Wardriving: Mobile Wireless Security Auditing
Wardriving is an activity that employs mobile hardware and reconnaissance software in a moving vehicle to search for and plot wireless networks to a GPS grid. This is a moderately inexpensive hobby that really only requires a USB GPS receiver and, optionally, an external wireless card. The software available to you varies by operating system, but popular choices include Kismet, Kismac, WIGLEWIFI and Vistumbler. These applications essentially pull SSID information from your wireless card and combines GPS coordinates from the receiver, and then exports this data to .gps or .kml files. Using this method enthusiasts across the globe have managed to contribute information on over 400 million wireless networks over at wigle.net.
While you’re shopping for your hardware try to find a wireless card that will have exceptionally good range, and a GPS receiver that utilizes WAAS for especially accurate results. Once you’ve got everything in hand, take some time to research your state or local laws, as having any sort of screen in view of yourself as a driver can have legal repercussions. Once you’ve got everything installed, your setup may look something like this:
I’ve also seen especially mobile versions of this that use raspberry pis attached to mobile battery packs. Before you hit the road you should take it for a test run in your living room just to make sure all the information you’ll need is being aggregated appropriately. I used Vistumbler, but the information you see will likely be very similar:
From a single pane, I’ve got insight such as AP MAC addresses, SSID names, wireless/security/encryption protocols being used, latitude and longitude coordinates, and hardware models. With all of this in hand, I can then export everything to a GPS file where each network will be plotted appropriately:
In a short 15-minute drive through a neighboring town I was able to pick up about 1,200 signals. I could return home and sift through that information looking for poorly configured and exploitable routers. A malicious actor could combine this information with vendor security advisories to gain a foothold in home and business networks.