Queensland Police to go wardriving

Queensland Police will conduct a "wardriving" project to alert the public that their Wi-Fi networks are open or only trivially secure.
Written by Michael Lee, Contributor

Queensland Police will conduct a "wardriving" project to alert the public that their Wi-Fi networks are open or only trivially secure.


A variety of devices can be used to go wardriving, even the humble PDA.
(Lista Hotspots image by Arkangel, CC BY-SA 2.0)

The project has started as part of National Consumer Fraud Week, with Queensland Police focusing on wardriving, because they see unsecured wireless networks as a channel for fraudsters to easily gain information. Wardriving is where a user drives through a neighbourhood with a wireless device, looking for wireless hotspots and (usually) noting their location. This information can then be used to determine where open or encrypted networks are for future reference.

"Unprotected or unsecured wireless networks are easy to infiltrate and hack. Criminals can then either take over the connection and commit fraud online or steal the personal details of the owner. This is definitely the next step in identity fraud," detective superintendent Brian Hay said.

The project will be conducted by Queensland Police's Fraud and Corporate Crime Group, and makes good on a proposal raised by Hay at AusCERT in 2010 to conduct wardriving. According to Hay, the police have already identified a large number of homes and businesses in the greater Brisbane area that are not secure or have limited protection. He said that these people may as well put their bank account details, passwords and personal details on a billboard on the side of the highway.

While the police's biggest concern is wireless connections that employ no encryption, it is also concerned about hotspots that only employ WEP (wired equivalent privacy), which was shown over a decade ago to be trivial to crack.

"Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA [Wi-Fi Protected Access] or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection," Hay said.

While WPA provides better security, it isn't completely secure either. By listening to the network, a hacker can capture the handshake that occurs when a user reconnects (often due to being forcefully dropped from the network by the attacker) then go home, and spend the necessary time to brute force the handshake to determine the password if it is simplistic enough. Once they have this, they can then return on another day. Due to this, WPA2 still remains the best choice for protecting wireless networks.

After identifying which areas are vulnerable, the police will follow up with a letterbox drop in the area to inform users how to secure their hotspot.

This will not be the first publicised wardriving effort by an organisation that has been conducted in Australia. Google has been collecting information on hotspots to help aid users that use its Maps and Navigation products in the absence of a GPS device. Unfortunately, for the search giant, however, at the time of the survey, Google inadvertently collected data that was transmitted across open hotspots, sparking privacy concerns.

To avoid a repeat of this, Queensland Police will need to be careful about what information it gathers as the collection of the hotspot names, hardware addresses and type of encryption employed is public information, but data delivered over these networks, whether they are open or not, is not necessarily considered to be.

Editorial standards