• Great articles on other sites
  • RSS Great articles on other sites

  • Analysis - Written by on Thursday, April 5, 2012 15:29 - 9 Comments

    Wardriving & surviving: Who’s using your Wi-Fi?

    This article is by Mark Gregory, Senior Lecturer in Electrical and Computer Engineering at RMIT University. It first appeared on The Conversation and is replicated here with permission.

    analysis Late last month the Queensland Police started a new project to highlight the urgent need for secure wireless internet connections.

    The “wardriving” project involves police driving the streets of Queensland, searching for unsecured Wi-Fi coming from houses and businesses. (Given Wi-Fi signals can have a range of up to 100 metres, a family’s Wi-Fi connection can be accessible from well outside the home.) When an open or poorly secured Wi-Fi access point is found, it is logged by Queensland Police, who will later send a letter with information on how to secure Wi-Fi access points (such as routers).

    What does “unsecured Wi-Fi” mean? Well, it means there is no password set and that open access to the Wi-Fi access point is available to anyone with a compatible device. “Poorly secured” Wi-Fi refers to access points that are set up using older security measures, such as Wired Equivalent Privacy (WEP). WEP is an encryption system that utilises a security technique developed in 1999 and which was outdated and replaced in 2003 by Wi-Fi Protected Access (WPA).

    As Detective Superintendent Brian Hay said in a statement for the Queensland Police Service News: “Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.”

    According to Hay, the consequences of not acting could be significant: “Unprotected or unsecured wireless networks are easy to infiltrate and hack,” he said. “Criminals can then either take over the connection and commit fraud online or steal the personal details of the owner. This is definitely the next step in identity fraud.” Furthermore, a person that has access to open residential Wi-Fi can use this connection to browse the web or or illegally download movies, music or – at the extreme end – child pornography.

    As Nicolas Suzor, a law lecturer at Queensland University of Technology, highlighted in the Sydney Morning Herald, the homeowner could be landed with responsibility: “It could be quite difficult to prove that it wasn’t in fact you [downloading copyrighted or illegal material].”

    This is potentially a major problem for residential Wi-Fi users and one that the Queensland Police has decided to reduce by committing resources from the Fraud and Corporate Crime Group. Another concern is that Wi-Fi users often have mobile devices and computers connected to the one broadband connection. As a result, when someone gains access to their open Wi-Fi they can access all of the devices and computers on that home network.

    A long drive
    The Queensland Police wardriving effort is certainly not the first of its kind. In fact, wardriving has been occurring since the inception of Wi-Fi in the 1990s.

    In 2010, Google Australia was found to be collecting Wi-Fi information by cars sent out to record street views. At the time, Communications Minister Stephen Conroy claimed Google’s actions constituted “the largest privacy breach in the history of Western democracies”.

    The Queensland Police have commenced the project and to ensure they do not commit a breach of privacy have configured their systems to collect only limited information; just enough to be able to identify open or poorly secured Wi-Fi so the owner can be notified.

    And when you look at the statistics, it seems there are a lot of homeowners that need to be notified. In a test done across Sydney in July 2011, the Sydney Morning Herald identified “unsecured Wi-Fi networks in ten out of 20 residential locations … In total, 328 networks were detected with 2.6% operating without password protection.”

    Needless to say, the problem of unsecured Wi-Fi is not an exclusively Australian problem. In December 2004, students worked to map Wi-Fi in Seattle over a few weeks and found 5,225 Wi-Fi access points, of which 44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. The wardriving by students in Seattle was legal, but several issues – such as privacy, security and people downloading pornography – were identified.

    The information collected by students identified that in areas with large numbers of overlapping Wi-Fi access points, signals can cause interference and open wireless networks can cause security risks. Students found some of the Wi-Fi access points had names “Open to share, no porn please” and “Free access, be nice”.

    Tools of the trade
    Over the years, many tools have been developed to assist in the capture of Wi-Fi details during a wardrive. One classic wardriving tool is NetStumbler. Other, more modern, tools can be found at wardrive.net. After Wi-Fi access point information is collected using one of the above tools, the data can be uploaded to an online map, such as those featured on wigle.net.

