4

I'm considering starting a neighborhood-wide wardrive, with the objective of raising awareness to the risks of running unsecured wireless networks.

Right now, I'm still in the planning stages of this project. The plan so far entails:

  • Loading up a laptop and vehicle with appropriate tools.
  • Drive through the entire area, to get a general map of wireless network coverage, and gather general statistics about the use (or non-use) of wifi security in the area.
  • Use gathered statistics to garner support from the local community organization, for further wardriving activities.
  • Use direction-finding antennae where appropriate, to identify buildings with unsecured or less-secure wireless networks.
  • Alert owners of vulnerable networks via personal visit, flyer on the front door, letter in the mail, or phone call.
  • Offer a free or low-cost consultation visit, to help the owner secure their network appropriately.

Currently, I do not run my own personal IT business. So, I'm more looking to do this as a service to the community - a "Neighborhood WiFi Watch" as I'd like to call it.

I'd like to do this in a way that is ethical, legal, and of course well-received in the local community. To this end, what laws, best practices, and other policies should I be mindful of when planning or executing this?

While answers addressing any region of the world are welcome, my particular project is in Florida.

Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
Iszi
  • 26,997
  • 18
  • 98
  • 163
  • 3
    You should specify country you are living in because it depends. Remember the recent case with Google and Germany. –  Jan 17 '11 at 15:46
  • 1
    I agree with @Ams specifying a country will help with this one. It sounds like a good project I've heard of similar things before. I would be careful with the notifications though as people can react in strange ways when they think they might be at risk even if your trying to help them. – Mark Davidson Jan 17 '11 at 16:06
  • 1
    I'm curious how you define "appropriate" security. Many places intentionally offer free wifi, separated from their internal network. In order to know what is appropriate, you'd need to know their goals and threat model, and I certainly wouldn't give that to someone who wandered by offering a "free or low-cost consultation visit". – nealmcb Jan 17 '11 at 17:24
  • @neal - In my particular case, "appropriate security" would be a WPA2-PSK/CCMP configuration. The area I'll be wardriving is primarily residential, so there is little to no good reason for an Open network unless someone wants to put up a honeypot. – Iszi Jan 17 '11 at 17:45
  • 1
    @Iszi - not really correct. I may be awkward, but I currently have a range of wireless networks, and one is a free, open community wireless hotspot. Others do the same. – Rory Alsop Jan 17 '11 at 17:53
  • 2
    @Rory - And that's fine. But those who do have those types of networks generally know what they're doing with them. I'm more targeting Joe User who thought that his network was just fine out-of-the-box. Your scenario might be worth including in an answer, though. Sort of as "If you find a location with multiple networks, and only one is Open, it's probably intentional." – Iszi Jan 17 '11 at 19:09
  • Good point Iszi - especially if you have accurate direction data. – Rory Alsop Jan 17 '11 at 20:37
  • @Iszi - its not just a question of someone hosting multiple networks, there are those kind souls who *on principle* have their network open, as a "community hotspot". *I* personally dont (though if you know me you can easily *use* my network, by design), but my neighbour has his open - and it is configured securely (for his purposes, of course). – AviD Jan 20 '11 at 00:44

4 Answers4

7

I am not a lawyer, so the following is just from experience:

We have found in most countries (exclude the really restrictive ones such as Germany) you should have no ethical or legal issues with wardriving and collecting info on where weak wireless networks are.

The problem is more around what you want to do with it - if you haven't been specifically engaged by the owner of a particular wireless network then the response you get when delivering a report to them could vary wildly from thanks to a lawsuit.

Collecting aggregate data is often safer, so for example you could deliver a presentation to a local community saying that out of x wireless networks, only 30% are secured correctly, and provide them with guidance on how to sort out security. I have done this in the past, for specific communities, and it was well received - with some of the attendees then engaging me on targeted security assessments.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • I like the idea of collecting and presenting aggregate data as a door-opener. I was at a Community Association meeting recently, with only 20 attendees out of a nearly 1,000-home community. Perhaps if I could get that organization behind me, and notices included in the monthly newsletter, the community at large might receive my efforts better. I've added this to my "plans so far" in the OP. – Iszi Jan 17 '11 at 19:22
2

Be mindful of how people will interpret '[a] low-cost consultation visit, to help the owner secure their network appropriately.'

I offer free pen testing work to open source projects and had one particularly unhinged developer claim (libelously) I was trying to blackmail them. I had even given them the patches and everything they needed to fix the issues, no obligation - with not even the slightest hint of payment. He went off on one and tried reporting me to the national media (which is interesting, given we came from different countries anyway).

I highly support Rory's approach. Anonymous data, presented to the community and those who want to engage can do so without (rightly or wrongly) feeling you're soliciting.

Rushyo
  • 627
  • 1
  • 5
  • 13
  • 2
    Its amazing what someone's ego will do. – Woot4Moo Jan 17 '11 at 18:08
  • 2
    And the depths of their dementia. – Greg Jan 18 '11 at 03:12
  • Actually I completely disagree with this approach. No doubt releasing information anonymously to the public (for their own good) seems like a good idea at the time... it rarely if ever is. I'm not refering to the OP being sued or whatever, or even vindictive home owners coming after him/her. If you are really going to the effort of providing a public service and not just hacking open networks, why wouldn't you also provide said information privately and confidentially like any other responsible service provider? – Anonymous Type Jan 19 '11 at 03:17
  • 2
    a) For the aforementioned reasons. b) You're not THEIR service provider. You're A service provider. There's no trust. c) I think you've misread 'anonymous'. The data is anonymous, not the person handing it over. As in: Charts, graphs. Not raw data. d) "it rarely if ever is" Disagree entirely. Responsible disclosure creates the best outcomes for community security problems. See Apache, Firefox, GNU et al. – Rushyo Jan 19 '11 at 12:04
  • 2
    e) It also provides no community education. If you tell people about problem X and how to address it, they don't learn anything. The experiences and lessons aren't passed on. f) Because there's no social element there's no impetus to behave differently in future issues. When people get AV warnings they don't change their browsing habits, they just act worse because their AV caught something. – Rushyo Jan 19 '11 at 12:06
  • 2
    and f) In many jurisdictions they would be within their rights to take you to court on privacy grounds if you do anything further than passive assessments. Delivering aggregated data protects you in some respects from implications that you are exploiting their weaknesses. – Rory Alsop Jan 19 '11 at 21:16
2

Many people will be suspicious of you even though your motives are noble.

I usually wardriving with my android phone & the wardrive app ITS working fine. But as you say with a directional antenna will allow you to find out exactly where the hotspot is.

NiklasS
  • 121
  • 1
1

In australia Google is looking like getting into trouble for a breach of privacy. This revolves around the fact that they collected user's wireless router MAC addresses, and stored that information alongside the users residential home address. Whilst this might sound fairly harmless, it appears to be an intrusion of privacy.

i.e. the same way that it would be illegal to go inside someones house an record details of their personal environment with a recording device, but different from (i.e. probably not as bad as) removing physical objects.

Anonymous Type
  • 463
  • 3
  • 9
  • is this in addition to the main trouble, which was because they accidentally recorded some traffic while trying to record SSID's - and the traffic may have included personal data? – Rory Alsop Jan 19 '11 at 02:15
  • I think so yes. The privacy commissions initial concerns were actually due to the fact that information was being collected from an individuals home which is crossing from the public domain into the private property boundary. – Anonymous Type Jan 19 '11 at 03:14