Wardriving: A digital census of Wi-Fi networks?

Next story




One of the most interesting events I attended in 2016 was the 12th Ekoparty: “Hold  the Backdoor”, a security conference that we covered on WeLiveSecurity. On day two, there was a new seminar on wardriving, which ended with a walk through some of the main streets of Buenos Aires, during which more than 30 participants surveyed the security of the wireless networks as they passed by.

If the term “wardriving” is not familiar to you, I'll tell you what it relates to: It describes the practice of searching for Wi-Fi networks from a moving vehicle. So what is its purpose? It is mostly to survey the various wireless connections available, correlating them with their geographic location.


In this article, I will show you two ways in which you can try out these techniques and, finally, we will look at the results.



#1 The old-school method

For the first method, we recommend using a laptop, a virtual machine, a GPS, and an external Wi-Fi card. As we can see in the image to the right, both peripherals can be connected to a laptop via a USB port, making them more portable.



The most common tools are Airmon-ng and Kismet, whose instructions for correct use can be found in its official repository. In the next image, you can see how this tool looks in action:



#2 Using a smartphone

Nowadays, there are various apps that are very handy for performing wardriving techniques; one of them is WiGLE. One of its advantages is that, as well as being able to generate your own survey, it provides access to the many other users of its community who share their results, thus giving you a more extensive overview.

This app is free and does not require root permissions in order to run it. If you are interested in using it, as always, we recommend downloading it from official repositories.


One interesting feature is its automatic integration with Google Maps and Street View, which is a very visual way to see network density by the looking at the area you're interested in. As you would imagine, this is the simplest way to perform these techniques.



Knowing how secure networks are

So now we have the results, but how do we interpret them? Behind every Wi-Fi network there is a security level which normally corresponds to security protocols like WEP, WPA, and WPA2. Of course, the less secure ones are those which do not have any kind of protocol, described as open networks.


These days, many public buildings and spaces like airports, malls, and restaurants offer free Wi-Fi, which you can connect to without needing to enter a password. However, this means that communications over them are not encrypted and could easily be spied on and even modified for malicious purposes. For this reason, we do not recommend using this type of network, or at least not for actions that require sensitive information.

As for WEP protocol, it offers limited security levels, which means an attacker could easily find the network password using simple techniques in just a few minutes. This would mean that devices connected to such networks would be exposed. As regards WPA and WPA2 protocols, they are also subject to many attacks, but they require attackers to have more time and skills to be successful.

With this mind, it is interesting to see an overview of wireless networks found at an international level, through the app we talked about earlier:



If we analyze the networks found from January 2015 to January 2017, we can see that the quantity of open networks has reduced by more than 50%, amounting to just over 1% of all the networks surveyed, which on the face of it seems like quite a positive change. However, if we take into account the actual number of networks, the picture looks more alarming, as it amounts to more than 3 million open Wi-Fi networks and almost 28 million with weak encryption like WEP.


The dangers of using or browsing on unsecured networks include loss of privacy, personal identity, and integrity of data or digital communications. While the trend shows that unsecured networks are gradually reducing in number, there are still more than 30 million of them out there, and there must be many more millions of users who are using these networks without any kind of protection.

While other protocols are susceptible to other types of attacks, the conditions required in order to carry them out make them more secure, so it is always advisable to use WPA2 protocol whenever possible.

Wardriving is a relatively old technique, but its results are still very valuable, not only in relation to security, but also as an indicator of how the use of wireless networks is changing. Several years ago, surveys were carried out from airplanes, and today, they are done from unmanned planes or drones.


Image credits: ©Travis Goodspeed/Flickr

About ESET

Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 200 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedInFacebook and Twitter.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution centers in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Singapore, Prague, Košice (Slovakia), Krakow (Poland), Montreal (Canada), Moscow (Russia). ESET Middle East has its regional office in Dubai Internet City and manages an extensive partner network in 11 countries: United Arab Emirates, Saudi Arabia, Kuwait, Qatar, Oman, Bahrain, Yemen, Lebanon, Jordan Egypt and Libya. More information is available via www.eset.com/me