Wardriving: A digital census of Wi-Fi networks?




One of the most interesting events I attended in 2016 was the “Hold the Backdoor” security conference at the 12th Ekoparty (covered on WeLiveSecurity). Day two brought with it a new seminar on wardriving, which culminated in a walk through some of the main streets of Buenos Aires.

Whilst on the walk, more than 30 of the seminar attendees surveyed the security of the wireless networks available.

If the term wardriving is not yet familiar to you, allow me to explain: it’s the act of searching for Wi-Fi networks from a moving vehicle. Its primary objective? To survey the various different wireless connections available, in accordance with their geographic location.

In this article, I’ll be discussing a few ways to try out these techniques, followed by an analysis of the results.

#1 The old school method

1

For this method, we recommend using a laptop, a virtual machine, a GPS, and an external Wi-Fi card. As we can see in the image above, both peripherals can be connected to a laptop via a USB port, making them more portable.

The most common tools are Airmon-ng and Kismet. The instructions for correct use of the latter can be found in this repository. In the image below, you can see how this tool looks when it’s in action:

2

#2 Using a smartphone app

Nowadays, there are various apps that are very handy for performing wardriving techniques; one of which is WiGLE. One of the advantages of this app, as well as allowing you to generate your own survey, is that it provides access to the results of the many other users of its community who choose to share them. This gives you more extensive insight into what’s available.

This app is free and does not require root permissions in order to run it. If you are interested in using it; as always, we recommend downloading it from official repositories.

One particularly interesting, easy-to-use feature is its automatic integration with Google Maps or Street View, which displays the network density of the area you’re interested in, in a very visual way.

3

WiGLE: An interesting, easy-to-use feature is its automatic integration with Google Maps or Street View

Knowing how secure networks are

So now we have the results, but how do we interpret them?

Behind every Wi-Fi network is a level of security which normally corresponds to security protocols like WEP, WPA, and WPA2. Of course, the least secure ones are those without any kind of protocol, which are known as open networks.

These days, many public buildings and spaces like airports, malls, and restaurants offer free Wi-Fi, which you can connect to without needing to enter a password. However, this means that any activity you carry out is not encrypted and could easily be watched or even maliciously modified. For this reason, we do not recommend using this type of network, or at least not for any activity containing sensitive information.

“FREE WI-FI FROM PUBLIC SPACES MEANS THAT ANY ACTIVITY IS NOT ENCRYPTED AND COULD EASILY BE WATCHED OR EVEN MALICIOUSLY MODIFIED.”

As for WEP protocol, its levels of security are low, meaning an attacker could figure out the network password in just a few minutes, without going to too much trouble – meaning that devices connected to this network would be exposed.

WPA and WPA2 protocols also often fall victim to attacks, but generally only to attackers with more time and skills at their disposal.

In light of the above, an examination of the state of the various wireless networks located internationally proves interesting, using the app mentioned earlier:

4

If we analyze the networks found between January 2015 and January 2017, we can see that the total number of open networks has decreased by more than 50%. This amounts to just 1% of all networks surveyed; which, at first, seems like quite a positive change.

However, on closer inspection, if we take into account the actual number of open networks, the results are in fact quite alarming. There are more than three million open Wi-Fi networks  and almost 28 million with weak encryption like WEP.

Conclusion

The risks of using or browsing on unsecured networks include loss of privacy, personal identity, and integrity of data or digital communications. While the trend shows that unsecured networks are gradually decreasing in number, there are still more than 30 million of them around, and presumably there are many more millions of users who are using these networks without any kind of protection.

“THERE ARE MORE THAN 3 MILLION OPEN WI-FI NETWORKS – NEARLY 28 MILLION WITH WEAK ENCRYPTION LIKE WEP.”

While other protocols are susceptible to other types of attacks, the conditions in which they are required to operate make them more secure, so it is always advisable to use WPA2 protocol whenever possible.

Wardriving is a relatively old technique, but its results continue to be very valuable – not only in terms of security, but also as an indicator of how the use of wireless networks is changing. Interestingly, several years ago, surveys were carried out from airplanes, but today they are done from unmanned planes or drones.

(The post was first published on February 2, 2017 in WeLiveSecurity, a blog by ESET security team. Lucas Paus is a Security Researcher for Latin America at ESET).




Be the first to comment

Leave a Reply