Wardriving

From Wikipedia, the free encyclopedia

Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a Wi-Fi-equipped computer, such as a laptop or a PDA, to detect the networks. It was also known (as of 2002) as "WiLDing" (Wireless Lan Driving, although this term never gained any popularity and is no longer used), originating in the San Francisco Bay Area with the Bay Area Wireless Users Group (BAWUG). It is similar to using a scanner for radio.

Many wardrivers use GPS devices to measure the location of the network find and log it on a website (the most popular is WiGLE). For better range, antennas are built or bought, and vary from omnidirectional to highly directional. Software for wardriving is freely available on the Internet, notably, NetStumbler for Windows, Kismet for Linux, and KisMac for Macintosh.

Wardriving was named after wardialing (popularized in the Matthew Broderick movie WarGames) because it also involves searching for computer systems with software that would use a phone modem to dial numbers sequentially and see which ones were connected to a fax machine or computer, or similar device. (Audio commentary on the WarGames DVD says that wardialing was named after the movie and the software did not openly exist before the movie.)

Contents 1 Confusion with piggybacking 2 Similar acts 2.1 Warwalking 2.2 Warbiking 3 Legality 3.1 United States 3.2 Australia 3.3 United Kingdom 3.3.1 Wireless Telegraphy Act 4 Ethical considerations 5 Antennae 6 Court cases 7 Wireless network security 8 See also 8.1 Software 8.2 Concepts 9 External links 9.1 Software (in addition to software listed above) 9.2 Maps and databases 9.3 Discussions and project sites 9.4 Articles

[edit] Confusion with piggybacking

Wardrivers are only out to log and collect information from the wireless access points (WAPs) they find while driving. Some people consider piggybacking (connecting to a network without explicit authorization) to be part of wardriving. For example, when quoting another article, an Engadget article rewrote the original headline from EETimes to refer to a "Wardriver" rather than a "WiFi user". But wardriving software takes control of the wireless radio so it's impractical if not impossible to both wardrive and piggyback simultaneously.

[edit] Similar acts

[edit] Warwalking

Warwalking is similar in nature to wardriving, except that it is done on foot rather than conducted from a moving vehicle. The disadvantages of this approach consist in slower speed of travel (resulting in fewer and more infrequently discovered networks) and the absence of a convenient computing environment. Consequently, handheld devices such as Pocket PCs, for which tasks can be conducted while walking or standing, have predominated in this area. The inclusion of integrated wifi (rather than wifi via CF or PCMCIA add-in card) in Dell Axim, Compaq IPAQ and Toshiba Pocket PCs beginning in 2002, and, more recently, an active Nintendo DS and Sony PSP enthusiast community possessing wifi capabilities on these devices has expanded the extent of this practice.

[edit] Warbiking

Warbiking is essentially the same as wardriving, but it involves searching for wireless networks while on a moving bicycle or motorcycle. This activity is sometimes facilitated by the mounting of a wifi-capable device on the vehicle itself, so as to facilitate hands-free searching.

[edit] Legality

[edit] United States

The legality of wardriving in the United States is not clearly defined. There has never been any conviction for wardriving, and there is the untested argument that the 802.11 and DHCP protocols operate on behalf of the owner giving consent to use the network, but not if the user has other reason to know that there is no consent.

A New Hampshire bill which would clarify that the duty to secure the wireless network lies with the network owner has not passed yet, due to concerns that it may create a loophole for criminal activity. The specific laws, in any case, vary from state to state. A Florida man was arrested and charged with unauthorized access to a computer network, a third-degree felony in the state of Florida, after wirelessly connecting to and hacking into a computer network. It is important to note here that the crime was piggybacking, not wardriving (see above).

[edit] Australia

It appears that Wardriving in itself is not an offence under Australian Law, but "unauthorised access, modification or impairment" of data held in a computer system is a federal offence under the Cybercrime Act 2001. The act refers specifically to data as opposed to network resources (connection), so it would appear that the mere act of Piggybacking is not an offence, although a clever lawyer might argue that the unauthorized usage of a network causing high internet traffic might be construed as impairment.

Both Wardriving and Piggybacking are yet to be tested in Australian Courts.

[edit] United Kingdom

A wardriver in the United Kingdom might be caught with controversial clause of "use of a computer for a purpose for which one does not have permission". This is a commonly misunderstood concept. Wardrivers advocates argue that they do not use services without authorization and may not even transmit a signal at all if using passive mode software (e.g. Kismet or KisMAC) instead of active mode software (e.g. Netstumbler).

With particular regard to the UK Wireless Telegraphy Act 1949 and 1989 (as amended), [WT Act] how the legislation is applied will depend on the individual circumstances of the offence. There is no specific reference to the practice of "wardriving", however the WT Act does contain general provisions which may be applicable.

