Queensland Police to go wardriving

Queensland Police to go wardriving

Summary: Queensland Police will conduct a "wardriving" project to alert the public that their Wi-Fi networks are open or only trivially secure.


Queensland Police will conduct a "wardriving" project to alert the public that their Wi-Fi networks are open or only trivially secure.

A variety of devices can be used to go wardriving, even the humble PDA.
(Lista Hotspots image by Arkangel, CC BY-SA 2.0)

The project has started as part of National Consumer Fraud Week, with Queensland Police focusing on wardriving, because they see unsecured wireless networks as a channel for fraudsters to easily gain information. Wardriving is where a user drives through a neighbourhood with a wireless device, looking for wireless hotspots and (usually) noting their location. This information can then be used to determine where open or encrypted networks are for future reference.

"Unprotected or unsecured wireless networks are easy to infiltrate and hack. Criminals can then either take over the connection and commit fraud online or steal the personal details of the owner. This is definitely the next step in identity fraud," detective superintendent Brian Hay said.

The project will be conducted by Queensland Police's Fraud and Corporate Crime Group, and makes good on a proposal raised by Hay at AusCERT in 2010 to conduct wardriving. According to Hay, the police have already identified a large number of homes and businesses in the greater Brisbane area that are not secure or have limited protection. He said that these people may as well put their bank account details, passwords and personal details on a billboard on the side of the highway.

While the police's biggest concern is wireless connections that employ no encryption, it is also concerned about hotspots that only employ WEP (wired equivalent privacy), which was shown over a decade ago to be trivial to crack.

"Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA [Wi-Fi Protected Access] or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection," Hay said.

While WPA provides better security, it isn't completely secure either. By listening to the network, a hacker can capture the handshake that occurs when a user reconnects (often due to being forcefully dropped from the network by the attacker) then go home, and spend the necessary time to brute force the handshake to determine the password if it is simplistic enough. Once they have this, they can then return on another day. Due to this, WPA2 still remains the best choice for protecting wireless networks.

After identifying which areas are vulnerable, the police will follow up with a letterbox drop in the area to inform users how to secure their hotspot.

This will not be the first publicised wardriving effort by an organisation that has been conducted in Australia. Google has been collecting information on hotspots to help aid users that use its Maps and Navigation products in the absence of a GPS device. Unfortunately, for the search giant, however, at the time of the survey, Google inadvertently collected data that was transmitted across open hotspots, sparking privacy concerns.

To avoid a repeat of this, Queensland Police will need to be careful about what information it gathers as the collection of the hotspot names, hardware addresses and type of encryption employed is public information, but data delivered over these networks, whether they are open or not, is not necessarily considered to be.

Topics: Security, Government, Government AU, Networking, Wi-Fi

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Actually this is rubish. My sister tried complaining to the QLD police that a neighbour was stealing her download allocation. She had her WIFI enabled and kept on changing her password to the modem and the passphrase but he would still workout the new passphrase. We identified the MAC etc but they were not interested. So I just put this down to a beatup release just to make the current government look like it's acting.
    • Actually, I think plod are trying to prevent people from leaving their WiFi access points completely unprotected, as it allows for largely untraceable access to The Internet.

      The presumption seems to that closing some of the local points of entry will have a tangible effect on large-scale malicious activity (e.g. system-cracking, DDOS & spamming).

      The much smaller-scale crime of stealing your bandwidth (or accessing your local network) will be of no interest to the people running this public-awareness campaign.

      Though I agree with you: They're doing it wrong.

      Re: Your sister's WiFI - Make sure you've got a reputable brand with WPA2+ security. Some cheaper brands may used flawed security systems and WEP is widely known to be broken (Can be cracked in a matter of tens of minutes, given the right environment).

      Or better yet: Don't use WiFi - use a cable - It's faster, less prone to interference, much more secure from crackers and thieving neighbors.
  • It's due to action of fraud people.
  • How will they identify networks that aren't using encryption but have other types of authentication and protection in place, like hotel networks commonly do? Are they going to go connect to all of the open networks and start trying to access things on them to confirm they are indeed accidentally left open? Are they going to break the law to discover these flawed networks? Are they going to investigate themselves like they did that presenter from AusCERT 2011 for doing similarly positive work last year? This is all very amusing.
  • Sure their methods might not be perfect, and yes they could probably do it better but at least they are trying.

    The real problem is people that are too dumb or too lazy secure their networks. What can we do about lazy and dumb people? They are just as much a threat to security as criminals are.

    I setup an internet connection for my sister recently I setup wireless for her so she could use her laptop wirelessly. I made sure it was secure, used WPA2, changed the admin password for the router, chose a secure password for the wireless network etc... I even wrote down the password for her and everything but she still **** and moaned that she wanted a password she could remember, but if she could remember the password then it wouldn't be secure because she would choose a lame password like the name of her dog or something. Just goes to show people are their own worst enemy when it comes to security.

    I don't feel sorry for anyone that gets hacked, looses money, has their ID stolen etc... because they haven't secured their network or take security seriously. Contrary to popular belief it's really not that hard to make sure your PC is secure.
    • Hey Jingles, even if you have a 63 character key while using WPA2 on the majority of consumer routers there is a possibility of being hacked as WPS is switched on by default in about 90% of routers. By hacking the WPS it doesn't matter how good your passwords are as you can take control of the password register for the router and then re issue a new password to take control of the router.

      I would strongly suggest that everyone firstly disables WPS on their routers. In addition I would recommend that a secondary security method in addition to WPA 2 be deployed too.