Wardriving

Quality 0.50 · 2 views · Updated 2 months ago

Search for wireless networks with mobile computing equipment

title: "Wardriving" type: doc version: 1 created: 2026-02-28 author: "Wikipedia contributors" status: active scope: public tags: ["computer-security-exploits", "wireless-networking"] description: "Search for wireless networks with mobile computing equipment" topic_path: "technology/networking" source: "https://en.wikipedia.org/wiki/Wardriving" license: "CC BY-SA 4.0" wikipedia_page_id: 0 wikipedia_revision_id: 0

::summary Search for wireless networks with mobile computing equipment ::

::figure[src="https://upload.wikimedia.org/wikipedia/commons/1/11/Seattle_-_Columbia_City_WiFi.jpg" caption="A free public Wi-Fi access point in 2007"] ::

Wardriving is the act of searching for Wi-Fi wireless networks as well as cell towers, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation.

Etymology

War driving originated from wardialing, a method popularized by a character played by Matthew Broderick in the film WarGames, and named after that film. War dialing consists of dialing every phone number in a specific sequence in search of modems.

Variants

Warbiking or warcycling is similar to wardriving, but is done from a moving bicycle or motorcycle. This practice is sometimes facilitated by mounting a Wi-Fi enabled device on the vehicle.

Warwalking, or warjogging, is similar to wardriving, but is done on foot rather than from a moving vehicle. The disadvantages of this method are a slower speed of travel (leading to the discovery of more infrequently discovered networks) and the absence of a convenient computing environment. Consequently, handheld devices such as pocket computers, which can perform such tasks while users are walking or standing, have dominated this practice. Technology advances and developments in the early 2000s expanded the extent of this practice. Advances include computers with integrated Wi-Fi, rather than CompactFlash (CF) or PC Card (PCMCIA) add-in cards in computers such as Dell Axim, Compaq iPAQ and Toshiba pocket computers starting in 2002. Later, the active Nintendo DS and Sony PSP enthusiast communities gained Wi-Fi abilities on these devices. Further, nearly all modern smartphones integrate Wi-Fi and Global Positioning System (GPS).

Warrailing, or Wartraining, is similar to wardriving, but is done on a train or tram rather than from a slower more controllable vehicle. The disadvantages of this method are higher speed of travel (resulting in less discovery of more infrequently discovered networks) and often limited to major roads with higher traffic.

Warkitting is a combination of wardriving and rootkitting.{{cite web | last = Tsow | first = Alex | title = Warkitting: the Drive-by Subversion of Wireless Home Routers | url = http://www.indiana.edu/~phishing/papers/warkit.pdf | last = Myers | first = Steven | title = Practice and Prevention of Home-Router Mid-Stream Injection Attacks | url = http://www.cs.indiana.edu/~sstamm/papers/midstream-abs.html | access-date = 12 August 2008 | archive-date = 4 February 2010 | archive-url = https://web.archive.org/web/20100204235121/http://www.cs.indiana.edu/~sstamm/papers/midstream-abs.html | url-status = dead

Warflying is a variant utilizing aircraft flying around and locating nodes. It was first performed in Perth with a Grumman Tiger in August 2002, and a week later in San Diego in August 2002 in a Cessna 182.

Mapping

::figure[src="https://upload.wikimedia.org/wikipedia/commons/1/15/Seattle_Wi-Fi_map_UW-300-letter-3.png" caption="A map of Seattle's Wi-Fi nodes, generated from information logged by wardriving students in 2004"] ::

::figure[src="https://upload.wikimedia.org/wikipedia/commons/1/1e/WiGLE_map_United_States.png" caption="A map of Wi-Fi nodes in the United States and parts of Canada tracked by the [[WiGLE]] project"] ::

Wardrivers use a Wi-Fi-equipped device together with a GPS device to record the location of wireless networks. The results can then be uploaded to websites like WiGLE, openBmap or Geomena where the data is processed to form maps of the network neighborhood. There are also clients available for smartphones running Android that can upload data directly. For better range and sensitivity, antennas are built or bought, and vary from omnidirectional to highly directional.

The maps of known network IDs can then be used as a geolocation system—an alternative to GPS—by triangulating the current position from the signal strengths of known network IDs. Examples include Place Lab by Intel, Skyhook, Navizon by Cyril Houri, SeekerLocate from Seeker Wireless, openBmap and Geomena. Navizon and openBmap combines information from Wi-Fi and cell phone tower maps contributed by users from Wi-Fi-equipped cell phones.{{Cite magazine | issue = 6 | last = Rose | first = Frank | title = Lost and Found in Manhattan | magazine = Wired | access-date = 1 September 2007 | date = June 2006 | volume = 14 | url = https://www.wired.com/wired/archive/14.06/posts.html}}{{cite web | last = Blackwell | first = Gerry | title = Using Wi-Fi/Cellular in P2P Positioning | work = Wi-Fi Planet | access-date = 1 September 2007 | date = 19 December 2005 | url = http://www.wi-fiplanet.com/news/article.php/3572001

