Wireless Hunters on the Prowl

[InfoSec News <isn () c4i org>]

http://www.wired.com/news/wireless/0,1382,59460,00.html

By Xeni Jardin
July 02, 2003

Mike Outmesguine leans against a Chevy Suburban packed with Wi-Fi, GPS
and ham radio gadgets, gazing out at the necklace of hilltop radio
towers that surround Los Angeles' Chinatown.

"The cool thing about war driving is that it makes what's invisible --
the wireless Internet -- visible," the Southern California Wireless
Users Group co-founder says, grinning. "I worked on radio frequency
jamming systems in the U.S. Air Force, and when I got out I remember
returning home and suddenly being aware of wireless waves everywhere."

Outmesguine, a Gulf War veteran and Los Angeles-based wireless
technology consultant, isn't alone in that fascination. During the
third WorldWide WarDrive taking place now through July 5, participants
in dozens of U.S. cities roam around with Wi-Fi-sniffing gear, logging
access points that will then be collected, shared and analyzed.

Organized by a loose-knit group of security professionals and wireless
enthusiasts, planners say the WWWD serves to raise awareness of the
need for home and corporate users to secure wireless networks from
unwanted access or snooping.

The first drive, held in 2002, logged 10,000 access points. A second
drive held six weeks later documented 25,000. This year, exponentially
higher figures are expected due to Wi-Fi's growing popularity. The
group hopes to broaden awareness of the need to lock down wireless
LANs with WEP (wired equivalent privacy) or other encryption tools.

Organizers gather data from the weeklong WWWD to create a statistical
analysis of access points. Results will be presented by founder and
lead organizer Chris Hurley, aka Roamer, in a presentation at this
year's DefCon 11, a hacker convention.

While Wi-Fi fans around the country prepared for the WWWD, Wired News
joined SoCalWUG co-founders Outmesguine and Frank Keeney for a war
driving excursion from Los Angeles' Chinatown through the city's
financial core. In just 40 minutes, we logged nearly 400 access
points, and many were unsecured. Software on Keeney's laptop allowed
us to view some of the actual contents of network traffic, revealing
detail as precise as file names and user names.

Both Outmesguine and Keeney drive antenna-spiked SUVs equipped with
amateur radio equipment, GPS units and multiple PDAs and laptops
running applications such as Netstumbler and Kismet.

Netstumbler detects networks that reveal their SSIDs (short for
Service Set Identifier), which are typically broadcast under the
default setting for wireless routers, while Kismet "listens" for radio
signals in the air. GPS units connected to laptops by serial cables
allow network locations to be charted on digital maps.

One of Keeney's laptops runs a shareware application called APRS that
displays the location of fellow war drivers and ham radio buddies on
city streets. Using two-way radio or a text chat application, he
communicates with them as he drives.

"Now, more than ever, the number of networks is exploding," Keeney
said. "When you do this over time, you're struck with just how quickly
wireless growth doubled, then tripled."

The Northern California WWWD organizer, who goes by CK3K, likens war
drivers to contemporary cartographers.

"We're interested in how the technology works and in raising security
awareness by showing how many unsecured access points are out there.  
We don't gain access to the networks we find; we just log and move
on," CK3K said. "Wireless network security is just as important as on
wired networks, but we see so many (access points) out there that have
clearly just been taken out of the box, turned on and left alone."

Awareness appears to be growing. A 2003 Jupiter Research report states
that nine out of 10 U.S. executives surveyed named security as the top
issue shaping wireless network deployment decisions.

Still, only about half of companies in the survey implement wireless
security precautions, and of those, many rely on measures such as
"off-the-shelf" WEP -- considered by many security experts to be
inadequate for corporate security needs.

Corporate systems administrator and Silicon Valley WWWD organizer
Chris K., aka Vtocsearch, has been war driving since 2001.

"Then, about 90 percent had wide-open networks, and that includes big
Fortune 500 companies," he said. "Network admins also need to scan for
rogue wireless access points within their company and wireless access
cards with default settings, which, in my opinion, are just as
dangerous."

When asked what one piece of advice he'd give to would-be Wi-Fi users,
WWWD founder Hurley recommends beginning with the basics.

"Use the built-in features of your access point," Hurley said.  
"Implementation is easy and information on how to (use them) is
readily available, including at the WWWD website."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.