9/5/2002 7:12:45 PM
As a followup to my earlier story regarding my purchase of a laptop - I've taken the time to set up a wireless network at my apartment. Initially I did this for the purposes of being able to cruise the internet anywhere in the apartment without having to jack into the ethernet cable. However as I've done more research on the subject - I've come across the latest blackhat security phenomena known as "WarDriving".
Essentially WarDriving refers to an activity in which a person sets up his/her wireless laptop in the car to detect all wireless networks within a certain range as they drive down various streets. Once a signal is located they then try to zero in on the point where it originates (by checking the signal strength) and finally attempt to connect to the network in question.
As you may or may not know - Wireless networking (e.g. 802.11b) has become quite popular as of late. The equipment is affordable enough that many small businesses are setting up wireless networks because its so much more convienent than stringing out RJ45 cable all over the place. The problem with this is that these people very rarely have the experience and knowledge required to secure such networks.
Out of the 13 networks I was able to locate in my home of Greenville, SC last night - most had no security whatsoever and 4 of them provided unrestricted internet access. This means that I could literally sit in some company's parking lot and surf the net using their bandwith. Keep in mind that I only drove around a very small portion of Greenville and that I never even made it downtown. Many of the open networks belong to the very stores which sell the actual equipment. Kind of ironic huh?
I plan to spend some more time WarDriving this weekend and hopefully sometime Sunday I'll be able to post some preliminary results as to just how insecure the wireless networks of Greenville, SC are. So far the results have been quite dismal as none of the networks I've found incorporate the use of WEP (802.11b encryption) or even MAC Address Filtering. Most appear to be setup with the out of box vendor defaults.