What Is Wardriving and How to Protect Yourself
Chances are you’ve used the free Wi-Fi at a bookstore or coffee shop to work on a project. Nothing wrong with that. You are a paying customer and should enjoy the amenities provided to you. However, wardriving makes connecting to public Wi-Fi another ball game.
What exactly is wardriving?
Wardriving began as a practice of people driving around in cars looking for open wireless networks.
There’s nothing wrong with driving around town looking for a spot where you can use your car’s WiFi without having to go inside. This was already a norm in 1996 – although it was called wardialing at the time. However, wardriving has become a cybersecurity concern as hackers can exploit vulnerabilities in unsecured wireless networks.
Today, an attacker moving around in a vehicle can automate hardware and software to find unsecured Wi-Fi networks, map the locations of vulnerable networks, and see the devices connected to the network. They can then sell or give the data obtained from the attack to people who can use it for malicious purposes such as identity theft.
Is wardriving legal?
It depends. Driving around, checking for free/unsecured networks, taking notes and even connecting to these networks is not illegal per se based on the precedent in State vs. All.
The gist: Allen had blocked phone numbers to find those used for modems when he came across several private numbers owned by an AT&T subsidiary. The company found out and took him to court. The Kansas Supreme Court ruled that Allen did not attempt to access the company’s network and caused damage to the company’s property.
In general, wardriving becomes illegal when a person installs malware to perform man-in-the-middle attacks on open networks. Additionally, if a driver circumvents security protocols on a secured network, the act is illegal. Additional criminal liability stems from wardriving attacks resulting in identity theft, data theft and other forms of cyberattacks resulting in personal or financial loss.
Wardrivers need to focus on driving the car and making sure they don’t leave a mark – parking too long or staying in one area violates the main rule in cyberattack rulebooks. As such, wardrivers typically use a combination of automated hardware and software to perform wardriving.
Wardriving software is typically a network discovery tool that logs information about a network. Examples are Kismet and WiFi-Where. Wardrivers often use these tools in conjunction with dedicated databases such as WiGLE. These databases archive information about discovered networks, from GPS coordinates to SSID, MAC address, and encryption type.
Meanwhile, the primary wardriving hardware is antennas, which have been modified to identify vulnerable networks, for example, without being near a router. Hackers also use Raspberry Pi and GPS devices to increase the accuracy of their wardriving setup.
How to protect yourself from wardriving
Wardriving poses a significant threat to your privacy and internet security, so how can you protect yourself?
Activate your WiFi security
Most new routers come with default usernames and passwords. The name of the router is also used by default – the device name and model. You should change these default configurations because accessing these details is pretty easy. For example, looking at cyber search engines like Shodan can provide a hacker with everything they need to access your home or office network.
You can find out how to change your router settings in the device manual. The manufacturer also has a copy online if you’ve lost the manual – we know nobody really keeps it.
Once you access your router admin dashboard, the first thing to do is change your username and password. Although your username can be pretty much anything, your password should be a combination of alphanumeric characters to provide you with the greatest security.
Set up the guest WiFi network
Most modern routers allow users to set up guest WiFi networks. This allows you to share your internet connection with friends and strangers while reducing the risk of wardriving and man-in-the-middle attacks. You should consult your router manual on how to set up guest networks.
Generally, this setting is in the Wi-Fi section of the admin panel. And if you’re having trouble setting it up, Google your router’s model name + “guest network”. You should get helpful search results or even helpful tutorial videos.
Think of a guest WiFi network like a visitor bathroom. They reduce the risk of catching a disease (malware in this case), seeing unsightly things, and avoiding awkward collisions when the bathroom is occupied.
Turn off the router during idle sessions
Passwords can only go a long way. A hacker, with the right tools and a pinch of determination, can crack a secure WiFi network. While you’re in the admin panel, you should set your router to turn off automatically after a set amount of time if there are no devices connected to it. That way, your router isn’t easy prey for a determined, resourceful hacker.
Sure, it can sometimes be a hassle to walk across the room or climb the stairs to reach the router. Still, it’s worth the slight discomfort considering the data a hacker can steal when they break into your home network. For example, a hacker can install malware on your network to steal your credit card information, banking information, or other sensitive data.
Set up a firewall for your network
A firewall is a filter for data entering and leaving your computer, especially incoming connections. Setting up a firewall is fairly easy and you don’t need to understand the ins and outs of how it works. A software firewall on your computer should suffice; You don’t need a hardware firewall for a home router.
Windows Defender is a good option for Windows computers, and macOS also has a built-in firewall to prevent unauthorized access to your network. You don’t need a firewall for Linux because the operating system is baked. You don’t need to consider a firewall for Android unless you’re a power user.
Encrypt your computer
In addition to the above measures, you should consider device encryption, especially if you frequently use free public Wi-Fi. Encryption protects your files so third parties can’t read them even if they get their hands on them.
You can set up military-grade encryption on your Windows computer in hours, but that’s for local data. You should also consider encryption for cloud files. There are several options for encrypting cloud files. You should also consider using a VPN to keep your online activities private.
Use MFA for your online accounts
While local data on your computer may not be valuable to hackers, access to your online account is a coveted prize. Access to one account, such as your Google account or email address, can help a hacker hijack multiple other accounts. For example, a hacker with access to your email could use it to reset your account passwords, essentially taking control of your identity.
Online platforms have security down to an admirable T, but you still have some responsibility. So, for starters, consider enabling multi-factor authentication for your online accounts.
You should also change the passwords for your account. It is not good practice to use the same password twice. However, we agree that keeping track of passwords from hundreds of accounts is really difficult. In fact, password fatigue is a real thing. For this reason, we recommend using a password manager to generate and store unique and strong passwords.
Keep your devices up to date
Your device security updates patch vulnerabilities that hackers can use to hijack your connection. Therefore, you should regularly check for, download, and install security updates for your devices as they become available. In addition to your router, this rule of thumb also applies to your computer, phone, and smartwatch.
It’s best to avoid making yourself a target
Plugging into free WiFi should be fine if your device’s security is high, but don’t get too lazy. Don’t stay connected for too long; Avoid activities that might expose your sensitive information while you’re there. So don’t use your bank app on public Wi-Fi networks. You should also adopt best practices for securing your home network. Everyone is pretty much a target when it comes to wardriving.