated with the most current hardware and software patches.
- Always change the manufacturer’s default passwords to something stronger to break—ideally, more than ten characters with a combination of numbers, symbols, upper-case and lower-case letters.
- Always use multi-factor (2-factor) authentication where possible.
- 5Install smart technologies on a separate network that you use for your in-home computing.
These methods of protecting your network from wardrivers are also the best practices for securing your network from unauthorized access. Networks that are not encrypted are a prime target for hackers. Secure your systems and your network by always ensuring that the highest encryption level available on your router and devices is used.
As with all cybersecurity issues, the best defense is a good offense. Lazarus Alliance recommends that organizations take a proactive approach to Wardriving attacks.
Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.