Weird Security Term of the Week: “Wardriving”

The Problem:

Wi-Fi networks have been one of the single greatest disruptions of access technologies in the history of computing. While having ready access to information without having to drag hard lines around everywhere is an amazing feat in and of itself, it is also easily monitored and information can be stripped ‘out of the air’ with different levels of skill.

Wardriving” is the act of driving around an area (a neighborhood, a commercial district, a corporation, etc.) to find open wireless access points. Once a point is found, an attempt is made to either access it readily if it is wide open, attempt to use an exploit to gain access if it is using an obsolete security methodology, or just note it as a point of interest to return to later.

There are a number of different variants on wardriving, each one allows for slightly different attack/monitoring methodologies depending on the techniques used and technology available at the time of network discovery. These can include:

Wardriving – Driving in a vehicle
Warwalking – Walking on foot
Warrailing – On a train
Warchalking – Painting/drawing symbols where networks are detected
Warkitteh – Using a cat or other animal to map out wireless access points and gain access through a combination Wi-Fi, GPS and other technologies
Warkiting – Taking a wardriving attack a step further with the combination of rootkit attacks, attempting to modify the firmware of a compromised router.

The solution:

There are a number of different ways to reduce your profile and harden your network to better protect against drive-by-attacks such as these.

Solution the first: WPA2

Adequate protection against unwanted connections is vital in a wireless environment, as you can’t depend on just locking your front door to protect you in this case. Open Access and WEP are both considered dangerous to use, and WPA1 is currently frowned upon. WPA2 is the current standard for wireless security, and has yet to be compromised. The use of a strong access password – not using obvious values such as the name of your access point, or worse using ‘password’ for the password, can greatly help the strength of this protection. WPA2 is used on almost all modern hardware; however most networking equipment normally is not replaced unless it melts. As a result making sure that this is supported on your device would be the first item to check. If it is not, consumer grade networking equipment is available from a wide variety of vendors. This will not stop the detection of the network, however instead of being able to look beyond an open door into an unguarded room, you’ll have a closed sturdy door.

Typical Price of Software: $0 (Current equipment must support the option)
Typical Price of Hardware: $20-$200 depending on equipment from various vendors

Solution the second: Disable SSID broadcast

When a user searches for a specific Wireless network and a list is presented to them, what they are seeing is the list of networks broadcasting their SSID (Service Set Identification) or to put it simply, the names of the access points. By disabling the broadcasting of this identifier, it adds a lower profile to the network and is able to hide a little more easily from the typical user. This option is available in nearly all network hardware, and normally does not require any special options to set up. The problem with this however is that anyone that is wardriving will be scanning for the frequencies in use in a given area, not just the named networks. As a result, if they detect an unnamed network broadcasting – it may end up doing the exact opposite of what you set out to do: draw attention to it. To go further on our analogy: adding this option would make your room invisible from the casual passerby, but not from those that already know where it is. This option can only be recommended to be used in conjunction with adequate security measures as well.

Typical Price: $0 (Most equipment supports this option)

Solution the third: MAC Address filtering

Blacklists and whitelists are always valuable methods of what is and is not permitted in a given situation. A blacklist will prevent items expressly on the list from being allowed, while a whitelist will ONLY allow items on the list and no others. MAC Address filtering normally is setup as a whitelist – only allowing known trusted devices onto the network. This option is supported on most, but not all networking hardware. You will want to make sure that this is available on your equipment before attempting to enable it. Going back to our analogy, this would add a very irritated bouncer in front of the room we’re trying to protect. This is not to say this is impossible to beat, however it would require being able to find the MAC address of a device that is already allowed through and then temporarily copying that address – the digital equivalent of a fake ID.

Typical Price: $0 (Equipment must support this option)

Honorable Mention: OpenWrt/DD-WRT/Tomato/HSMM-Mesh

While this goes above and beyond what a typical user might require, users looking to get much more performance and customization out of their network may want to investigate OpenWRT, DD-WRT, Tomato, or HSMM-Mesh . All of these are open firmware packages for either routers or full PCs being repurposed with an enormous amount of utility. As these replace the standard firmware used by the manufacturer, they can radically change what the device is capable of and add enhancements that would normally only be available on much more expense equipment. Please bear in mind that these require a solid level of technical knowledge to install, configure or administer and can easily brick the device if not performed correctly.

Typical Price: $0

All of the solutions are capable of enhancing the profile of a wireless network, and work extremely well together to create a formidable defense. While the solutions offered may not be practical in some environments, and in many non-residential cases much stronger measures are recommended, it is highly recommended to at least have WPA2 protection in any situation where Wi-Fi is present.

EDITOR’S NOTE: Bear in mind that although these solutions will enhance your wireless network’s security, your routers themselves commonly contain vulnerabilities extending beyond the reach of these solutions (except maybe the use of DD-WRT and other custom firmware). Here is a recent example plaguing popular ASUS routers.