[edit] Wireless Telegraphy Act

Anyone who intends to listen to radio transmissions should be aware of the following: A licence is not required for a radio receiver as long as it is not capable of transmission as well (The Wireless Telegraphy Apparatus (Receivers) (Exemption) Regulations 1989 (SI 1989 No 123). Furthermore, Wi-fi devices are a subset (defined under IEEE 802.11 interoperability standards) of the licence exempt RLAN segment of the 2.4 GHz radio frequency band. Under the terms of the exemption, a licence is only required for the operation of commercial wi-fi services such as "hotspots". However, although it is not illegal to sell, buy or own a scanning or other receiver in the UK, it must only be used to listen to transmissions meant for GENERAL RECEPTION. The services that you can listen to include Amateur and Citizens' Band transmissions, licensed broadcast radio and weather and navigation broadcasts. It is an offence to listen to any other radio services unless you are authorised by a designated person to do so. There are two offences under law: Under Section 5(1)(b) of the WT Act 1949 it is an offence if a person "otherwise than under the authority of a designated person, either: (i) uses any wireless telegraphy apparatus with intent to obtain information as to the contents, sender or addressee of any message whether sent by means of wireless telegraphy or not, of which neither the person using the apparatus nor a person on whose behalf he is acting is an intended recipient; This means that it is illegal to listen to anything other than general reception transmissions unless you are either a licensed user of the frequencies in question or have been specifically authorised to do so by a designated person. A designated person means:

• the Secretary of State;
• the Commissioners of Customs and Excise; or
• any other person designated for the purpose by regulations made by the Secretary of State.

or: (ii) except in the course of legal proceedings or for the purpose of any report thereof, discloses any information as to the contents, sender or addressee of any such message, being information which would not have come to his knowledge but for the use of wireless telegraphy apparatus by him or by another person." This means that it is also illegal to tell a third party what you have heard. With certain exceptions, it is an offence under Section 1 of the Regulation of Investigatory Powers Act 2000 for a person - "intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of:

• a public postal service; or
• a public telecommunication system."

It is similarly an offence to intercept any communication in the course of its transmission by means of a private telecommunication system. This means that it is illegal to listen to telephone calls, including mobile phone networks which are designated as forming part of the public telecommunications system.

[edit] Ethical considerations

Wardriving is frequently cited as an example of a questionable activity. However, from a technical viewpoint, everything is working as designed: Access points broadcast identifying data accessible to anyone with a suitable receiver by necessity. The use of listen-only software, such as Kismet, for wardriving can be likened to listening to a radio station that happens to be broadcasting in your area. But again, this may differ in other countries. For example, in the UK it is illegal to listen on some radio frequencies or to some transmissions (such as those used by the police or armed forces).

With other types of software, such as NetStumbler, the wardriver sends probes, and the access point responds per design. Most access points, when using default settings, are intended to provide wireless access to all who request it. Some argue that those who set up access points without adding security measures are offering their connection, sometimes unintentionally, to the community. Others argue that this reasoning is akin to stating that people who leave their doors unlocked are asking people to take what they like. In fact, when people unfamiliar to wardriving see how many open access points there are and how easy it is to find them, they sometimes want to secure their own access points. Some wardrivers go to the extent of informing the access point's administrator about their insecurity and offer steps to correct it. However, it has largely become etiquette to leave access points open for others to use just as someone expects to find open access points while on the road. This free sharing of bandwidth is also the basis of wireless community networks which are often considered the future of the internet.

[edit] Antennae

Main article: Antenna (radio)

Wireless access point receivers can be modified to extend their ability for picking up and connecting to wireless access points. This can be done with an ordinary metal wire, and a metal dish that is used to form a directional antenna. Other similar devices can be modified in this way too, likewise, not only directional antennas can be created, but USB-WiFi-stick antennas can be used as well. Tools such as Wireless Grapher-widget can be used to measure out the antenna.

[edit] Court cases

According to techweb.com an Illinois man was fined for piggybacking on a Wi-Fi System after being warned repeatedly by the owner of the system. David M. Kauchak, 32, pleaded guilty in Winnebago County to remotely accessing someone else's computer system without permission, the Rockford Register Star newspaper reported. A Winnebago County judge fined Kauchak $250 and sentenced him to one year of court supervision. Kauchak has the dubious distinction of being the first person to face the charge in Winnebago County, and prosecutors say they're taking the crime seriously. "We just want to get the word out that it is a crime. We are prosecuting it, and people need to take precautions," Assistant State's Attorney Tom Wartowski told the newspaper. A police officer arrested Kauchak in January after spotting him sitting in a parked car with a computer. A chat with the suspect led to the arrest, Wartowski said.

