Wardriving & surviving: Who’s using your Wi-Fi?

9

This article is by Mark Gregory, Senior Lecturer in Electrical and Computer Engineering at RMIT University. It first appeared on The Conversation and is replicated here with permission.

analysis Late last month the Queensland Police started a new project to highlight the urgent need for secure wireless internet connections.

The “wardriving” project involves police driving the streets of Queensland, searching for unsecured Wi-Fi coming from houses and businesses. (Given Wi-Fi signals can have a range of up to 100 metres, a family’s Wi-Fi connection can be accessible from well outside the home.) When an open or poorly secured Wi-Fi access point is found, it is logged by Queensland Police, who will later send a letter with information on how to secure Wi-Fi access points (such as routers).

What does “unsecured Wi-Fi” mean? Well, it means there is no password set and that open access to the Wi-Fi access point is available to anyone with a compatible device. “Poorly secured” Wi-Fi refers to access points that are set up using older security measures, such as Wired Equivalent Privacy (WEP). WEP is an encryption system that utilises a security technique developed in 1999 and which was outdated and replaced in 2003 by Wi-Fi Protected Access (WPA).

As Detective Superintendent Brian Hay said in a statement for the Queensland Police Service News: “Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.”

According to Hay, the consequences of not acting could be significant: “Unprotected or unsecured wireless networks are easy to infiltrate and hack,” he said. “Criminals can then either take over the connection and commit fraud online or steal the personal details of the owner. This is definitely the next step in identity fraud.” Furthermore, a person that has access to open residential Wi-Fi can use this connection to browse the web or or illegally download movies, music or – at the extreme end – child pornography.

As Nicolas Suzor, a law lecturer at Queensland University of Technology, highlighted in the Sydney Morning Herald, the homeowner could be landed with responsibility: “It could be quite difficult to prove that it wasn’t in fact you [downloading copyrighted or illegal material].”

This is potentially a major problem for residential Wi-Fi users and one that the Queensland Police has decided to reduce by committing resources from the Fraud and Corporate Crime Group. Another concern is that Wi-Fi users often have mobile devices and computers connected to the one broadband connection. As a result, when someone gains access to their open Wi-Fi they can access all of the devices and computers on that home network.

A long drive
The Queensland Police wardriving effort is certainly not the first of its kind. In fact, wardriving has been occurring since the inception of Wi-Fi in the 1990s.

In 2010, Google Australia was found to be collecting Wi-Fi information by cars sent out to record street views. At the time, Communications Minister Stephen Conroy claimed Google’s actions constituted “the largest privacy breach in the history of Western democracies”.

The Queensland Police have commenced the project and to ensure they do not commit a breach of privacy have configured their systems to collect only limited information; just enough to be able to identify open or poorly secured Wi-Fi so the owner can be notified.

And when you look at the statistics, it seems there are a lot of homeowners that need to be notified. In a test done across Sydney in July 2011, the Sydney Morning Herald identified “unsecured Wi-Fi networks in ten out of 20 residential locations … In total, 328 networks were detected with 2.6% operating without password protection.”

Needless to say, the problem of unsecured Wi-Fi is not an exclusively Australian problem. In December 2004, students worked to map Wi-Fi in Seattle over a few weeks and found 5,225 Wi-Fi access points, of which 44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. The wardriving by students in Seattle was legal, but several issues – such as privacy, security and people downloading pornography – were identified.

The information collected by students identified that in areas with large numbers of overlapping Wi-Fi access points, signals can cause interference and open wireless networks can cause security risks. Students found some of the Wi-Fi access points had names “Open to share, no porn please” and “Free access, be nice”.

Tools of the trade
Over the years, many tools have been developed to assist in the capture of Wi-Fi details during a wardrive. One classic wardriving tool is NetStumbler. Other, more modern, tools can be found at wardrive.net. After Wi-Fi access point information is collected using one of the above tools, the data can be uploaded to an online map, such as those featured on wigle.net.

The results from Queensland Police’s wardriving efforts are yet to be seen but in the meantime, it would be wise to make sure your Wi-Fi is being used by you, and no-one else.

For more information on the War Driving Project or tips on how to secure your connection, visit the Queensland Police Service website.

This article was originally published at The Conversation. Read the original article.

Image credit: Ramzi Hashisho, royalty free

9 COMMENTS

  1. This is pointless and frivolous
    Do they also intend to make sure I have tied my shoe laces up properly?

    I deliberately partition off a section of my bandwidth and wifi for free anon access… Its a small community service that I’m happy to perform,

  2. “It could be quite difficult to prove that it wasn’t in fact you [downloading copyrighted or illegal material].”

    I thought the police are the ones who have to prove that you did in fact download copyright or illegal material.

    • The problem is that the police can easily prove that it was downloaded using your internet connection.

      The onus is then on you to prove that it wasn’t *you* who downloaded it using your internet connection.

  3. It’s not a fast link I let them use…

    It would also be difficult to prove it was me.

  4. Is it illegal to have your wifi open? It looks to me like they’re trying to promote the advantage of leaving networks open.

    If by chance some over eager copyright nazi makes a mistake and goes after me making my life hell…. “my network is open. I love my neighbours and passers by and I like to share” :)

  5. Yes you sit there believing your wifi is secure with wpa/wpa2…

    As long as WPS is turned off…

  6. Well its taken them 10 plus years to figure this one out .

    I hope you have also sent a nice official letter to all wifi manufacturers asking them
    to please ensure that all routers come with security as wpa2 and a non common or
    sequential pin as the first access method.

    The manufacturers ( CH) primarily are to blame as the routers come with no security as
    the default ,ie WEP no password ,ie open more like a hot spot .

    it is more likely they are mapping all ap’s even the hidden ones ,like a wifi “census”
    for future reference.

    Hopefully while they are doing their “tobesuretobesure” wifi surveying that they have
    their systems secure as they will be open to the same people that they are trying
    to protect the people from ..<.

    We hope plod you dont circumvent the privacy act for no specific reason ,as it wont hold water
    under any of the laws .

    Normally governement departments are supposed to notify the local area by public notices that
    they are carrying out a census or survey of sorts ,prior to doing so .

  7. Tried to set the password everytime we bought a new wireless router, always managed to kick someone in the house off the system and friends and family couldn’t use it when they came over.

    More trouble than it is worth, I would rather give free internet to everyone than block members of my own family.

    If there was an easier way to set it up on the variety of computers, iphones, macs, androids, slates and laptops we have in our house I would probably use it but as it stands, life is too short!

Comments are closed.