Perils of Wardriving

Free WiFi hotspots are tempting. If yours isn't secure then it might be tempting somebody right now. I read an interesting comment recently on the Infosec News mailing list in response to a story about someone who is apparently warning people about phishing attacks via hotspots. The odd part about the story is that the alleged attacks aren't phishing, it's a simple bait and attack scam.

It's fairly common knowledge at this point that some people setup hotspots using the WiFi cards in their own computers hoping somebody will connect. Once a connection is made then an intrusion attempt begins against the machine that connected. It's an easy way for intruders to gain access to easy targets. Obviously it's not very smart to use any WiFi hotspot you come across just because it's there and it's open.

Now the really funny part about the comment I read is what the person did with his own WiFi access point to help stop intruders from trying to break in or use it without permission. He changed the default SSID from "Linksys" to a phone number. The idea is that "wardrivers" who find his hotspot will dial the number to see who answers. After all, if you're scanning for APs and see an SSID that looks like a phone number then dialing the number seems like a logical next step. Wardrivers probably can't resist the temptation.

Can you image what would go through the mind of a "wardriver" when that person dials the number they found in the SSID only to hear somebody on the other end of the line answer, "NIPC, how can I help you?"


Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.