Wigle.net: The 411 on Wireless Access Points
If you thought your wireless network was too remote or obscure to find, you might want to think again. There's a non-trivial chance that the name of your network and its precise geographic coordinates are already mapped out and searchable by anyone with a Web browser.
At least for U.S.-based networks, probably the best place to find that information is at the free database maintained by Wigle.net. The Wireless Geographic Logging Engine is a Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks.
WiGLE's database allows anyone to search for a wireless network by geographic area or by the name of the service set identifier (SSID), the moniker either manually or otherwise automatically assigned to all wireless access points. Wireless routers broadcast their SSIDs as a way of inviting users nearby to connect with the network.
A successful search yields a plethora of data about each wireless network, including its name, the longitude and latitude of the network (viewable on a street map with an extra click), and whether the network is protected by encryption (WiGLE doesn't differentiate between networks protected by WPA encryption or those guarded by the far less secure WEP encryption, since most wardriving software used to collect this data does not distinguish the two).
Apart from catering to rabid wardriving enthusiasts, WiGLE also attempts to foster an increased awareness of the need for security when using wireless networks, said Andy Carra, who co-founded WiGLE in 2001.
"Showing that wireless networks are easily and publicly visible to anyone nearby has proven an effective means of explaining the need for host security and encryption of network traffic," Carra said in an e-mail to Security Fix.
It's okay to leave the SSID on your router to the default, unless you've not bothered to protect the router with encryption or change the factory default user name and password that's needed to administer the router.
Why is changing the default settings on wireless access point a big deal? Because there are plenty of Web sites that list the default user names and passwords built into every brand of router out there. If you operate a wireless access point using the default settings, not only would a local passerby be able to use your network to browse the Web, but he or she also could change the configuration on the router to keep track of the Web sites you're visiting, route your traffic through another network, or block you from being able to view certain Web sites. Not incidentally, there also is malicious software circulating these days that will make some of those changes for you if you haven't altered the router's default password and/or user name (yes, you can generally change both the user name and the password if you like).
For instance, if I were looking for an exposed wireless network, I'd probably start by searching the local zip code for the default SSID assigned to many popular routers. After all, these would most likely be the networks powered by users who yanked their shiny new routers straight out of the box and plugged them right into the user's modem without modifying a thing. A search for access points named "linksys," - the factory default SSID for routers made by the company by the same name, for example -- turns up approximately 1,591,085 results in WiGLE's database. See the graphic below for a glance at the Top 1000 SSID names (most of the others at the top of the list in the left hand column also are default SSID names).
According to the latest stats on WiGLE, roughly 37 percent of the networks listed in its database are unencrypted and wide open for anyone to use. That's a fair number of exposed networks when you consider that WiGLE has the goods on more than 16 million wireless nets across the country (another 8,204 wireless networks with location data were added to WiGLE during the 24 hours I was researching this post).
I couldn't find my own wireless networks in WiGLE, but I was able to locate my father-in-law's encrypted network just by searching for his (very unique) SSID. It pulled up a nice zoomable map of his neighborhood in suburban Maryland, with the name of the SSID beside the approximate longitude and latitude of his house. Just out of curiosity, I punched those same coordinates into Google Earth, which sure enough zoomed straight into a shot directly above his backyard.
If you are running a wireless network and haven't changed the default user name and password, or set it up to use encryption, take a few minutes to do that. If you're not sure how to do these things, this site has some easy-to-follow video and text primers on four of the most widely used wireless routers on the market.
Incidentally, if you find your wireless network in WiGLE and want it removed from the database, e-mail the site administrators at this address and they will gladly nix it for you.
So how about it, dear Security Fix readers? Has your Wi-Fi network been logged by the WiGLE wardrivers? Let us know in the comments below. Or if you have questions about this post or other security matters, join me at 11 a.m. ET for a live Web chat.
September 26, 2008; 7:30 AM ET
Categories: Safety Tips
Save & Share: Previous: Apple, Mozilla Push Security Updates
Next: Microsoft, Washington State Sue Scareware Purveyors
Posted by: Anonamoos | September 26, 2008 8:43 AM | Report abuse
Posted by: John | September 26, 2008 1:01 PM | Report abuse
Posted by: Toddzilla | September 26, 2008 1:26 PM | Report abuse
Posted by: A | September 26, 2008 1:40 PM | Report abuse
Posted by: A | September 26, 2008 1:41 PM | Report abuse
Posted by: Bk | September 26, 2008 1:41 PM | Report abuse
Posted by: Bh | September 26, 2008 7:25 PM | Report abuse
Posted by: Keith Warner | September 29, 2008 3:38 PM | Report abuse
The comments to this entry are closed.