    The results from Queensland Police’s wardriving efforts are yet to be seen but in the meantime, it would be wise to make sure your Wi-Fi is being used by you, and no-one else.

    For more information on the War Driving Project or tips on how to secure your connection, visit the Queensland Police Service website.

    This article was originally published at The Conversation. Read the original article.

    Image credit: Ramzi Hashisho, royalty free

    submit to reddit


    You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

    1. Marcus
      Posted 05/04/2012 at 4:46 pm | Permalink | Reply

      This is pointless and frivolous
      Do they also intend to make sure I have tied my shoe laces up properly?

      I deliberately partition off a section of my bandwidth and wifi for free anon access… Its a small community service that I’m happy to perform,

    2. SMEMatt
      Posted 05/04/2012 at 5:37 pm | Permalink | Reply

      “It could be quite difficult to prove that it wasn’t in fact you [downloading copyrighted or illegal material].”

      I thought the police are the ones who have to prove that you did in fact download copyright or illegal material.

      • Bern
        Posted 10/04/2012 at 12:05 pm | Permalink | Reply

        The problem is that the police can easily prove that it was downloaded using your internet connection.

        The onus is then on you to prove that it wasn’t *you* who downloaded it using your internet connection.

    3. Marcus
      Posted 05/04/2012 at 5:38 pm | Permalink | Reply

      It’s not a fast link I let them use…

      It would also be difficult to prove it was me.

    4. neilmc
      Posted 05/04/2012 at 7:49 pm | Permalink | Reply

      Is it illegal to have your wifi open? It looks to me like they’re trying to promote the advantage of leaving networks open.

      If by chance some over eager copyright nazi makes a mistake and goes after me making my life hell…. “my network is open. I love my neighbours and passers by and I like to share” :)

    5. Zwan
      Posted 07/04/2012 at 2:47 pm | Permalink | Reply

      Yes you sit there believing your wifi is secure with wpa/wpa2…

      As long as WPS is turned off…

      • senectus
        Posted 07/04/2012 at 2:59 pm | Permalink | Reply

        Does anyone use WPS?
        I’ve never seen anyone actually use it….

    6. Posted 08/04/2012 at 12:36 pm | Permalink | Reply

      Well its taken them 10 plus years to figure this one out .

      I hope you have also sent a nice official letter to all wifi manufacturers asking them
      to please ensure that all routers come with security as wpa2 and a non common or
      sequential pin as the first access method.

      The manufacturers ( CH) primarily are to blame as the routers come with no security as
      the default ,ie WEP no password ,ie open more like a hot spot .

      it is more likely they are mapping all ap’s even the hidden ones ,like a wifi “census”
      for future reference.

      Hopefully while they are doing their “tobesuretobesure” wifi surveying that they have
      their systems secure as they will be open to the same people that they are trying
      to protect the people from ..<.

      We hope plod you dont circumvent the privacy act for no specific reason ,as it wont hold water
      under any of the laws .

      Normally governement departments are supposed to notify the local area by public notices that
      they are carrying out a census or survey of sorts ,prior to doing so .

    7. Jislizard
      Posted 10/04/2012 at 8:34 am | Permalink | Reply

      Tried to set the password everytime we bought a new wireless router, always managed to kick someone in the house off the system and friends and family couldn’t use it when they came over.

      More trouble than it is worth, I would rather give free internet to everyone than block members of my own family.

      If there was an easier way to set it up on the variety of computers, iphones, macs, androids, slates and laptops we have in our house I would probably use it but as it stands, life is too short!

    Leave a Comment


  • Get our 'Best of the Week' newsletter on Fridays

    Just the most important stories, one email a week.

    Email address:

    Follow us on social media

    Use your RSS reader to subscribe to our articles feed or to our comments feed.