In Toronto, Canada, a man was arrested with a WiFi-enabled laptop in his car - and his pants down. He was tapping into unprotected wireless networks. Ultimately, however, he was charged not for that, but for the child pornography he was in the process of downloading. In both of the above cases the individual was not charged with 'wardriving' itself, but for a different activity - e.g., possession of child pornography or cracking into a local computer network.

[edit] Wireless network security

More security-conscious network operators may choose from a variety of security measures to limit access to their wireless network, including:

• MAC address authentication in combination with discretionary DHCP server settings allow a user to set up an "allowed MAC address" list. Under this type of security, the access point will only give an IP Address to computers whose MAC address is on the list. Thus, the network administrator would obtain the valid MAC addresses from each of the potential clients in their network. Disadvantages to this method include the additional setup. This method does not protect data from being stolen (there's no encryption involved). Methods to defeat this type of security include MAC address spoofing, detailed on the MAC address page, whereby network traffic is observed, valid MACs are collected, and then used to obtain DHCP leases.
• IP security (IPsec) can be used to encrypt traffic between network nodes, reducing or eliminating the amount of plain text information transmitted over the air. This security method addresses privacy concerns of wireless users, as it becomes much more difficult to observe their wireless activity. Difficulty of setting up IPsec is related to the brand of Access Point being used. Some access points may not offer IPsec at all, while others may require firmware updates before IPsec options are available. Methods to defeat this type of security are computationally intensive to the extent that they are infeasible using readily-available hardware, or they rely on social engineering to obtain information (keys, etc) about the IPsec installation.
• Wired Equivalent Privacy (WEP) can be used on many Access Points without cumbersome setup, but offers little in the way of practical security. It is cryptologically very weak, so an access key can easily be stolen. Its use is often discouraged in favor of other more robust security measures, but many users feel that any security is better than none. In practice, this may simply mean your neighbors' non-WEP networks are more accessible targets. WEP is sometimes known to slow down network traffic in the sense that the WEP implementation causes extra packets to be transmitted across the network. Some claim that "Wired Equivalent Privacy" is a misnomer, but this is untrue in most cases because wired networks are not particularly secure either.
• Wi-Fi Protected Access (WPA) is more secure than WEP but is not yet very widespread. Many Access Points will support WPA after a firmware update.
• VPN options such as tunnel-mode IPSec or OpenVPN can be difficult to set up, but often provide the most flexible, extendable security, and as such are recommended for larger networks with many users.
• Wireless intrusion detection systems can be used to detect the presence of rogue access points which expose a network to security breaches. Such systems are particularly of interest to large organizations with many employees.
• RADIUS can be used on WRT54G router or similar not running the default firmware but firmware such as DD-WRT

[edit] See also

[edit] Software

• NetStumbler
• Kismet
• KisMAC
• iStumbler
• MacStumbler
• APGrapher

[edit] Concepts

• WarXing
• Warchalking
• Hotspot
• Warspying

[edit] External links

[edit] Software (in addition to software listed above)

• BackTrack Live Penetration Testing CD
• MacStumbler Mac OS X Wireless detection utility
• WarDrive ToolBox Shareware tools for WarDriving
• Loki 'Virtual GPS' Web browser toolbar that uses Skyhook Wireless's WPS (WiFi Positioning System) to fix your location
• WiFiFoFum Pocket PC 2003 & Windows mobile 2005 wardriving utility
• Wireshark (formerly Ethereal) Packet sniffing utility to view packets transferred.
• making directional anten and connecting it to AirPort

[edit] Maps and databases

• WiGLE.net (Wireless Geographical Logging Engine) Worldwide database and mapping of wardriving data]
• WiFiMaps.com Another worldwide database of deployed Wi-Fi access points deployed.

[edit] Discussions and project sites

• wardriving.com
• Personalwireless.org Wireless News Site
• Stumbler Code of Ethics (and other projects)
• Wardriving tutorial site
• Austrian Wardriving site
• Wardrive.net Site dedicated to 802.11 Security and Wardriving
• Chronicles of a Wardriver The daily adventures of a hardcore wardriver
• Church of WiFi The various how-tos and guides of the NetStumbler.org WiFi forums participants (below)
• NetStumbler.org WiFi forums Primarily Netstumbler, but other software is also covered; anyone visiting needs to read the Welcome Desk section fully before posting, otherwise banning may occur

[edit] Articles

• Tom's Hardware Guide - Warflying
• niquille.net networking - warboating
• War, Peace or Stalemate Article on the ethics and legality of wardriving
• Three Plead Guilty to Computer Hacking '...believed to be the first conviction in the United States for "wardriving."' - One of the defendants was convicted 'with a single count of unauthorized access to a protected computer', after two companions were charged with attempting to steal credit card numbers by cracking Lowe's wireless network.
• Whacking, Joyriding and War-Driving: Roaming Use of Wi-Fi and the Law Law review article on the legality of wardriving, piggybacking and accidental use of open networks