Wardriving in London 2007
by Alexander Gostev - Senior Virus Analyst, Kaspersky Lab, VirusList - Friday, 1 June 2007.
It is known that nearly 90% of all WiFi networks worldwide use ESS/AP hotspots.

In 2006 Canary Wharf’s figures were almost identical to figures worldwide. This year the number of peer-to-peer connections fell slightly and amounted to 7%. This may indicate that WiFi devices with this kind of connection are decreasing in popularity (printers, for example), although overall these figures are within the margins of error.

The figures did not change much for London as a whole (unlike Canary Wharf) and showed a slight increase in the number of peer-to-peer connections. At just 1%, this increase is very small, but considering the total rise in the number of wireless hotspots in London, we can see that this trend is clearly indicative. Perhaps in the future London will catch up with Paris’s 13%.

Default configuration

Networks with default settings are a juicy target for hackers who specialize in wireless networks. As a rule, the SSID default means that the administrator of the hotspot has not changed the name of the router. This also indirectly shows that the account administrator is using the default password. It is very easy to find information about default passwords for different equipment makes and models on the Internet. Once a hacker knows the manufacturer (see Equipment manufacturers) a hacker can gain full control of a network. In London in 2006, default settings were found on 3.68% of the city's networks and slightly over 3% of Canary Wharf's WiFi hotspots.

One of the most effective means of protection against wardriving is disabling the SSID. The chart below shows a breakdown of the networks found according to these two factors.

As the graph shows, the default SSID figures for Canary Wharf halved to 1.5%. However the number of networks with disabled SSIDs has fall from a record 30% to a more modest 19.4%.

La Defense is still in the lead for this category, with 26% of its WiFi networks using disabled SSIDs.

It may seem odd but the decrease was noted for London as a whole as well, from 32% to just over 13%. The drop in networks using default configuration from 3.68% in 2006 to just 1.07% in 2007 is a positive sign and is a new record low.

Subliminal advertising

One interesting phenomenon is the tendency to use hotspots for subliminal advertising. Every client attempting to connect to a network will look at the list of accessible networks. Using web addresses as hotspot names can serve as an additional means of attracting new clients to the site. The first networks that we saw using this technique were in Warsaw, where they accounted for roughly 3% of all networks. This approach was found in London as well, and although only 1% of WiFi networks used this tactic, it can still be seen as a certain trend.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th