What Does Your Wife Think About Wardriving?

October 30, 2010

Security, Technology, Wireless

For those who have read my blog for any amount of time, you already know that I am oddly fascinated with security.  Am I a certified information security professional?  No, I am not – at least, not yet.  Nevertheless, I have been fascinated by both the techniques and the ethics of hackers.

And that fascination is nothing new.  I installed my first WiFi access point last century.  And I have had WiFi access within my home ever since.  I did my first “war-walking” through my neighborhood in 2002.  Then, I had a laptop an a PCMCIA card.  And it was fun to know just how few of my neighbors had installed WiFi into their houses.  Those that had taken the plunge were woefully under-secured.

But things sure have changed in the last decade.  Now, over half of my neighbors also have WiFi.  And more importantly, most have some form of security on their networks.  At the same time, the tools I use have also changed.  I now have a Droid 2 phone.  And I am using tools like Wardrive and Wigle Wifi.

I have done two simple “wardriving” runs since I got my Droid 2.  The first was on a car drive coming home from work.  The second was on a bike ride to work.  What fascinated me was just how many access points I found within such a small area.  And more startling was the fact that I had found a thousand “new” access points and networks.  [Note: “New” means that wigle.net did not have a record of this device at the specific GPS coordinates that I provided.]

After a very long day yesterday, I decided not to ride my bike home.  I just didn’t have the heart to fight traffic after eleven hours at work.  So I rode home with my wife.  And I talked to her about my day.  When I told her that I had done some wardriving, she was appalled.

As a geek, I was perplexed by her response.  When I was riding my bike and collecting data, I was just inventorying the packets that were available from the street.  And I was not even trying to probe the defenses of these networks.  I was just cataloging the packets that my phone collected as I rode by.  Nevertheless, my wife thought that I was doing something nefarious.  I bristled at her “lack of understanding” of the simple and innocuous inventory I had collected.

But after several hours of thinking about her comments, I think I can understand her objection.  Most of the people that have WiFi access points have no idea about computer security, licensed and unlicensed RF spectrum, existing law (in the form of local, state and federal statutes) or even the curiosity of hackers.  What these users are doing is simple: they are using their home systems to perform simple tasks.  And they are expecting a certain degree of privacy – even if they are doing the equivalent of electromagnetically shouting through their windows.  Basically, people are assuming and expecting privacy.  And to collect their carelessly scattered packets is a violation of an implicit trust arrangement.

But was I a party to that trust arranggement?  No, I was not.  Nor were these people’s neighbors party to any such agreement – either implicit or explicit.  Nor was Google a party to this implicit agreement.

Nevertheless, I can hear my wife blaming Google as well as blaming myself.  Is she right?  As a geek, I scream my objections to her misunderstanding.  But when I really consider her argument, she may very well have a point.  Yes, these people are ignorantly casting their data out into the air and onto the streets.  And I willingly picked up that data.  Am I attempting penetration of their networks?  Of course I’m not doing that.  But I am sifting through the junk they are throwing out.

I’ve come to a simple conclusion: I wasn’t “wardriving” at all.  Instead, I was doing the equivalent of electronic dumpster diving.  They are leaving important trash un-shredded.  And I am rummaging through their ignorance.

Should I stop collecting such small and insignificant packets?  After all, I am not doing anything illegal.  Nevertheless, I must now carefully consider my wife’s thoughts before I do my next “wardriving” run.

And even more importantly, I must rethink whether or not this activity become illegal/immoral when someone like Google does it.  It may be tenable when it is done by a lone and curious geek.  But does it become something more “sinister” when it is done by a large and “menacing” corporation?   I don’t know.  But I’ll have to think about it.  What are your thoughts on the matter?

-Roo

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

Advertisements
, ,

Subscribe

Subscribe to our RSS feed and social profiles to receive updates.

2 Comments on “What Does Your Wife Think About Wardriving?”

  1. teknophilia Says:

    Wardriving is definitely seen by most people as somewhat nefarious, and I guess the name doesn’t exactly help either. I think Google just brought the issue to light, people who thought they were safe (and may even have been hacked by someone else) suddenly found out they were exposed.
    P.S. have you looked at Firesheep?

    Reply

    • cyclingroo Says:

      Thanks for your thoughts on the subject. I do agree that folks who live with open WiFi access points are inviting trouble – whether they realize it or not. But is it appropriate to widely publish the vulnerability w/o first giving notice to the owner? I’m not so sure. Part of me says that I have an obligation to stop and tell those who are at risk. But I don’t have time to stop and tell the 260+ owners of open access points that I ride by every day.

      As for Firesheep, I have extremely mixed feelings. I want to give props to the coders who put together this demonstration. Even Bruce Schneier has something to say about it (http://www.schneier.com/blog/archives/2010/10/firesheep.html). But I wonder about releasing such a tool to folks who will exploit it for ill purposes. Indeed, this one reminds me a lot of SATAN/SAINT from a few years ago. Developing such tools is not “evil” per se. But willfully releasing such tools into the hands of folks who WILL exploit them is intentionally irresponsible.

      But I do hope that these kinds of things will only strengthen general security as folks scramble to patch holes and address ignored vulnerabilities.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s