Wardriving

Jakub Siemaszko

Etymology

• "Wardriving originated from wardialing, a method popularized by a character played by Matthew Broderick in the film WarGames, and named after that film. "

• "The term originates from a phone hacking technique used in the 1980s - war dialing."

• "War dialing consists of dialing every phone number in a specific sequence in search of modems. Wardialing in this context refers to the practice of using a computer to dial many phone numbers to try to find an active modem."

So, what is wardiving?

• "Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA)."

Software

• Software for wardriving is freely available on the Internet. • NetStumbler, InSSIDer or Ekahau Heat Mapper for Windows. • Kismet or SWScanner for Linux, FreeBSD, NetBSD, OpenBSD, DragonFly

BSD, and Solaris. • KisMac for Macintosh. • "There are also homebrew wardriving applications for handheld game

consoles that support Wi-fi, such as sniff_jazzbox/wardive for the Nintendo DS/Android, Road Dog for the Sony PSP, WiFi-Where for the iPhone, G-MoN, Wardrive, and Wigle Wifi for Android, and WlanPollution[2] for Symbian NokiaS60 devices."

• "There also exists a mode within Metal Gear Solid: Portable Ops for the Sony PSP (wherein the player is able to find new comrades by searching for wireless access points) which can be used to wardrive."

• "Treasure World for the DS is a commercial game in which gameplay wholly revolves around wardriving."

Mapping

• "Wardrivers use a Wifi-equipped device together with a GPS device to record the location of wireless networks."

• The results can then be uploaded to websites like WiGLE, openBmap or Geomena where the data is processed to form maps of the network neighborhood."

• There are also clients available for smartphones running iOS or Android that can upload data directly."

[1]

[2]

Seattle mapping

• "In December 2004, a class of 100 undergraduates worked to map the city of Seattle, Washington over several weeks."

• "They found 5,225 access points; 44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. "

• They noticed trends in the frequency and security of the networks depending on location. Many of the open networks were clearly intended to be used by the general public, with network names like "Open to share, no porn please" or "Free access, be nice."

• "The information was collected into high-resolution maps, which were published online."

[3]

[4]

Hardware - antennas

• "Wireless access point receivers can be modified to extend their ability for picking up and connecting to wireless access points."

• "This can be done with an ordinary metal wire, and a metal dish that is used to form a directional antenna."

• "Other similar devices can be modified in this way too, likewise, not only directional antennas can be created, but USB-WiFi-stick antennas can be used as well."

Cantenna

• "A cantenna is a directional waveguide antenna for long-range Wi-Fi used to increase the range of (or discover) a wireless network, made out of an open-ended metal can. The cylinder portion of the can may consist of metal-coated paperboard."

• Typical gain for a cantenna in Wi-Fi band is about 10 dB.

[5]

[6]

WokFi

• This name is derived from blending the words Wok + Wi-Fi, and is a slang term for a style of homemade Wi-Fi antenna consisting of a crude parabolic antenna made with a low-cost Asian kitchen wok or similar household metallic dish.

• "The dish forms a directional antenna which is pointed at the wireless access point antenna, allowing reception of the wireless signal at greater distances than standard omnidirectional Wi-Fi antennas."

• WokFi gains are usually 12–15 dB

[7]

Legal issues

• "Some portray wardriving as a questionable practice (typically from its association with piggybacking), though, from a technical viewpoint, everything is working as designed: many access points broadcast identifying data accessible to anyone with a suitable receiver.

• "It could be compared to making a map of a neighborhood's house numbers and mail box labels."

• "There are no laws that specifically prohibit or allow wardriving, though many localities have laws forbidding unauthorized access of computer networks and protecting personal privacy."

• "Google created a privacy storm in some countries after it eventually admitted systematically but surreptitiously gathering WiFi data while capturing video footage and mapping data for its Street View service. It has since been using Android-based mobile devices to gather this data."

Confusion with piggybacking

• "Wardrivers are only out to log and collect information about the wireless access points (WAPs) they find while driving, without using the networks' services."

• "Connecting to the network and using its services without explicit authorization is referred to as piggybacking."

Other forms similar to wardriving

• "Warbiking is similar to wardriving, but is done from a moving bicycle or motorcycle."

• "Warwalking, or warjogging, is similar to wardriving, but is done on foot rather than from a moving vehicle."

• "Warrailing, or Wartraining, is similar to wardriving, but is done on a train/tram/other rail-based vehicle rather than from a slower more controllable vehicle."

• "Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows them to control all traffic for the victim, and could even permit them to disable SSL by replacing HTML content as it is being downloaded."

References

• http://en.wikipedia.org/wiki/Wardriving • http://en.wikipedia.org/wiki/Cantenna • http://en.wikipedia.org/wiki/WokFi • [1] - http://wigle.net/images/rigled-images/world.png • [2] - http://wigle.net/images/JiGLE-newyork.png • [3] - http://en.wikipedia.org/wiki/File:Seattle_Wi-Fi_map_UW-300-

letter-3.png • [4] -

http://www.cs.wright.edu/~pmateti/InternetSecurity/Lectures/WirelessHacks/Mateti-WirelessHacks_files/image005.jpg

• [5] - http://en.wikipedia.org/wiki/File:Coke-cantenna-SV1ML-0a.jpg • [6] - http://en.wikipedia.org/wiki/File:Cantenna.JPG • [7] - http://en.wikipedia.org/wiki/File:WokFi-sample2.jpg

Questions?