By now most everyone is familiar with the recording breaking data theft that occurred at T.J. Maxx. Hackers used poorly secured wireless access points to intercept customer records. But big business is not the only and not the most common target of wireless hacking.
The hacking technique known as wardriving is the act of scanning for wireless access points, or networks, from a moving vehicle. With the right tools the hacker has the ability to see, record, log, and locate nearly any wireless access point. Once upon a time hackers would mark the curb or street where the access point was located so that they and their cohorts could locate it again, this was known as 'chalking'. However technology has changed this and finding wireless access is a simple mouse click away.
Wigle.net is an online repository of wireless access points located all over the world. From this site anyone can simply browse an interactive Google map and locate millions of wireless access points, according to their site 19,776,866 to be exact. The information from this site does not guarantee that a hacker will be able to gain access to the networks. But is does give the would-be wireless leach a good place to start looking.
In 2004, 100 students in Seattle Washington were able to locate 5,225 wireless access points in the Seattle area. Of those 52% of them were not configured with any security and were ‘open’ for anyone to connect to. (source)
While those numbers are outdated, it is still not uncommon to find a huge number of wireless networks that use no security or poor outdated security. The ‘out of the box’ configuration of most any wireless access points would allow a hacker to not only gain access to the wireless network, but gain access to devices on that network.
Once connected the hacker could be able to intercept any communications and data. They could inject malicious code, reconfigure devices, or deny the network owner access to their own network. They could intercept banking transactions, prescription and medical information, credit card information, Social Security Numbers, and anything else traveling across the network or even stored on computer in the network.
It is important that you not simply unpack that new wireless device and plug it in without reviewing the documentation and configuring the security mechanisms on the device. Stay away from the WEP security as it is outdated and is now easily hacked. WPA or preferably WPA-2 should be your first choice in 'out of the box' configuration of your wireless access points.
Beyond configuration of the devices, think about where you are going to place the device. Things like walls, trees, insulation and other solid objects will reduce the signal of the device making it harder for someone to connect from the street or sidewalk. It may be better to place your access point in the back of your house rather than the front of your house. Some devices come with two antennas, can you remove one antenna to reduce the signal while still getting access, maybe? And it is a great idea to change that administrator password that is printed in the documentation.
Go to Wigle.net and see if your access point is recorded on that site. If you live in a populated area, the odds are, it is.
John "Mike" Wright