How “wardriving” puts vulnerable Wi-Fi on a map

Steering wheel with Wi-Fi symbol.

Wardriving is the act of physically searching for open and vulnerable Wi-Fi connections from within a moving vehicle. The goal is to use Wi-Fi capable devices, like laptops and smartphones, along with GPS to map wireless access points across a specific geographical area. 

Once data has been collated for said area, it is then usually submitted to third-party open-source map websites to create a digital map of unsecured Wi-Fi connections.

[Never a dull moment in tech. Keep up by getting the ExpressVPN Blog Newsletter.]

Wardriving is undertaken for a variety of reasons, ranging from the benign—like education, research, site surveying, and as a hobby—to the malicious, where attackers track and gain access to your network with the goal of stealing sensitive information like bank account details. 

It’s not just in cars. Other variations on the practice include warbiking, warcycling, warwalking, warjogging, wartraining, and warskating—which as you can probably guess from their names, involve different modes of transport. Each variation has its pros and cons, namely that they might cover different types of terrain and geographic density.

The name wardriving evolved from wardialing, an exploit technique seen in the 1983 film WarGames. Wardialing involves dialing all numbers in a given sequence—usually in a specific area code—in search of modems, computers, fax machines, or servers.

Is wardriving illegal?

While the practice itself isn’t illegal, there are aspects that are legally vague. For example, the practice of searching for and cataloging Wi-Fi networks is perfectly legal, as this would be a passive action and considered an exercise in data collection. Where it gets tricky is if wardrivers begin actively interacting with Wi-Fi networks, where “interaction” constitutes access to a private network. 

Taking this one step further is the concept of piggybacking, the act of accessing and using another person’s Wi-Fi connection without their knowledge or permission. The legal status of piggybacking varies across the world, ranging from ill-defined to illegal. 

In the U.S., a commonly cited example of how to define unauthorized access of a network is the case of State v. Allen, 260 Kan. 107 (1996), in which it was determined that “access” should be defined as: 

intentionally and without authorization accessing and damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property.” 

Where it had previously been defined as:

intentionally and without authorization gaining or attempting to gain access to or attempting to access, damaging, modifying, altering, destroying, copying, disclosing or taking possession of a computer, computer system, computer network or any other property.

How can I protect myself against wardriving?

There are several simple things you can do to ensure that your Wi-Fi connection is more secure:

  • Update your router’s default admin credentials as attackers can easily obtain default admin logins for various router brands.  
  • Adopt a stronger encryption standard by choosing the highest encryption level available to you.
  • Update your network’s password to be as complex as possible. If you’re stuck on how to do this, our Random Password Generator can help!
  • Consider turning off your router when it’s not being used or when you’re not at home. Further, perhaps consider opting for a wired connection at home where possible.
  • Use a firewall to limit unauthorized access attempts to your network.
  • Constantly update your software and device firmware to protect against malware and bugs.

Read more: No Wi-Fi, no problem: Hackers go low-tech to steal your data

Hi, you've reached Marcus. Dial '1' for privacy, '2' for point and click adventure games, and '3' for paranormal stories. For all other enquiries, please stay on the line and he'll be with you shortly.