According to Wikipedia.com, "Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer or PDA." Wardriving was derived from the term wardialing from the 1983 film WarGames, which involved searching for computer systems to connect to, using software that dialed numbers sequentially to see which ones were connected to a fax machine or computer. Warbiking is essentially the same as wardriving, but it involves searching for wireless networks while on a moving bicycle or motorcycle. This activity is sometimes facilitated by the mounting of a wifi-capable device on the vehicle itself. Warwalking, sometimes called warjogging, is similar in nature to wardriving, except that it is done on foot rather than conducted from a moving vehicle. The disadvantages of this approach consist in slower speed of travel, resulting in fewer and more infrequently discovered networks, and the absence of a convenient computing environment. Consequently, handheld devices such as Pocket PCs, which can perform such tasks while one is walking or standing, have predominated in this area.
Warkitting is a combination of wardriving and rootkitting. In a warkitting attack, a hacker replaces the firmware of an attacked router. This allows him to control all traffic for the victim, and could even permit him to disable SSL by replacing HTML content as it is being downloaded. Warkitting was identified by Tsow, Jakobsson, Yang, and Wetzel in 2006. Their discovery indicated that 10% of the wireless routers were susceptible to WAPjacking (malicious configuring the firmware settings, but making no modification on the firmware itself) and 4.4% of wireless router were vulnerable to WAPkitting (subverting the router firmware). Their analysis showed that the volume of credential theft possible through Warkitting exceeded the estimates of credential theft due to phishing.
Many wardrivers use GPS devices to measure the location of the network and log it on a website to form maps of the network neighborhood. The most popular web-based tool today is WiGLE, while one of the pioneering mapping applications was StumbVerter, which used Microsoft MapPoint automation to draw found networks. For better range, antennas are built or bought, and vary from omnidirectional to highly directional.
The maps of known network IDs can then be used as a geolocation system, an alternative to GPS, by triangulating the current position from the signal strengths of known network IDs. Examples include Place Lab by Intel, Skyhook, and Navizon by Cyril Houri. Navizon combines information from Wi-Fi and cell phone tower maps contributed by users from Wi-Fi-equipped cell phones. In addition to location finding, this provides navigation information, and allows for the tracking of the position of friends, and geotagging.
In December 2004, a class of 100 undergraduates worked to map the city of Seattle, Washington over several weeks. They found 5,225 access points; 44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. They noticed trends in the frequency and security of the networks depending on location. Many of the open networks were clearly intended to be used by the general public, with network names like "Open to share, no porn please" or "Free access, be nice." The information was collected into high-resolution maps, which were published online.
Wardrivers are only out to log and collect information about the wireless access points (WAPs) they find while driving, without using the networks' services. Connecting to the network and using its services without explicit authorization is referred to as piggybacking. The terms have been interchanged in the press, however. For instance, an EETimes article with the headline "WiFi user charged for not buying coffee" refers to a user who "piggybacked off the shop's wireless Internet service for more than three months". When reposted by Engadget, the term "wardriving" was substituted, and the headline changed to "Wardriver arrested for snagging coffee shop signal". Typical wardriving software actually takes control of the wireless radio, making it impractical, if not impossible, to wardrive and piggyback simultaneously.
No comments:
Post a Comment