Wardriving shows Wireless Networks still Wide Open

Wednesday, July 21, 2010

Dan Dieterle


 A wardrive was performed at a recent computer security class in Texas. The results… stunning.

Wardriving usually consists of driving around in a vehicle searching for Wi-Fi Wireless networks using Aircrack-NG, Netstumbler, Kismet or another similar program. Information can be gleaned from available Wi-Fi networks including what type of security that they are using.


It is the modern version of wardialing which was very popular in the 80′s and early 90′s where hackers would call blocks of numbers looking for a computer.

According to the graph, 13% of the Wi-Fi networks had no security at all.  And a whopping 45% were using WEP, which has been cracked a long time ago. Only 18% were using WPA2.

So in effect, 58% of the detected networks would have been easy pickings for a hacker. They might as well have hung a big “Welcome!” sign on their network.

San Francisco did not fare much better:


Here, 47% had either no security or easily defeated security. WPA is not 100% safe either, your safest route is the current WPA2.

I was actually shocked at the high percentage of unsecure Wi-Fi systems. With the dangers of Wi-Fi so well-known, it just doesn’t make sense. In fact for a product to even qualify for the Wi-Fi label, it must have WPA2 security. And that has been the standard since 2006!

You would think at this stage of the game, manufacturers would have taken the choice out of consumers hands and make the default security WPA2 out of the box.

Please check your Wi-Fi security settings to be sure that they are not set to “WEP” or worse yet, “None”. Also, if you have a wireless box that only supports WEP, it needs to be replaced with a newer, more secure version.

When hackers scan your network from across the street, you want them to find a “No Admittance” sign!

(Images courtesy of Sam Bowne. Sam has done amazing work in advancing the legitimacy of Ethical Hacking in mainstream academia. Check out his website at http://samsclass.info/)

Cross posted from Cyberarms.

Possibly Related Articles:
Network Access Control
Wireless Network Access Control
Post Rating I Like this!
Jonathan Leigh WPA2 is no safer than WPA1. The difference in the wireless security is in the encryption algorithm it uses. WPA2 TKIP can still be cracked. You must be using WPA2 AES encryption to be safe from wireless attacks today. I just published a paper similar to the paper you describe by the student at the university of Texas. I recently presented my paper at a conference. My paper was written about two years ago now. You can see my slides here: http://www.dantevios.com/2010/07/15/multiconf-information-and-security-privacy-isp-slides/ . As you can see I did my war driving on just medical facilities and have come up with more shocking results than these. In my results about 2/3 of the networks were insecure or could be cracked.
Dan Dieterle Use the power of the Cloud to crack WPA:

Moxie Marlinspike's WPA Cracker offers Cloud Computing power to crack WPA-PSK protected networks.

WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.