The Security Breach
Wardriving is easy. Just buy a wireless card, slide it into a laptop computer equipped with easily obtainable software, and with little trouble you can scan for and capture the radio signals linking computers on a wireless network. Then you can gain complete, unfiltered access to that network.
Essentially, wardrivers use the wireless signals to enter into a computer network. What many organizations fail to understand is that the wireless signals emanating from their network are not confined to their officesor even their building. Wireless signals can easily pass through office ceilings, walls, and floors. As many incidents have shown, an unauthorized user could gain access to a wireless network by simply sitting in his car across the street or in an office above or below the organization in the same building.
A perfect example is the large retailer Best Buy. Some Best Buy stores use a sophisticated wireless network that lets their cash registers beam informationincluding the credit card numbers of customersto a central computer elsewhere in the store for processing. But it was shown that a wardriver can sit in a Best Buys store parking lot and pick up and view this data. Once alerted to this security breach, Best Buy shut off wireless cash registers at all its stores.
So how do the wardrivers do it? By using simple software products that are easy to obtain over the Internet. Here are some of the tools that wardrivers use to crack wireless networks:
NetStumbler is a piece of Windows software that, when coupled with a GPS unit and a wireless card, lets you snoop on the location of 802.11b networks. Think your network is not known to wardrivers? Think again. NetStumbler's web site includes a map showing the locations of U.S. networks people have found using the software.
AirSnort is a wireless LAN (WLAN) tool that recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. Using the Wired Equivalent Privacy (WEP) protocol, 802.11b is crippled with numerous security flaws. AirSnort requires approximately 510 million encrypted packets to be gathered. Once enough packets have been gathered, AirSnort can guess the encryption password in under a second.
WEPCrack is another Open Source tool for breaking 802.11 WEP secret keys. While AirSnort is popularly known, WEPCrack made the first publicly available tool for a wardriver attack.
Remember, the practice of wardriving is simple: All a hacker needs is a device capable of receiving an 802.11b signal, a device capable of locating itself on a map, and software that will log data from the second when a network is detected by the first. You then move these devices from place to place, letting them do their job. Over time, you build up a database composed of the network name, signal strength, location, and IP/namespace in use. The network is then open to illicit use.