UAT: Wardriving
By Al Kelly, project co-sponsor

Wireless networks in recent years have seen an explosive growth, not only within the corporate environment but most notably in the home market. As the wireless market has grown it has brought to the networking arena numerous vendors of wireless gear. Today you cannot purchase a laptop or most portable electronic devices, such as Personal Digital Assistants (PDAs) and phones, without having built-in Wireless Network (WiFi).

As a consumer of these devices, what has this growth meant for you? In the good old days, I would secure the information on my computer or network by isolation, not allowing outside access. As the Internet became more popular, our networks were extended to include this connection; of course, this added more risks. Today, we can minimize that risk by using technologies such as firewalls to reduce the danger, which again isolates our corporate secrets, but new technologies are constantly expanding the boundaries of our networks, introducing ever more threats. Wireless devices open our networks to anyone within their range. If I wanted to access your network using wireless, all I would need to do is sit in your parking lot and use a wireless device to form a connection. Traditional methods of securing our networks are not as effective in this type of situation.
So, what do I have to lose if I hack into your network? You might naively say that my information is not worth anything, but the fastest growing crime in America today is identity theft. According to the Federal Trade Commission (FCC), identify theft affects over 10 million Americans a year (FCC, 2005). Most home users keep a wealth of personal information on their computers-from bank accounts and credit card information to resumes and even letters to Mom-all of which makes your computer a target to would-be thieves.
The popularity of wireless access points has spawned a plethora of networks that are easily accessible. This was instrumental in the development of the War Driving culture. Anyone with a good wireless network card, external antenna and a Global Positioning System (GPS) can drive around your neighborhood looking for wireless networks. And there is evidence that some people may do so with criminal intent. One such event occurred in October, 2003, when three men using wireless detection gear commonly used by the average war driver accessed a popular home improvement store in Michigan and attempted to damage the store's computer systems (Poulsen, 2003). Luckily, these particular men were arrested by local law enforcement before they could do damage. Stories such as this one define public opinion and portray War Driving in a negative light because of its association with criminal activity.

Phoenix War Driving Research Project

In an attempt to change negative public opinion about War Driving and educate consumers about the need to institute wireless security methods on their networks, the University of Advancing Technology funded the Phoenix War Driving research project, which focused on gathering data concerning wireless access points in the Phoenix metropolitan region and the level of security that is utilized in these areas.

In the summer of 2004, the University of Advancing Technology (UAT) created the Phoenix War Driving research project, which used the equipment of the average war driver-the aforementioned wireless network card, external antenna and GPS-to demonstrate the need to implement wireless network security. Because this was a mobile project, laptops were allocated by the Information Technology (IT) department; because of the ease with which anybody can War Drive, there was no need to procure the most up-to-date equipment, so laptops that had been well-used by managers and deans were the perfect choice. No system is complete without the proper software: this was very easy to accommodate as the Operating System (OS) used was Linux, which is freely available on the Internet. To detect wireless networks and store this information, kismet, another free software program, was needed. In the Fall of 2004, student project volunteers configured and tested the war driving equipment that would be utilized for the Phoenix War Driving Research Project. Research project members armed with the properly configured hardware and software for the project began canvassing the Phoenix metropolitan area in the search for wireless access points in the Spring of 2005. Information-gathering and statistical analysis were the primary goals of the researchers-similar groups have grown around the world which take the information gathered by similar equipment and software and post it on the internet, where anyone can access it.

Over the course of the Phoenix War Driving project, the high number of unsecured access points discovered came as a surprise to our researchers. Over 103,000 wireless access points have been documented so far; 60% of them did not employ any method of security. What was even more surprising was that 10% of the wireless access points that were discovered used out-of-the box settings, the most dangerous of all configurations. The default setting of all access points are published in their manuals and the manufacture's website. These settings even include the username and password to change your settings. An unscrupulous person could change these settings, effectively locking you out of your wireless network.
During the data collection phase of the war driving project, 60% of the access points discovered had none of the built-in security settings turned on, demonstrating the need for a grassroots consumer education program to inform users of wireless networks about the importance of utilizing these security settings. As the War Driving research project continues, our focus will shift to the development of educational programs that inform the average consumer of the methods for securing wireless networks.