Tracking Down Insecure WLANs

A group of security professionals and enthusiasts this week will kick off the second WorldWide WarDrive.

Looking for something to do this weekend? Well, if you have a laptop and a wireless card, you can join dozens of other technophiles with time on their hands in searching out insecure WLANs.

A group of security professionals and enthusiasts later this week will kick off the second WorldWide WarDrive, a week-long coordinated effort to identify wireless LANs and assess their security levels. The first event, held in late Aug. through early Sept., drew participants from 10 states and six countries.

The second wardrive starts Oct. 26 and runs through Nov. 2.

War driving is the practice of canvassing a given neighborhood or city in search of WLANs. Practitioners typically cruise an area, armed with a notebook PC or handheld with a WLAN card and a software program, such as NetStumbler or Kismet, that listens for signals sent out by WLAN access points.

From the information broadcast by the AP, war drivers can tell if the device has WEP (wired equivalent privacy) encryption enabled and other vital information, such as the networks SSID (service set identifier).

There is nothing illegal about simply identifying such networks but connecting to them and using bandwidth and network resources for free is a crime. Which is why the organizers of the WWWD are careful to point out that they do not connect to any of the networks they find. In fact, the groups Web page lists instructions on how to avoid connecting to a network inadvertently.

Those behind the event say they are doing it in the hopes of raising awareness about the problem of WLAN security.

"We do not make an attempt to contact the operators of the network in question. This is because there is a general lack of understanding about what wardriving is," said WWWDs organizer, who goes by the handle Roamer. "Because of this lack of understanding, pointing out insecurity on a specific access point often leads to skepticism and distrust on the part of the owner. By providing general information about the vulnerabilities without getting into specific access points, our goal is to generate awareness that the factory settings are generally set up for ease of use and not secure use. By posting methods to secure the access points, the owner can then make an informed decision as to their current security posture and what, if any, steps need to be taken to reduce risk of attack."

Roamer said he expects about 200 people in eight countries to participate in the wardrive.

The first WWWD event produced an interesting set of statistics. For example, of the more than 9,300 WLANs the group found, just 30 percent had WEP enabled. And 26 percent were using the default SSID and did not have WEP enabled.

The effort grew out of a war driving contest held in conjunction with the DefCon hacker convention last summer. And while its level of organization may be somewhat unique, the WWWD is just the tip of the iceberg. There are dozens of Web sites that offer war driving tips, sniffing software and forums where hobbyists can trade techniques and stories.

Related Stories:

  • Sniffing Out Rogue Wireless Lans
  • More Security Coverage
  • More Wireless Coverage