What is wardriving? How to prevent it

What is wardriving?

Wardriving in cybersecurity is a tactic used by cybercriminals to map the locations of wireless access points that could be easily exploited by hackers. These networks are usually either not password protected or rely on poor, outdated security protocols.

To identify vulnerable networks, the perpetrator drives around an area in a car and tries to pick up Wi-Fi network information on a laptop or mobile device. In recent years, however, wardriving has become less common, as WEP has been replaced by increasingly stronger protocols like WPA, WPA2, and WPA3.

The word wardriving is derived from the name of the movie WarGames, in which the tactic was used, and from the act of driving. If the same technique is used via other methods of transport, it may also be referred to as warbiking, warrailing, warjogging, and so on.

Access point mapping allows a hacker to identify the locations of vulnerable networks that they can later target with cyberattacks. These access points could include any wireless network, from a public Wi-Fi hotspot in a busy train station to a home network in a private residence.

How does wardriving work?

Wardriving works because Wi-Fi signals can be picked up by anyone within a certain range. If the signal comes from a network which has not been secured with passwords, anyone can connect to it — usually without other network users noticing.

To carry out a wardriving operation, someone just needs a mobile device with Wi-Fi connectivity. They set the device to pick up any nearby Wi-Fi signals and then drive around an area — usually an urban environment, like a residential neighborhood or a business district.

Using special software, their device takes note of any vulnerable Wi-Fi networks. What the driver then does with that information is up to them.

Main components of wardriving

Wardriving involves a variety of components and tools to be effective.

Wardriving software

Wardriving software is commonly used during wardriving operations. Software like WiFiphisher, Aircrack, or Cain & Able can quickly identify weak network security, adding them to the hacker’s list or map, and can even bypass some Wi-Fi network protections on the spot.

Wardriving hardware

Wardriving hardware is needed to run the software described above. Typical examples of the hardware used are smartphones, tablets, and laptops. These devices will be installed with wardriving software and transported around inside a vehicle.

In addition to the device on which the software runs, an extra antenna may be used. While most mobile devices have built-in antennas to pick up Wi-Fi signals, some wardrivers connect their devices to more powerful external antennas that widen the area in which they can pick up signals.

Wardriving examples

Wardriving can be carried out for different purposes and in different ways. Here are some examples of wardriving.

• Home network wardriving. One example of wardriving can involve a bad actor searching out home routers that have not been properly secured. This type of wardriving usually takes place in residential areas.
• Corporate network wardriving. Another example of wardriving sees the perpetrator mapping the vulnerable Wi-Fi networks of businesses and corporate organizations. In this kind of wardriving, hackers may also be looking for guest networks that are intentionally left open for anyone to use but that could be exploited for access to more privileged networks.
• Bluetooth wardriving. Sometimes hackers can use wardriving to identify devices with unprotected bluetooth pairing enabled, allowing them to launch bluesnarfing attacks against those devices. However, this strategy is less common than wardriving for Wi-Fi access points.

Is wardriving illegal?

Wardriving is not illegal in many countries, though it is often a prelude to illegal activity. However, it is worth noting that the legality of wardriving will vary depending on the specific laws and regulations of each region.

While the act of wardriving may be legal in some countries, any attempt to target networks with attacks or connect to them without authorization will almost certainly be illegal.

How wardriving can affect you

Wardriving could affect you if your router is not properly secured and if its signal can be picked up by someone outside of your home or in the case of businesses, your workplace.

If a hacker can access an unsecured network, they could spy on the activity of other users, stealing sensitive information. That information can then be used to launch phishing attacks, break into online accounts, spread malware, or even commit identity theft.

Though your own networks might be secure, you could still connect to public Wi-Fi networks, which are typically more vulnerable to exploits. The good news is whether you’re worried about your own networks or unsafe public Wi-Fi connections, you can still take steps to protect yourself.

How to prevent wardriving attacks

Follow the tips below to protect yourself from wardriving in your area.

• Use strong passwords. Your Wi-Fi password or network key should be long and complex because brute forcing software can easily bypass short, simple login credentials.
• Separate guest networks from private networks. If you want to make Wi-Fi accessible in a certain area, like a lobby or an office, keep your guest network entirely separate from networks that deal with sensitive or private information.
• Keep firewalls on and updated. Make sure your firewalls are switched on, protecting your router from intrusions, and update security software whenever possible. If you postpone updates, you could leave your network vulnerable to attack.
• Use multi-factor authentication. Boost Wi-Fi security by setting up multi-factor authentication (MFA). Enabling MFA will force anyone trying to connect to the network to go through two layers of security and makes it much harder for hackers to quickly access a network.
• Use a VPN. If you are connecting to a network which might not be secure — the public Wi-Fi in an airport, for example — use a virtual private network, or VPN. Services like NordVPN encrypt your data so even if a hacker has compromised your network, they still can’t monitor your browsing activity or steal your data.