Mapping the Lack of Wireless Security

It’s a sobering statistic: 70% of the access points out there are running without using any encryption. Worse, 27% are doing so while using the default network name, or password, that came with the hardware, leaving it wide open to use by anyone in range with a Wi-Fi client.

These numbers don’t come from a major research analysis company, however. They’re the results found in the first WorldWide WarDrive (WWWD), a loosely organized event that took place between August 31 to September 7, 2002.

During that week, around 200 Wi-Fi-using enthusiasts and security professionals took to the roads of major cities in the United States and Europe to statistically log and map as many access points as possible. The goal: to make sure the public and the IT pros know that they need to start securing their wireless local area network (WLAN) connections. Detailed maps on the WWWD Web site reveal their previous driving routes, in some cases down to the city block, using maps generated with Microsoft MapPoint.

The second WWWD kicks off tomorrow, October 26 and goes though November 2. Currently, the war drivers (who go by code names like Roamer, CannonFotter, TeamDriveBy, NeoExpanse, and, uh, Mike) are planning to drive around looking for open access in major North American cities like Edmonton, Montreal, Seattle, Tulsa, Des Moines, Denver, Phoenix, New York, Boston, Chicago, Houston, and San Diego, as well as some smaller communities. Even the whole state of Maine is listed.

In other continents, drivers will check in Barcelona, Spain; Seoul, South Korea; Johannesburg, South Africa; Sao Paulo, Brazil; and Wellington, New Zealand.

Is an organized wardrive a cause for worry that WLANs around the country will be hacked for their corporate secrets and precious bandwidth? This group would say no. They post the “Stumbler Code of Ethics v0.1” on their site and encourage members to follow its precepts. The code includes things like “Obey traffic laws” and “don’t warchalk other people’s networks.” In fact, the act of warchalking is met with some disdain by the group — unless you want to chalk your own network to show that you provide free Internet access.

WWWD participants are also admonished not to use their accumulated wardriving data for their own gains. The goal is to provide general information about vulnerabilities in WLANs without getting specific.

If the drivers have one message to share, it’s probably ‘don’t use the factory settings.’ The WWWD home page specifically lists basic ways to prevent anyone from outside your network getting unauthorized access: use a unique SSID, disable SSID broadcasting, turn on WEP encryption, and filter Internet access by MAC address of clients on the network.

Whether you trust the wardrivers behind WWWD or not, at least two companies have taken the occasion of an organized wardrive to promote its wares. BlueSocket announced a “WarDrive Defense” program this week in response to the news of a second WWWD. The firm is making its WG-1000 Wireless Gateway available as a loan during the week to WLAN administrators.

ReefEdge has also put out a press release “advisory,” in hopes that WWWD will cause more users will download the free version of its Dolphin server software for turning x86 based hardware into a secure gateway. Dolphin is a subset of their full ReefEdge Connect System.

Why worry about the hobbyists when even the United States Secret Service is into wardriving? The division of the Treasury Department that also acts as bodyguard to the president does wardrives near protective assignments in public venues like hotels and hospitals. The Secret Service Electronic Crimes Task Force tells any enterprise operating an open access point it detects about the problem.