CIPS Edmonton Security SIG
February 20th, 2003 Lunch Meeting Summary

Topic: Wardriving - Wireless from a Hacker's Perspective

Speaker: Renderman

Abstract: Wireless 802.11b technology has become a growth industry over the last several years with ever increasing popularity. There has also been an equal amount of talk about 'wardriving' and the security implications of 'going wireless'. Wardriving has become an international phenomenon and has been greatly reported about, however, not many people know what they actually do.

Renderman, a local Hacker and Wardriver, will present the results of his wardrives around the Edmonton area over the last year and discuss the current state of wireless security on a local level, which promises to be shocking. Also presented will be a discussion on what wardriving is, how it is done, who does it, and why you should be doing it too. Time permitting, Q&A will follow.

Renderman is an Edmonton born and raised Hacker. He has been featured several times in local print and TV media, as well as other national and international publications. He was a speaker at the H2K2 hacker convention in NYC, and helps organize the 'Worldwide Wardrive'. He is also the author of the 'Stumbler Ethic', a set of guidelines to help keep wardrivers safe and legal in their hobby. An advocate of wardriving as a fun hobby, his mission is to raise awareness about security issues.

Summary:

Wireless technology has become increasingly popular over the last few years. The convenience of wireless devices has many corporate and/or business users incorporating wireless networks into their existing network infrastructure. Users like to utilize wireless devices for presentations (in boardrooms), check their e-mail on their Pocket PC's and/or connect to the corporate network with their laptops. Wireless devices are also commonly used for personal use and can be purchased at quite an affordable price. Wireless issues appear when these devices are not configured properly leaving private and valuable information open to anyone listening on the 802.11b network. So who is listening?

Wardriver's are!

Wardriving, also known as war walking or war riding, is the hobby of searching out and mapping 802.11b wireless networks. Wardrivers take advantage of security vulnerabilities. They drive around with wardriving equipment (a laptop, wireless card and some wardriving software are required, an omni-directional antenna and/or GPS equipment is optional) in an effort to detect wireless access points. These access points, also called "hotspots", are visible to scans. Broadcast signals emanate past walls, usually up to a block away and can be detected by any wireless-equipped Apple or Windows laptop. Users don't understand that unlike a closed, wired network, they are broadcasting a radio-like signal. Some of the information collected in a scan includes: whether WEP (wireless encryption protocol) is enabled and whether the SSID is still configured as default. From this information, a wardriver can almost instantaneously enter most networks through authentication weaknesses.

Brad Haines, aka "Renderman" is one such person who includes wardriving as a hobby. His mission is to raise awareness about wireless security issues. He has been featured numerous times in local, national and international media, spoke at the H2K2 hacker convention in NYC, helped organize 'Worldwide Wardrive' and is the author of the 'Stumbler Ethic', a set of guidelines for wardrivers to follow to keep in accordance with the law (and to NOT enter networks). Every wireless networking device is capable of encryption. "These people just don't read their instruction manual, they just want to get set-up and running," says RenderMan, who points out that 70 per cent of the Edmonton-area hotspots are not encrypted. His findings are based on his monitoring of Edmonton, St. Albert, Sherwood Park. In addition he monitors Red Deer and Calgary annually to keep up to date on the latest wireless network weaknesses. His advice to wireless network start-ups is: "Take the extra few minutes to set up the wireless security encryption that comes with your hardware. If you don't, at least change the default workgroup name Microsoft uses to allow networked computers to "see" each other. This way, unwanted visitors outside your home may get a free Internet joyride, but can't touch your files."

Number of AP's 1638 100%

No WEP 1157 70.63%

Default SSID's 591 36.08%

For more information Renderman presents his findings on his website at www.renderlab.net. The third WorldWide WarDrive (WWWD) will take place from 28 June 2003 - 5 July 2003.

References taken from The Edmonton Journal and The Edmonton Sun

Christine Sova

IT Security Analyst