Wardriving and Warchalking – CompTIA Security+ SY0-401: 3.4


We’ve rapidly moved from chalk-based wireless network identification to completely automated wireless maps. In this video, you’ll learn about the history of warchalking and how today’s wireless crowdsourced mapping is accomplished.

<< Previous Video: Wireless InterferenceNext: Bluejacking and Bluesnarfing >>


If you’re wondering how the bad guys find your access point to begin with, well, it’s simple. They’re looking for them. But in some cases, they’re not just targeting you. They want to find access points wherever they might be. So there is something called wardriving that’s very common. You’ll find people hopping in their car. Now your Wi-Fi systems have very nice antennas you can connect to them. Many times there’s a GPS functionality that you could plug into this as well. You hop in your car and start driving around. In fact, you don’t even pay attention to what’s on the computer. Just drive around for while. The GPS is going to be monitoring where you go, and you’ll find that you collect a huge amount of information over a very short period of time.

If you’re using different software to find these access points– here’s one on my Mac called Kismac– and you can see just sitting in one place in my house, not even driving around, you can see all of the different access points around you– the ones not only in your house, but elsewhere. Now imagine driving around your entire neighborhood, around your entire city. You may be surprised at exactly what you’re able to see.

And the big challenge for us as security professionals is the ability to do this. It’s very, very, very easy. All of these tools are absolutely free. There’s something called Kismet. I’m using the Mac version of that called Kismac. There is the wireless geographic logging engine you’ll find at wigle.net net which allows you to take all of this data that you’ve created that you found by driving around and put it into a geographical database. It doesn’t have to be by car. You could also do this by bicycle. You could do this by connecting a wireless access point to a radio-controlled plane. This actually happens. And you’ll have people who go up in an actual plane and fly over an entire city to be able to see what’s going on. This is not unheard of. So your access points now become a data point in the big database that the bad guys are using to figure out where can they gain access to a wireless signal.

The results of all of this geographical data and GPS data, wireless information, all being combined together can create some very dramatic views of the world. You can start to see where people are finding access points, where there may be closed access points, open access points. And you can see exactly where you drove and where those access points were and how many you found. There is an amazing wealth of information out on the internet, some that’s being used for good, so that we know where these access points are and where you might be in relation to these access points, and some that might be used for bad. If you’re looking for open access points and ways to break into people’s networks, this is a very, very simple way to look at a map, go to a place, and see exactly what’s going on without wireless network.

Back before we had GPS connectivity and a way to drive around with a wireless device, there was a laptop. It was able to gather this information over long distances. We did something called warchalking. Or at least it was something that was mentioned. These days, it’s more of a historical footnote to how this whole wireless network generation came about. It used to be that we didn’t have this technology. There weren’t signs on the door that said there was free Wi-Fi. The people that had an access point that were plugging into the internet were very unusual to find.

And so there was this concept created called warchalking. If you were fortunate enough to find somebody who had a wireless network, this gentleman called Matt Jones created this set of symbols. So you could look on the sidewalk. Someone would have written in chalk or on the wall. Someone would have written in chalk some of these symbols to note whether there was an open node, a closed node, or one that was wireless encrypted. It even was the WEP node. There was no WPA back in those days. That way, if you happened to find one that was available, you could tell the world. You could say, oh, I found an open access point. Let me draw a big symbol on the sidewalk. Let me draw a big symbol on the wall, and let everyone else know.

Well, the situation, of course, since those days, has changed dramatically. These days it’s hard not to find a wireless access point that you can use. Almost everybody is putting them on their window, saying, oh, come in our place. Buy some food, buy something to drink, get some coffee. You can hop on our wireless access point. They’re using it as a sales tool, a marketing tool, to get you in the door. So although this warchalking isn’t used anymore, it’s really just migrated into another way that we can use to find out where can I go to get a wireless signal.