  • Most Popular Content

  • Enterprise IT stories

    • Super funds close to dumping $250m IT revamp facepalm2

      If you have even a skin deep awareness of the structure of Australia’s superannuation industry, you’ll be aware that much of the underlying infrastructure used by many of the nation’s major funds is provided by a centralised group, Superpartners. One of the group’s main projects in recent years has been to dramatically update and modernise its IT platform — its version of a core banking platform overhaul. Unfortunately, the $250 million project has not precisely been going well.

    • Qld’s Grant joins analyst firm IBRS peter-grant

      This week it emerged that Peter Grant, the two-time former Queensland Whole of Government CIO (pictured), has joined well-regarded analyst firm Intelligent Business Research Services (IBRS). We’ve long had a high regard for IBRS, and so it’s fantastic to see such an experienced executive join its ranks.

    • Westpac dumps desk phones for Samsung Android mobiles samsung-galaxy-ace-3

      The era of troublesome desk phones tied to physical locations is gradually coming to an end in many workplaces, with mobile phones becoming increasingly popular as organisations’ main method of voice telecommunications. But some groups are more advanced than others when it comes to adoption of the trend. One of those is Westpac.

    • Ministers’ cloud approval lasted just a year reverse

      Remember how twelve months ago, the Federal Government released a new cloud computing security and privacy directive which required departments and agencies to explicitly acquire the approval of the Attorney-General and the relevant portfolio minister before government data containing private information could be stored in offshore facilities? Remember how the policy was strongly criticised by Microsoft, Government CIOs and Delimiter? Well, it looks like the policy is about to be reversed.

    • WA Govt can’t fund school IT upgrades oops key

      In news from The Department of Disturbing Facts, iTNews revealed late last week that Western Australia’s Department of Education has run out of money halfway through the deployment of new fundamental IT infrastructure to the state’s schools.

    • Turnbull outlines Govt ICT vision turnbull-5

      Communications Minister Malcolm Turnbull has published an extensive article arguing that the Federal Government needed to do a better job of connecting with Australians via digital channels and that public sector IT projects needn’t cost the huge amounts that some have in the past.

    • NZ Govt pushes hard into cloud zealand

      New Zealand’s national Government announced a whole of government contract this morning for what it terms ‘Office Productivity as a Service’ services. This includes email and calendaring services, as well as file-sharing, mobility, instant messaging and collaboration services. The contract complements two existing contracts — Desktop as a Service and Enterprise Content Management as a Service.

    • CommBank reveals Harte’s replacement whiteing

      The Commonwealth Bank of Australia has promoted an internal executive who joined the bank in September after a lengthy career at petroleum giant VP and IT services group Accenture to replace its outgoing chief information officer Michael Harte, who announced in early May that he would leave the bank.

    • Jeff Smith quits Suncorp for IBM jeffsmith4

      Second-tier Australian bank and financial services group Suncorp today announced that its long-serving top technology executive Jeff Smith would leave to take up a senior role with IBM in the United States, in an announcement which marks the end of an era for the nation’s banking IT sector.

    • Small business missing the mobile, social, cloud revolution iphone-stock

      Most companies that live and breathe the online revolution are not tech startups, but smart smaller firms that use online tools to run their core business better: to cut costs, reach customers and suppliers, innovate and get more control. Many others, however, are falling behind, according to a new Grattan Institute discussion paper.

  • Blog, Enterprise IT - Jul 5, 2014 13:53 - 0 Comments

    Super funds close to dumping $250m IT revamp

    More In Enterprise IT

    Blog, Telecommunications - Jul 5, 2014 12:12 - 0 Comments

    What should the ACCC’s role be in guiding infrastructure spending?

    More In Telecommunications

    Analysis, Industry, Internet - Jun 23, 2014 10:33 - 0 Comments

    ‘Google Schmoogle’ – how Yellow Pages got it so wrong

    More In Industry

    Blog, Digital Rights - Jun 30, 2014 22:24 - 0 Comments

    Will Netflix launch in Australia, or not?

    More In Digital Rights