Consumer advocates say hackers can use unsecured wireless networks to access personal information on computers for identity theft.
By: Charlie Olsen
On a Saturday night in April, David Stinner is just posting the results of his latest excursion on his Web site.
While many spend their Saturday nights at restaurants or movie theaters, Mr. Stinner spent part of his driving through Somerset and part of Hillsborough with a laptop and a Global Positioning System on a "wardrive."
Using these tools, Mr. Stinner finds and documents Wireless Fidelity (Wi-Fi) Access Points (APs) and uploads them to a Web site, where the security vulnerabilities are visible to anyone.
Such access points may be areas where someone intends others to access the Internet on their network such as the Wi-Fi network set up at Hillsborough Public Library but more often, they are wireless networks set up in homes or businesses.
Consumer advocates say hackers can use these unsecured wireless networks to do more than just get online they may be able to access personal information on computers for identity theft.
Mr. Stinner, a 31-year-old data forensic examiner from Bridgewater, believes he is doing a public service by exposing the gaps in people’s networks, but the information also could be used for malicious ends.
Although it’s legal to collect this information, experts warn of problems that can result when residents or businesses have unsecured wireless networks.
Meanwhile, others say the availability of "free" Internet connections is good for computer users even though someone is still paying for the service.
Wade Trappe, assistant professor of electrical and computer engineering at Rutgers University and a member of the Wireless Information Network Laboratory (WINLAB), believes the name "wardriving" makes the practice sound worse than it is.
"’Wardriving’ makes it sound like it’s going to kill us," said Mr. Trappe. "Often wardrivers do it to facilitate an open society, but even good intentions can be used to malicious ends with more secure systems."
The Wireless Geographic Logging Engine (WiGLE.net) is a Web site that allows Mr. Stinner and others to log their wardrives and upload them into a worldwide map that can be zoomed in to street level to see individual network names.
Although the data he collected and posted on his Web site is a year old, Mr. Stinner detected 536 total APs, of which 369 were open-access and a further 143 were still set to the default Service Set Identifier (SSID) or network name.
Hugh Kennedy, a spokesman for WiGLE.net, said that "Wardriving" is a hobby and like any hobby, people participate for a variety of reasons.
"Mapping observations of networks is primarily of an aesthetic/socio-technical benefit," said Mr. Kennedy. "We think maps are pretty and fun to make work, and it’s academically interesting to watch the spread of the technology in a direct geographic sense over time."
Similarly, Web sites such as WorldWide WarDrive (www.worldwidewardrive.org) justify the practice as a public service to raise awareness about security because few users go to the trouble of changing the factory settings which are known to anyone who can get a copy of the manual.
By taking an extra 30 seconds time to configure either the WEP or WPA security features that come with the AP, users can make it so that attackers listening in on the connection can see what is being said, but it won’t make sense without the key.
"It’s like talking on the phone," said Mr. Trappe. "Someone in the hall can hear, but if you use a different language they may not understand."
Wireless and "wardriving," according to Mr. Trappe, is a "small piece of the puzzle" compared to the task of securing the major networks behind it, such as banks and other vital computer systems.
While "wardriving" has both its good and bad sides, exposing security risks to both potential victims and attackers, it’s important to remember that there is no silver bullet for Wi-Fi security, he said.
"WEP encryption can be broken in about 12 hours by a persistent, clever attacker," said Mr. Trappe. "But if they’re that persistent, they can use my network."

