Raise your hand, even among keyboard geeks, if you know the meaning of “wardriving”. Let’s try to give an answer immediately, starting from the definition of Wikipedia to get to the information published online by some security companies: it is an activity that consists in intercepting Wi-Fi networks with a laptop usually combined with a GPS receiver (moving in car, but also by bicycle or on foot) to identify the exact position of the network found and possibly publish the geographical coordinates on a special website. In a few more precise words, wardriving is the practice of moving with a vehicle for a specific zone looking for unsecured private Wi-Fi networks and mapping vulnerable localized access points.
From “War Games” to an “illegal” practice
Its origins date back to one of the cult films of the early 80s, “War Games”, with a very young Matthew Broderick, despite himself, the protagonist of a “wardialing” attack, that is the technique of automatically calling all telephone numbers in a geographical area to locate the computers present. The evolution of this type of cyberattack has led to wardriving, a practice bordering on legality when it leads to unauthorized access that damages the privacy of the unfortunate user, even if no disturbance or data theft is committed and the intercepted wireless network is used to navigate at the owner’s expense. Widespread at the dawn of the Internet, today this technique is not particularly practiced but remains, according to those who work in the field of security, a criticality of Wi-Fi networks.
Loading…
What attackers use and the flaws of home networks
The danger of this particular form of threat is strictly related to the (minimum) equipment a “wardriver” needs to act: a PC or smartphone equipped with a network card compatible with the 802.11 wireless standard, an antenna operating on the band of 2.4 GHz, software and apps to detect the reception level of the Wi-Fi signal and create digital mappings of networks with the captured information (iStumbler, KisMAC, CoWPAtty, InSSIDer, NetStumbler, WiFi-Where, WiFiphisher) and a medium (in the even your legs) to move into the search area. Once the access point to be “hit” has been located, the wardriver tries to intercept and decode parameters such as the identification code of the network, the encryption keys and of course the password. Having said that even the cheapest routers and access points often have Wep (Wireless Equivalent Protocol) or WPA encryption systems that make it more difficult to identify, many home wireless networks are not adequately positioned and protected. . Proof? If little can be done to prevent the radio signal from spreading outside the building (the walls attenuate the radio signal but do not shield it completely and therefore one’s network is exposed to the “sight” of third parties) it is also true that many users operate their access point without changing the factory preset passwords. A “game” that can be dangerous Wardriving can have three main objectives. The worst, for the targeted user, is the theft of personal data, see for example the login credentials to operate with home banking services; therefore there is no lack of cases of malicious use of wireless networks for criminal activities, with routing of traffic to hacked users and no ethical purposes, if the search for leaks in the networks is aimed at improving their security. There is also a risk that is difficult to quantify, which in some ways recalls the story of “War Games”. Even wardriving activities without criminal purposes, which do not involve any risk for the owners of the networks, can however give way to more dangerous actions if the (network) data published on the maps are used by cybercriminals to launch ransomware-type attacks.
How to prevent attacks?
Regardless of the type of threat you are exposed to, you should always protect your home Wi-Fi network by following a few simple tips. Those suggested by Panda Security experts are five. It starts with the verification and consequent activation of an encryption system and therefore of a security protocol among those available for your network (Wpa and Wpa2 or Wep). Changing the router’s default password and using multi-factor authentication if available is the second step and if we do not want to allow guests and friends to surf with the same credentials as us, it is a good idea to set up a second dedicated Wi-Fi network, which allows to share access with users and devices considered safe, excluding all unknown or suspicious ones. For those who are more accustomed to the subject and for those who do not want to run the risk of seeing their network pierced by hackers and malware, the use of a firewall to protect the access point or a Vpn service (virtual private network) to protect the network and their devices (computers, smartphones, tablets and even smart TVs) is certainly a practice not to be overlooked. Last but not least, it is always advisable to install all available updates so as not to lose any security patches.