You’ve probably used the free Wi-Fi at a book store or coffee shop to work on a project before. There’s nothing wrong with that. You’re a paying customer and should enjoy the amenities afforded to you. Wardriving, however, makes connecting to public Wi-Fi another ball game.
What Is Wardriving Exactly?
Wardriving started as a practice where people drive around in cars while looking for open wireless networks.
There’s nothing wrong with driving around town, looking for a spot to use the Wi-Fi in your car without having to go in. This used to be a norm as far back as 1996—although it used to be called wardialling back then. However, wardriving has become a cybersecurity concern because hackers can exploit vulnerabilities inherent in unsecured wireless networks.
Today, an attacker moving around in a vehicle can automate hardware and software to find unsecured Wi-Fi networks, map the locations of the vulnerable networks, and see the devices connected to the network. Then, they may sell or share the data gleaned from the attack with individuals who can use it for malicious purposes like identity theft.
Is Wardriving Legal?
It depends. Driving around, searching for free/unsecured networks, noting, and even connecting to these networks is not illegal, per se, based on the legal precedent in State v. Allen.
The gist: Allen had wardialled phone numbers to find the ones used for modems when he stumbled on several private numbers belonging to a subsidiary of AT&T. The company found out and took him to court. The Kansas Supreme Court ruled that Allen had not attempted to access the company’s network and did not cause damage to the company’s property.
Generally, wardriving becomes illegal when a person installs malware to carry out man-in-the-middle attacks on open networks. Furthermore, the act is illegal when a driver bypasses security protocols on a secured network. Additional criminal liabilities will result from wardriving attacks resulting in identity theft, data theft, and other forms of cyberattacks that result in personal or financial loss.
Tools Hackers Use for Wardriving
Wardrivers have to focus on driving the car and making sure they don’t leave a trail—parking or staying in an area for too long goes against the cardinal rule in cyberattack rulebooks. As such, wardrivers typically use a combination of automated hardware and software to carry out wardriving.
A wardriving software is usually a network discovery tool that logs information about a network. Examples include Kismet and WiFi-Where. Wardrivers often use these tools along with dedicated databases like WiGLE. These databases archive information about discovered networks, from GPS coordinates to SSID, MAC address, and encryption type.
Meanwhile, the primary hardware for wardriving are antennae modified to identify vulnerable networks without being close to a router, for example. Hackers also use Raspberry Pi and GPS devices to increase the accuracy of their wardriving setup.
How to Protect Yourself from Wardriving
Wardriving poses a significant threat to your personal privacy and internet security. So, how can you protect yourself?
Activate Your Wi-Fi Security
Most new routers come with default usernames and passwords. The router name will also be default—the device name and model. You should change these default configurations because accessing these details is pretty easy. For example, looking on cyber search engines like Shodan can provide a hacker with everything they need to access your home or office network.
You will see how to change your router settings in the device manual. The manufacturer will also have an online copy if you’ve lost the manual—we know nobody really keeps them around.
Once you’ve accessed your router admin dashboard, the first order of business is changing your username and password. Although your username can be pretty much whatever you want, your password should be a combination of alphanumeric characters to give you the strongest security.
Set Up Guest Wi-Fi Network
Most modern routers allow users to set up guest Wi-Fi networks. This way, you can share your internet connection with friends and strangers while reducing exposure to wardriving and man-in-the-middle attacks. You should check your router manual for how to set up guest networks.
Generally, this setting will be in the Wi-Fi section of the admin panel. And if you have trouble setting it up, search for your router’s model name + “guest network” on Google. You should get helpful search results or even helpful tutorial videos.
Think of a guest Wi-Fi network as having a visitor’s bathroom. You reduce the risk of catching a disease (in this case, malware), seeing unsightly stuff, and awkward run-ins when the bathroom is occupied.
Turn Off Router During Inactive Sessions
Passwords can only go a long way. Cracking a secure Wi-Fi is possible for a hacker with the right tools and a dash of determination. While you’re in the admin panel, consider setting your router to switch off automatically after a set time if there are no devices connected to it. This way, your router is not a sitting duck for a determined, resourceful hacker.
Sure, going across the room or climbing the stairs to reach the router can be a pain sometimes. Still, it’s worth the minor discomfort, considering the data a hacker can steal if they break into your home network. For example, a hacker on your network may install malware to steal your credit card information, bank details, or other sensitive data.
Set Up a Firewall for Your Network
A firewall is a filter for data leaving and entering your computer, especially incoming connections. It’s pretty easy to set up a firewall, and you don’t have to understand the nitty-gritty of how it works. A software firewall on your computer should be enough; you don’t need a hardware firewall for a home router.
Windows Defender is a good option for Windows computers, and macOS also has a built-in firewall to prevent unauthorized access to your network. You don’t need a firewall for Linux because of how the operating system was baked. You don’t have to consider a firewall for Android unless you’re a power user.
Encrypt Your Computer
In addition to the aforementioned measures, you should consider device encryption, especially if you use free public Wi-Fi a lot. Encryption protects your files so a third party cannot read them even if they get their hands on them.
You can set up military-grade encryption on your Windows computer in a couple of hours, but that’s for local data. You should consider encryption for cloud files too. There are several options for encrypting cloud files. You should also consider using a VPN to make your online activities private.
Use MFA on Your Online Accounts
While local data on your computer may not be valuable to hackers, access to your online account is a coveted prize. Access to one account, say your Google account or email, can help a hacker hijack several other accounts. For example, a hacker with access to your email may use it to reset the passwords to your account, essentially taking control of your identity.
Online platforms have security down to an admirable T, but you still have some responsibility. So, for starters, consider enabling multi-factor authentication on your online accounts.
Also, you should switch up the passwords to your account. It is bad practice to use the same password twice. Yet, we agree that it’s really hard to keep track of the passwords to hundreds of accounts. Indeed, password fatigue is a real thing. This is why we recommend using a password manager to generate and save unique, secure passwords.
Keep Your Devices Updated
Your device security updates patch vulnerabilities that hackers can use to hijack your connection. So, you should regularly check for, download, and install security updates for your devices as soon as they become available. Besides your router, this rule of thumb also goes for your computer, phone, and smartwatch.
It's Best to Avoid Making Yourself a Target
Hooking up to free Wi-Fi should be okay if your device security is tight, but don’t get too comfortable. Do not stay connected for too long; avoid activities that may expose your sensitive data while you're there. So, don’t go using your bank app on public Wi-Fi. You should also adopt security best practices for your home network. Everyone is pretty much a target when it comes to Wardriving.