What the Results of the WorldWide WarDrive Mean

The results of the WorldWide WarDrives provide a snapshot of the wireless networks currently deployed throughout the world. In this section, we look at the results from the first three WorldWide WarDrives and how they have changed from one to the next. The progression of five areas are discussed: the total number of access points discovered, the percentage of those that have WEP enabled, the percentage that do not have WEP enabled, the percentage of access points with default SSIDs, and the percentage of access points with default SSIDs that do not have WEP enabled. We also look at what these results say about the state of wireless security.

Analysis of the Results

When the statistics for the first WorldWide WarDrive were generated, several categories of statistics were tabulated that were not particularly relevant to the security community. As the WWWD has progressed, the statistics have been honed down to a relevant set that gives an accurate view of the security posture of wireless networks that are deployed worldwide.

A total of 9374 access points were found during the first WorldWide WarDrive. Of those, 30.13 percent had WEP enabled. The second WWWD discovered 24,958 access points. The percentage of access points deployed with WEP enabled dropped 2.21 percent to 27.92 percent. The percentage of access points without WEP enabled went from 69.86 percent to 72.07 percent. The percentage of access points with default SSID increased from 28.53 percent to 35.27 percent, while the percentage of access points with default SSID that did not have WEP enabled went from 26.64 percent to 31.44 percent. These last two, at first glance, are the most disturbing. They represent the number of access points that were deployed with absolutely no changes made to the default configuration. This would allow anyone to connect to these access points without having to make any changes on their systems.

I was initially very disappointed with the results of the second WWWD. My first thought was that the message was not getting out and that the project was not worthwhile. A closer look indicates that this is not necessarily the case. The number of access points discovered for the first WWWD was extremely small in comparison to the number of access points that were actually deployed. It is likely that the results from the first WWWD were not truly representative of the overall wireless access points that have been deployed. The second WWWD, on the other hand, provided a much more realistic view of the true statistics. A larger statistical sampling will always provide a more accurate view. The primary differences between the first and second WWWDs, which took place only a few weeks apart, were the number of areas covered and the number of access points found (more than twice as many).

The changes from the second to third WWWD were more encouraging. A total of 88,122 access points were discovered during the third WWWD. This is more than triple the number found during the second WWWD. The results from the third WWWD provide the most accurate overview of the state of wireless networks deployed worldwide. The percentage of access points that had WEP enabled increased 4.34 percent from 27.92 percent to 32.26 percent. The percentage of access points that did not enable WEP dropped from 72.07 percent to 67.74 percent. Access points with a default SSID dropped from 35.27 percent to 27.83 percent while the percentage of those that also did not enable WEP went from 31.44 percent to 24.76 percent. This represents a 6.44 percent decrease in the percentage of access points deployed with “out of the box” configurations.

Implications of the Results in Regard to Wireless Security

The results of the last two WorldWide WarDrives give reason to be optimistic. Even with the largest statistical sampling, all of the statistical indicators were better from the third WWWD than the second. There is still a long way to go. End users are becoming more aware of the need to enable security features on their access points, but 67.74 percent of the users out there still aren’t using the most basic encryption on their wireless networks. Some of this can be attributed to users (mostly commercial) that allow access to their wireless networks only through a virtual private network (VPN) tunnel. The VPN tunnel is encrypted and, therefore, these networks do not use WEP. There is no way to determine the number of networks that fall into this category. Because the majority of the access points found during the third WWWD were discovered in residential areas, this is likely not a statistically significant amount.

The more disturbing statistic is the number of default or “out of the box” installations that are currently deployed. Nearly one of every four access points currently deployed has had no modifications made to the configuration. These access points can be accessed by anyone who discovers the signal. The message is getting out, but there are still a large number of people who are enjoying the benefits of wireless networking without eliminating the risk of their systems being compromised, or their network resources being utilized by unauthorized users. A complete step-by-step guide to locking wireless networks down is included in Chapter 10: Basic Wireless Security.