While browsing the Android Market several nights ago, I came across the Wardrive application. Wardriving is the practice of finding wireless access points while on the move (in person or in a vehicle). The Wardrive app records any and all wireless access points it finds into a database with the location of those access points thanks in part to the GPS built into phones.
Since I had to make a trip to the grocery store in the morning, I figured I’d take the application for a spin and see what I could find. The results are alarming and unexpected at the same time. When you buy a wireless router, most of the time, the manufacturer teaches you nothing about safety and security.
Much like the television airwaves, your wireless router it always sending out a signal over the air. This means that anyone can tell you have a wireless connection at your home or business. They don’t reach out the distance of a television signal, but they can still go far enough outside your home that others can easily jump onto your connection. This openness is great for those looking for the need to have access to the Internet while on the go, but these open wireless access points are dangerous for not just the homeowner but for those looking for “free” Internet as well. As the data flying through the air is open and unencrypted, most information you enter can be seen by anybody that knows what they’re doing.
Looking at the map above, you will notice another common thing: the name of the access points. “linksys”, “dlink” and “default” are all the generic names of access points as you get them from the manufacturer. Most likely, the people who bought these access points just took them out of the box, connected their Internet connection to it, and went right to work. This also most likely means that these people have not changed the password to their access point, meaning anyone could do whatever they wanted to their connection and their data.
To help thwart this unauthorized access, a wireless encryption protocol was created called WEP (Wired Equivalent Privacy). This setup requires that people connecting to the wireless access point enter a password in order to gain access to the network. Unfortunately, WEP was a very flawed protection method and was cracked within a few years. WEP passwords on wireless access points can now easily be decrypted within minutes.
In the early 2000’s, the WPA (Wi-Fi Protected Access) standard was introduced to replace the WEP standard. The original WPA was a stop-gap measure to get people off WEP while WPA2 was the full implementation of the standard as it should be.
After reviewing the data, I was honestly surprised at the number of access points using the more secure WPA protocol. I’m rather happy to see that as I’m worried people would still be using the older WEP protocol or no security at all. That being said, those last two scenarios are still happening. The use of the older WEP protocol is understandable as some devices (such as the Nintendo DS) still don’t support WPA security. The number of open access points is still disappointing. In 2010, there should be ZERO open wireless access points in use by private businesses and home users.
Manufacturers have been doing a better job of helping customers protect themselves by shipping wireless routers already protected with WPA protection or automatically when configuring the router for the first time. Unfortunately, for those that have not bought a router recently, they are putting themselves at a major risk of a security breach.