What is Wardriving?

Wardriving is the act of looking for publicly accessible Wi-Fi networks while in a moving vehicle (hence the word “driving”) for later potential use in attacks (now you know why the term “war”).

Due to its nature, wardriving requires the use of portable devices like a laptop or a smartphone. Software that aids perpetrators in the task are sadly available free of charge on the Web. Other terms have been coined for similar tactics, depending on the transportation means used. We’ve seen warbiking, warcycling, warcarting, warwalking, warflying, warrocketing, warballooning, and warboating used as well.

Think of wardriving as a thief going house to house in search of poorly protected ones to rob.

Other interesting terms…

• What is a Malicious Payload?
• What is Packet Sniffing?

Read More about “What Is Wardriving?”

Wardriving traces its roots back to 2001. Back then, people flocked to the streets hoping to detect unprotected Wi-Fi access points to infiltrate. The term really took off when a hacker known as “Delta Farce” and “Tracy Reed” flew a plane to do the deed back in 2002.

Who Coined the Term “Wardriving”?

The idea behind wardriving was borne out of the 1983 film “WarGames.” The name itself, meanwhile, could be credited to computer security consultant Peter Shipley.

In 2000, Shipley developed Perl scripts that could interact with the Global Positioning System (GPS) to automate the process that came to be known as “wardriving.”

What Tools Can Be Found in a Wardriving Arsenal?

Wardrivers typically use an array of hardware and software that include:

• Mobile device: This can take the form of a smartphone, laptop, tablet, or a Raspberry Pi.

• Wireless network card and antenna: Some wardrivers just rely on their device’s built-in antenna, but others use additional hardware to intensify their scanning capabilities.

• GPS access: Without this, wardrivers won’t be able to pinpoint the location of the vulnerable network.

• Wardriving software: This allows wardrivers to bypass network security. Popular choices include KisMAC, Aircrack, Cain & Able, CoWPAtty, and WiFiphisher.

What Motivates People to Engage in Wardriving?

In an interview with a confessed wardriver back in 2004, an unnamed hacker said he cruises along the streets of America to spot companies that leave their Wi-Fi networks exposed. But he said that he did nothing but identify unprotected networks because launching attacks would be against a cardinal wardriving rule: “Thou shall not access another’s network under any circumstances.” Wardriving, according to the interviewee, was all about finding weaknesses.

In a sense, wardrivers back then could be likened to today’s ethical hackers. Except, of course, in the fact that white hats are typically paid to look for vulnerabilities in the hirer’s network and so don’t do nothing, but report their findings to their employer.

How Can You Protect against Wardriving?

In this day and age where anyone, individuals and businesses alike, can lose data to hackers, protection against wardriving is a must. Here are some best practices:

• Change your router’s administrative password: Default passwords for many if not all routers are published on the Web.

• Enable encryption: Buy a router that lets you set Wi-Fi Protected Access (WPA) or WPA2 encryption. Avoid those that use Wired Equivalent Privacy (WEP)-level encryption, as this is easy to crack using standard wardriving software.

• Use a firewall: A firewall only allows connections from your approved sources.

• Shut down your wireless router if you’re not using it: This will eliminate the possibility that wardrivers will discover and potentially attack it.

Is Wardriving Still a Thing?

We were curious to know if wardriving still happens, and based on the video we found, it does.

While people believe wardriving is illegal, there are no specific laws that prohibit it provided, of course, that the activity doesn’t lead to hacking someone’s network.

—

Times have changed since any unprotected or even insufficiently protected wireless network found now is automatically attacked or infiltrated for use in one. Hence the biggest breaches of all time like that experienced by Yahoo! in 2013–2014.