Network News

X My Profile
View More Activity

Wigle.net: The 411 on Wireless Access Points

If you thought your wireless network was too remote or obscure to find, you might want to think again. There's a non-trivial chance that the name of your network and its precise geographic coordinates are already mapped out and searchable by anyone with a Web browser.

At least for U.S.-based networks, probably the best place to find that information is at the free database maintained by Wigle.net. The Wireless Geographic Logging Engine is a Web site that maps data gathered by "wardrivers," geeks who enjoy cruising around with open laptops connected to global positioning system (GPS) devices in order to chart the distribution of wireless networks.

wigle.jpg

WiGLE's database allows anyone to search for a wireless network by geographic area or by the name of the service set identifier (SSID), the moniker either manually or otherwise automatically assigned to all wireless access points. Wireless routers broadcast their SSIDs as a way of inviting users nearby to connect with the network.

A successful search yields a plethora of data about each wireless network, including its name, the longitude and latitude of the network (viewable on a street map with an extra click), and whether the network is protected by encryption (WiGLE doesn't differentiate between networks protected by WPA encryption or those guarded by the far less secure WEP encryption, since most wardriving software used to collect this data does not distinguish the two).

Apart from catering to rabid wardriving enthusiasts, WiGLE also attempts to foster an increased awareness of the need for security when using wireless networks, said Andy Carra, who co-founded WiGLE in 2001.

"Showing that wireless networks are easily and publicly visible to anyone nearby has proven an effective means of explaining the need for host security and encryption of network traffic," Carra said in an e-mail to Security Fix.

It's okay to leave the SSID on your router to the default, unless you've not bothered to protect the router with encryption or change the factory default user name and password that's needed to administer the router.

Why is changing the default settings on wireless access point a big deal? Because there are plenty of Web sites that list the default user names and passwords built into every brand of router out there. If you operate a wireless access point using the default settings, not only would a local passerby be able to use your network to browse the Web, but he or she also could change the configuration on the router to keep track of the Web sites you're visiting, route your traffic through another network, or block you from being able to view certain Web sites. Not incidentally, there also is malicious software circulating these days that will make some of those changes for you if you haven't altered the router's default password and/or user name (yes, you can generally change both the user name and the password if you like).

For instance, if I were looking for an exposed wireless network, I'd probably start by searching the local zip code for the default SSID assigned to many popular routers. After all, these would most likely be the networks powered by users who yanked their shiny new routers straight out of the box and plugged them right into the user's modem without modifying a thing. A search for access points named "linksys," - the factory default SSID for routers made by the company by the same name, for example -- turns up approximately 1,591,085 results in WiGLE's database. See the graphic below for a glance at the Top 1000 SSID names (most of the others at the top of the list in the left hand column also are default SSID names).

ssid.jpg

According to the latest stats on WiGLE, roughly 37 percent of the networks listed in its database are unencrypted and wide open for anyone to use. That's a fair number of exposed networks when you consider that WiGLE has the goods on more than 16 million wireless nets across the country (another 8,204 wireless networks with location data were added to WiGLE during the 24 hours I was researching this post).

I couldn't find my own wireless networks in WiGLE, but I was able to locate my father-in-law's encrypted network just by searching for his (very unique) SSID. It pulled up a nice zoomable map of his neighborhood in suburban Maryland, with the name of the SSID beside the approximate longitude and latitude of his house. Just out of curiosity, I punched those same coordinates into Google Earth, which sure enough zoomed straight into a shot directly above his backyard.

If you are running a wireless network and haven't changed the default user name and password, or set it up to use encryption, take a few minutes to do that. If you're not sure how to do these things, this site has some easy-to-follow video and text primers on four of the most widely used wireless routers on the market.

Incidentally, if you find your wireless network in WiGLE and want it removed from the database, e-mail the site administrators at this address and they will gladly nix it for you.

So how about it, dear Security Fix readers? Has your Wi-Fi network been logged by the WiGLE wardrivers? Let us know in the comments below. Or if you have questions about this post or other security matters, join me at 11 a.m. ET for a live Web chat.

By Brian Krebs  |  September 26, 2008; 7:30 AM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Apple, Mozilla Push Security Updates
Next: Microsoft, Washington State Sue Scareware Purveyors

Comments

I had some trouble using WiGLE because of being stuck on IE6 (thanks, corporate overlords!), but I finally zoomed in to my neighborhood and was happy to see that my network is not listed. I use MAC filtering, don't broadcast my SSID, and have changed the default password on my router. I know I need to turn on WPA. I guess that's a good project for this rainy weekend.

Posted by: Anonamoos | September 26, 2008 8:43 AM | Report abuse

It looks like they haven't hit my neighborhood. I don't broadcast my SSID, have changed my password, use WPA, and limit logons to my own laptop and Soundbridge radio MAC addresses.
I do know, however, that most of my neighbors have not even changed their passwords or made their networks secure as I can log on at will (although I don't).
Also it is a shame that ISPs don't do more to help in this regard. My parents got FIOS from Verizon and the technician who set their system up left their connection broadcasting a wireless signal even though they have no wireless computer in use. I quickly disabled this and changed their password but how many haven't done this?

Posted by: John | September 26, 2008 1:01 PM | Report abuse

Yup, I found my SSID. It was correctly located on the map, too. The cool part is now I know to whom all those other SSIDs I see whenever my computer/phone searches for a wireless network belong. The scary part is mine is the only dot colored green in a sea of red dots. Apparently green means it has a high Quality of Service or uptime. I assume that would make me a better target for hackers. I believe I am sufficiently locked down, however, since I am an avid reader of this blog. Thanks, Brian!

-TZ

Posted by: Toddzilla | September 26, 2008 1:26 PM | Report abuse

I'm kind of surprised I'm not on there, because plenty in my area are, and I am bad about always leaving the connection on. It's got WPA security but I don't think I've done anything else to protect it. I guess I should look into that.

Posted by: A | September 26, 2008 1:40 PM | Report abuse

Oh, I did change the SSID but it is broadcast.

Posted by: A | September 26, 2008 1:41 PM | Report abuse

TZ- I should have mentioned in the post: I originally thought that the red and green dots on the map indicated whether the APs were encrypted or not. They don't. That information is available if you look at the text listings for each AP, but not the maps. The green dots indicate APs that have been observed/mapped by more than one wardriver, whereas the red ones indicate only one wardriver had mapped that AP.

Posted by: Bk | September 26, 2008 1:41 PM | Report abuse

Notice how many are on major bridges crossing the Hudson River! Guess they're RVs and cars with laptops on the seat? That changes some perspective on how many are along highways (I had at first figured they all were homes and businesses).

Posted by: Bh | September 26, 2008 7:25 PM | Report abuse

I didn't find my network or any others within a few miles, so I guess nobody has snooped here yet.

I was unprotected for my first 6 months online, and I put the blame squarely on Verizon. Wireless router protection should be a top priority in setting up a home network, yet ABSOLUTELY NOTHING was mentioned in any literature or the account set-up disc.

The Verizon-supplied Westell wireless router install kit was no better. A little 3x5 slip of paper with instructions to find and enter the WEP key was all I got.

Only after reading about it here did I find and download the PDF from Westell and set it up the RIGHT way.

:-(

Posted by: Keith Warner | September 29, 2008 3:38 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company