Skip to main content
Man sitting with his laptop and phone in a business possible vulnerable to wardriving attacks.

A wardriving attack involves an attacker seeking out publicly available Wi-Fi networks with the intent of finding a vulnerable connection to attack. The process typically has an attacker driving around businesses or residential areas with a laptop, tablet, or smartphone that has software designed to locate open Wi-Fi connections. Unlike many cyberattack methods, the process of searching for open Wi-Fi connections is not illegal by itself, and searching for open internet connections is something most smartphones do automatically. However, malicious actors will come back to the vulnerable connections they find to conduct cyberattacks and steal data from businesses or private networks.

How Wardriving Works

Attackers begin the wardriving process by setting their vehicle up with an antenna or other hardware necessary for picking up as many signals as possible from the area they are in. They will also use legal and freely available software to locate and attempt to connect to open Wi-Fi signals in their area. Once a network is found, the attacker will use illegal means, such as brute forcing a Wi-Fi router’s password, to acquire unauthorized access to the network and begin launching further attacks. While wardriving is most associated with a vehicle, malicious actors can look for vulnerable networks by biking or walking around an area to look less suspicious while setting up their attack.

Further Attacks on SMBs

If an attacker successfully gains unauthorized access to a network through wardriving, they can potentially gain access to devices on the network, monitor network traffic, and/or launch malware attacks. This can lead to information quietly being stolen from the business over a long period of time or a successful ransomware attack that shuts the business down. When a hacker has gained access to a business’ Wi-Fi connection, anyone who uses that connection is also at risk of having their information stolen or malware attacks launched on their device. Wardriving sees continued use by malicious actors because businesses often prepare for other attack vectors and are taken by surprise when their Wi-Fi connection is not protected.

Mitigation Strategies

To help mitigate the threat of wardriving attacks, businesses should change their router’s factory-set password as soon as possible and consider encryption methods for their network. Security solutions, such as a next-generation firewall and network detection and response tools, can be used to automatically detect attackers trying to break into the business’ network and prevent entry. It is also recommended to update network equipment and make diligent patching a business best practice. Malicious actors often take advantage of unpatched technology by leveraging exploits that have recently been patched in the hopes of finding a business that has not updated their hardware and applications.

Summary

While searching for open Wi-Fi networks itself is not illegal, wardriving begins when malicious actors do so to gain access to vulnerable business networks. Once they find an improperly secured network, hackers will break into it and begin launching attacks on the business and anyone connected to the network. SMBs should implement strong security solutions and patching best practices to help prevent these attacks. To further improve the business’ security posture, SMB owners can work with a local IT consultant like Robinett Consulting to identify vulnerable areas of your business’ network and create a customized plan to get your business operating securely!

Robinett Consulting

Author Robinett Consulting

At Robinett Consulting, we are your consultative partner who strives to grow your business and have technology truly enabling you. We aim to understand you and your business so that you do what you do best unhindered by your IT.

More posts by Robinett Consulting