Wardriving threatens vulnerable home networks [Security Tips]

Wardriving means physically cruising around an area or city to find Wi-Fi networks. People involved in war driving typically operate from a moving vehicle and use smartphones or laptops to locate vulnerable hotspots. 

The goal behind this activity differs, and individuals might pursue it for relatively benign reasons. For example, people could conduct it for research purposes, or specific projects could map out accessible Wi-Fi networks for tourists. However, wardriving can be malign, with individuals attempting to locate vulnerable Wi-Fi networks.

Wardriving explained

Wardriving refers to the act of moving around in a vehicle and using special equipment to locate Wi-Fi networks. In its basic form, individuals could solely rely on smartphones or laptops. However, they could also draw on unique technical setups tailored for these activities.

For instance, they could employ wireless network cards or antennas to boost scanning capabilities. A GPS device also plays a role here, helping individuals or institutions map out the detected wireless access points.

Special wardriving software like WiGLE or NetStumbler processes data to map out all the detected networks. Wardriving applications continuously scan the nearby area for available networks. Then, they log information about them: location, encryption used, MAC address, and SSID.

While wardriving implies that the individuals use a car to navigate, driving is not the only option. Other variations exist, and all depend on the mode of transport chosen. For instance, warbiking and warcycling refer to the same activity, but people involved move on bicycles or motorcycles. Warwalking is also kindred, but it means that perpetrators roam around on foot.

There could be many more forms: it just depends on how individuals prefer to navigate. For convenience and quick mobility, many might choose cars.

Is wardriving illegal or just suspicious?

Driving around a neighborhood or city with hacking-like gear might sound like an illegal activity. However, there are no laws that would specifically address and forbid wardriving. Thus, you could enter your vehicle and drive around to generate digital maps of unsecured Wi-Fi networks.

The illegal behavior commences if individuals act upon their findings. In many countries, laws prohibit the unauthorized access of networks. Thus, if the maps consisting of potentially vulnerable networks become target lists, the following actions turn illegal.

Is wardriving still active?

The news on wardriving might be scarce for the most part. Hackers might no longer see it as effective both in terms of time and cost. It has a lot to do with the way wireless networks work and how encryption has evolved.

As WPA and WPA2 replaced WEP, home networks became much more secure. Cracking down networks protected with, let’s say, WPA2 takes much more skill and might not seem as worthwhile. Nevertheless, specialists using wardriving techniques for educational purposes can adapt their skillset.

If you wonder how WEP, WPA, and WPA2 relate to Wi-Fi security, let us briefly elaborate. We judge the reliability of networks based on the security protocols they apply.

You already know the trio, but WPA3 is one of the more recent additions. WPA3 represents the latest generation in mainstream security for wireless networks. It tackles the shortcomings of WPA2 and could mitigate wardriving even more effectively. To use WPA3, you need routers and devices supporting it.

Yet, war driving can be successful

Thus, wardriving might seem like a thing of the past. However, security specialists still use it to research Wi-Fi security. Data accumulated in such a manner is valuable and helps detect common mistakes and drawbacks. It also helps understand how free Wi-Fi networks protect their users (or don’t).

In most cases, the results disappoint, as such networks tend not to use any security protocols. It means that activities carried out while connected to them are not secure. They are easier to monitor, and malicious perpetrators could modify data. For instance, vicious individuals could redirect you to fake pages or steal the data you exchange.

A recent experiment revealed that war driving can still be successful at capturing network passwords. A CyberArk researcher collected 5,000 Wi-Fi network hashes simply by driving around Tel Aviv. 

He used a commercially available Wi-Fi sniffing tool, meaning anyone can go on a similar wardriving stroll around neighbourhoods. After a thorough password-cracking session, he managed to crack 3,500 passwords, 70% of all hashes harvested.

How to protect yourself from wardriving?

• Hide your network. You can conceal your network by hiding its SSID. It means that information about it won’t appear in the list of networks detected nearby. While this technique might work against less tech-savvy perpetrators, it is not a sure thing. Individuals could still discover your network in other ways. Thus, it is not an option you should choose in the long run.
• Use WPA2 or WPA3. Protecting your network with the latest security protocols is the best option. Enable the advanced encryption available within your router. Furthermore, never leave your network open: it should always require a password to access.
• Change default network credentials. You should not keep the password that the manufacturers had initially set up. Always try to come up with strong passwords: they should be lengthy, contain letters, numbers, and special symbols.
• Turn off the router when not in use. When leaving for a holiday, you should disable your router. As a result, people performing wardriving won’t see it nor collect information about it.
• Use a wired connection. To escape the common pitfalls of Wi-Fi, you can opt for a wired connection whenever possible. You will need a separate cable to connect each device to the network. While it is beneficial both in security and speed, it might not be an option that everyone can use.
• Update everything. The rule is that you should patch your devices and apps as soon as new updates get released. Your router, for instance, is also a tool that requires updates. You can update the firmware via the router’s admin panel (access it by typing the router’s IP address into your browser).
• Firewall for access control. A firewall will help you prevent unauthorized access to your network. You can enable it via the router’s configuration page.