In December 2004, a class of 100 undergraduates worked to map the city of Seattle, Washington over several weeks. They found 5,225 access points; 44% were secured with WEP encryption, 52% were open, and 3% were pay-for-access. They noticed trends in the frequency and security of the networks depending on location. Many of the open networks were clearly intended to be used by the general public, with network names like "Open to share, no porn please" or "Free access, be nice." The information was collected into high-resolution maps, which were published online.{{cite web | last = Marwick | first = Alice | title = Seattle WiFi Map Project | work = Students of COM300, Fall 2004 – Basic Concepts of New Media | access-date = 1 September 2007 | date = 15 February 2005 | url = http://depts.washington.edu/wifimap/ | last = Heim | first = Kristi | title = Seattle's packed with Wi-Fi spots | work = The Seattle Times | access-date = 1 September 2007 | date = 18 February 2005 | url = http://seattletimes.nwsource.com/html/businesstechnology/2002183464_wifimap18.html | last1 = Murphy | first1 = Niall | last2 = Malone | first2 = David | last3 = Duffy | first3 = Ken | title = 802.11 Wireless Networking Deployment Survey for Dublin, Ireland | work = Enigma Consulting Technical Report | access-date = 2 October 2002 | date = 25 September 2002 | url = https://www.maths.tcd.ie/~dwmalone/p/wardrive02.pdf

Legal and ethical considerations

Some portray wardriving as a questionable practice (typically from its association with piggybacking), though, from a technical viewpoint, everything is working as designed: many access points broadcast identifying data accessible to anyone with a suitable receiver. It could be compared to making a map of a neighborhood's house numbers and mail box labels.

While some may claim that wardriving is illegal, there are no laws that specifically prohibit or allow wardriving, though many localities have laws forbidding unauthorized access of computer networks and protecting personal privacy. Google created a privacy storm in some countries after it eventually admitted systematically but surreptitiously gathering Wi-Fi data while capturing video footage and mapping data for its Street View service. It has since been using Android-based mobile devices to gather this data.

Passive, listen-only wardriving (with programs like Kismet or KisMAC) does not communicate at all with the networks, merely logging broadcast addresses. This can be likened to listening to a radio station that happens to be broadcasting in the area or with other forms of DXing.

With other types of software, such as NetStumbler, the wardriver actively sends probe messages, and the access point responds per design. The legality of active wardriving is less certain, since the wardriver temporarily becomes "associated" with the network, even though no data is transferred. Most access points, when using default "out of the box" security settings, are intended to provide wireless access to all who request it. The war driver's liability may be reduced by setting the computer to a static IP, instead of using DHCP, preventing the network from granting the computer an IP address or logging the connection.{{cite web |author = Wei-Meng Lee |title = Wireless Surveying on the Pocket PC |work = O'Reilly Network |access-date = 1 September 2007 |date = 27 May 2004 |url = http://www.oreillynet.com/lpt/a/4876 |archive-url = https://web.archive.org/web/20090619182138/http://www.oreillynet.com/lpt/a/4876 |archive-date = 19 June 2009 |url-status = dead}}

In the United States, the case that is usually referenced in determining whether a network has been "accessed" is State v. Allen. In this case, Allen had been wardialing in an attempt to get free long-distance calling through Southwestern Bell's computer systems. When presented with a password protection screen, however, he did not attempt to bypass it. The court ruled that although he had "contacted" or "approached" the computer system, this did not constitute "access" of the company's network.{{cite web | last = Brenner | first = Susan | title = Access | work = CYB3RCRIM3 | access-date = 2 September 2007 | date = 12 February 2006 | url = https://cyb3rcrim3.blogspot.com/2006/02/access.html | volume = 67 | issue = 5 | last = Bierlein | first = Matthew | title = Policing the Wireless World: Access Liability in the Open Wi-Fi Era | journal = Ohio State Law Journal | access-date = 1 September 2007 | year = 2006 | url = http://moritzlaw.osu.edu/lawjournal/issues/volume67/number5/bierlein.pdf | volume = 9 | issue = 7 | last = Ryan | first = Patrick S. | title = War, Peace, or Stalemate: Wargames, Wardialing, Wardriving, and the Emerging Market for Hacker Ethics | journal = Virginia Journal of Law & Technology | year = 2004 | ssrn = 585867 | volume = 2 | issue = 4 | last = Kern | first = Benjamin D. | title = Whacking, Joyriding and War-Driving: Roaming Use of Wi-Fi and the Law | journal = CIPerati | access-date = 1 September 2007 | date = December 2005 | url = http://www.abanet.org/buslaw/committees/CL320010pub/newsletter/0009/

Software

References

References

  1. "War Driving Attack".
  2. (27 August 2002). "War driving takes to the air over Perth".
  3. (4 September 2002). "Warflying for Wi-Fi".
  4. (28 August 2002). "Ars Technica: War Flying - Page 1 - (8/2002)". arstechnica.com.
  5. "WiFi and Cell-ID location database with Global coverage".
  6. "Worldwide WarDrive Aftermath – Slashdot".
  7. (22 April 2010). "Google-Debatte: Datenschützer kritisieren W-Lan-Kartografie – SPIEGEL ONLINE". Der Spiegel.
  8. "mapping MAC addresses – samy kamkar". Samy.pl.
  9. [http://www.mcguirewoods.com/news-resources/publications/technology_business/Whacking_Joyriding_and_War_Driving.pdf Alternate PDF] {{Webarchive. link. (28 December 2022 – Law review article on the legality of wardriving, piggybacking and accidental use of open networks)
  10. "NetSpot: WiFi Site Survey Software for MAC OS X & Windows".
  11. "Apple widens App Store bans, Wi-Fi scanners on the chopping block". DVICE.
  12. @WardriveOrg. "Wardrive.Org".
  13. "Web hosting, domain names, VPS - 000webhost.com".

::callout[type=info title="Wikipedia Source"] This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page. ::

computer-security-exploitswireless-networking