War driving is a technique in which an attacker physically drives around attempting to discover open or poorly secured wireless networks. This practice allows the attacker to exploit network vulnerabilities and gain unauthorized access to sensitive information. The goal of war driving is to identify targets, typically homes, offices, or businesses, with WLANs.
Key elements of War Driving
- Detection: War driving begins with the detection of nearby wireless access points using laptops, mobile devices, or any device with WiFi scanning capabilities.
- Mapping: After detecting the wireless signals, the attacker maps them using GPS or other location-based services.
- Analysis: Once the target is identified, the attacker analyzes the network security to find the weakness and vulnerabilities.
- Exploitation: Finally, the attacker exploits the discovered vulnerabilities to gain unauthorized access to the network.
War dialing is a similar attack method but involves calling numerous phone lines in search of modems and fax machines. War dialing allows the attacker to identify insecure phone lines and unauthorized access points.
Key elements of War Dialing
- Detection: War dialing starts by automating the process of calling a range of phone numbers using software, searching for modem or fax machine-tones.
- Mapping: The attacker collects the list of phone numbers that responded with an appropriate connection tone.
- Analysis: The attacker will analyze the phone lines to assess their security and vulnerabilities.
- Exploitation: The attacker exploits the discovered vulnerabilities to gain unauthorized access to the systems connected to the modems or fax machines.
To protect your network against war driving or war dialing, it’s important to:
- Implement strong security measures such as WPA3 or WPA2-Enterprise for WiFi networks.
- Employ proper firewall configurations.
- Disable broadcasting your SSID (network name) to make your WiFi network invisible to casual passersby.
- Use strong authentication methods for remote access systems.
- Regularly update your network devices with the latest security patches.
- Periodically conduct vulnerability assessments to stay ahead of potential weaknesses.
- Educate employees and users about the risks of unsecured networks and the importance of following security guidelines.