Prepping for the 4th Annual WorldWide Wardrive
May 20, 2004
It's coming up in June and the founder of the event expects that the explosion of sales of Wi-Fi products will simply mean even more unsecured networks.
The fourth annual WorldWide WarDrive (WWWD4) is nearly upon us.
Slated for June 12-19, the event -- held to highlight the deficiencies in the security of most Wi-Fi networks-- has added a couple new wrinkles, according to its founder.
Spread over more than 11 countries with hundreds of wireless users contributing data on the Wi-Fi access points discovered, this year's wardrive will likely turn up many first-time wireless networks.
"The APs are discovered by driving around an area with a GPS and the driver's favorite scanning program," says Hurley.
The only equipment required to do a wardrive a Wi-Fi-enabled laptop computer with the right software (usually Netstumbler), a decent antenna and possibly a GPS receiver. Oh, and a car helps, though it has been done on foot. Last month a group of Wi-Fi fans took to the air for "warfly" over Los Angeles. They found more than 4,000 access points.
While the event spans eight days, the actual driving takes place in one day.
Spreading the Word
While the loosely-affiliated group of Wi-Fi fans hopes to see increased use of wireless encryption and a decrease of networks using insecure default settings, Hurley isn't so confident: "While I hope that is the case, I think it is likely that we will see the opposite."
One of the goals of the WWWD4 is to inform new Wi-Fi users about the hazards. New network owners "are often not aware of the security implications of placing an access point with a default configuration on their home network," says Hurley.
Wardriving traditionally has been the pursuit of open wireless Internet connections from which to download music, surf a broadband connection or curiously explore a new network. WWWD4 participants point to a loftier goal than simply leeching some MP3 files."The goal of the WorldWide WarDrive is to provide a statistical analysis of the many access points that are currently deployed," according to a prepared statement.
Those statistics paint an interesting picture of the changing wireless security landscape.
Of the little more than 9,300 access points discovered during the first WWWD in 2002, nearly 70 percent of Wi-Fi them had the only security available then -- wired equivalent privacy (WEP) -- turned off. That percentage remains steady through 2003, when the third WWWD revealed 67 percent of the more than 88,000 APs uncovered did not use WEP.
WEP has been much-maligned because of being crackable but it has a much worse trait. It never caught on with the majority of access points discovered because it has always been too difficult for the layman to implement.
The Good News
Slightly more encouraging is the word seems to be reaching owners of Wi-Fi access points of the importance of changing the default 'out of the box' service set identifier (SSID), which is basically the name found for an access point on a wireless network. Most hardware vendors ship APs with a default SSID that anyone can figure out.
During the last wardrive, volunteers found more than 27 percent of APs were using the default SSID. Usage of default settings spiked in 2003, when more than 35 percent of Wi-Fi networks failed to change their ID codes.
Curiously, during the first WWWD, only 29 percent of people kept the default setting for their Wi-Fi gear.
As many as 17 million Wi-Fi access points exist today, with nearly 58 million APs slated to ship in 2006, according to estimates.
Those statistics, which include the number of APs discovered, whether security is enabled and if default settings are used "have become the defacto standard" for vendors selling security products, as well as the media reporting on wireless security.
Unlike past years, where statistics gathered were compiled after the event ended, WWWD4 has teamed up with the Wireless Geographic Logging Engine to create real-time maps of data uploaded by volunteers.
If you would like to join the upcoming WWWD4, organizers have created a forum to coordinate the event.