On Saturday, March 12th, 2011, for the 7^th time since 2007, students from the Wireless Networking program at Champlain College Saint-Lambert and their professor performed a wardrive in Montreal, Quebec, Canada as an educational activity.

Audit objectives

This was primarily intended as an educational activity inspired by media reports and documentaries on the vulnerabilities of home wireless networks. Similar activities had taken place in 2007, 2008, 2009 and 2010 with previous cohorts of students from the same program. As before, the principal objective from an educational point of view was to provide the students with hands-on experience in performing a wireless network audit). The general objective was to perform a partial area Wireless LAN audit and map the wireless networks (either home or business) that where found. This would give the students an idea of the current situation of wireless networks in the Montreal region.

As in the previous exercises, to respect the right to privacy of residents, students where instructed to only observed IEEE 802.11x data packets and signals present outside the limits of private property, never trespassing. Students had been strictly advised that all activities where being performed on public propriety as a community service activity. No attempt to access computer facilities, files or resources was to be undertaken by students. This was also done to respect Art. 342.1 of the Criminal Code of Canada.

Activity logistics

Thirteen (13) students participated from the WLAN Fundamentals course. The students where divided in teams of 2 or 3 students. Each team was assigned an area in various areas in the Montreal region. These where located in the cities and neighborhoods known as: Brossard, Laprairie, Verdun, Lasalle, Ville-‘arie (Downtown commercial area), Plateau-Mt-Royal, Hochelaga-Maisonneuve, Villeray-St-Michel, Ahuntsic and St-Laurent. Students who participated in the exercise where required to have a laptop per team, equipped with a wireless (802.11b and g) network adapter and an open source scanning software (Vistumbler). Those who did not have this equipment had it supplied to them by the College.

War driving or WLAN Security audit ?

War driving is the act of driving around an area searching using a laptop computer or a portable device (PDA, Scanner), to detect networks. The name War driving comes from war dialing, which has been popularized in the 1983 movie WarGames. As for the previous exercise, it was decided to call the exercise a WLAN Security Audit as War Drive has negative connotations.

War driving is possible because users of wireless networks, due to lack of knowledge, lack of adequate information, ignorance or laziness leave their wireless access points unsecured. In many cases the devices are unsecured because the default configuration that was in place when the device was purchased is still being used.

Findings

During the war drive a total of 11656 devices where found. For this article, all the devices where used to form the sample (n=11656).

Because the software used for the exercise was able to differenciate the various authentification standards used in wireless LANs, this information was also gathered. This had not been possible in previous exercises due to limitations in the Netstumbler software that had been used. This information is presented in table 2, below.

Based on the data, the situation seems to have stabilized. In the Fall 2010 sample, 25% of WLANs where unencrypted. However, this would seem to be an anomaly. The Winter 2011 results (12,6% open) are similar to the winter and Fall 2009 results. In the Fall of 2009 the result of 11,3% had been interpreted as an ongoing improvement from the already good result of 12.6% in the spring 2009 and much better that the 22.7% from 2008, the 24% from the Fall 2007 exercise and the 31% from the Winter 2007 exercise. Possible explanations for the results are a lack, or reduced visibility and budgets, of IT security awareness campaigns in 2010, which where held in Québec in 2008 and 2009.

As in all the previous exercises, the potential problem of the close proximity of multiple wireless devices using channel 6 was found. As before, the use of other channels, channel 1 and 11, has increased. These are distant enough (4 channels minimum) to avoid, or significantly reduce, interference. We also found that some AP’s where configured using channels : 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165. The raw summary data is available here: https://spreadsheets.google.com/ccc?key=0As-5UGmDMSQadF9xX3BYZjVhUS1VczNHMGtvWnhlRHc&hl=en

Conclusion

The students seemed quite pleased by the experience as per previous years, allowing them to visualize some of the theoretical concepts seen in class. In previous years the data had shown improvement in wireless network security. While the results from 2007 and 2008 where far from being an ideal situation, 2009 and 2010 results indicated that the trends that had been identified in the past continued. This is perceived as very positive.

Bibliography

Léger, Marc-André (2007, 2008, 2009,2010, 2011) Class presentation for the course WLAN Fundamentals, available on www.leger.ca