Wardriving Still Effective for Stealing SMB’s Valuable Data
There’s good news for Seattle SMBs. Seattle police busted a group of cybercriminal “wardrivers” who have allegedly been cruising the city and stealing credit card data from unsecured Wi-Fi connections for the past five years.
Whether you’re located in the Emerald City or not, SMBs that have insecure or open wireless access points are at risk of falling victim to wardriving tactics, in which hackers search for vulnerable Wi-Fi wireless networks in a moving vehicle using a portable computer. Wardriving hardware can detect a wireless network from up to five miles away and there are programs that search out and automatically attempt to gain access and catalog wireless networks.
It’s not just open/insecure wireless access points that you need to be concerned with. Many small businesses have older wireless access points that use an inferior encryption technology called WEP, which can be cracked by wardriving software programs in seconds.
Once hackers are in, they have free access to your business or corporate internet. They can access your files and computers, infecting your equipment and stealing your personal information and banking credentials. They can also steal your bandwidth to crack into computers, send spam, or download illicit or illegal images.
Although hackers employ increasingly advanced methods to steal your valuable data, the old standards such as wardriving are still active and effective. And, SMBs are becoming more desirable targets for attack.
You can take steps to improve the security of your Wi-Fi network. Here are some tips to help protect your business from wardriving tactics:
• Use a modern encryption standard. Use WPA-PSK or WPA2 encryption or higher. Using no encryption at all is like leaving your door open for anyone to walk in. If your wireless router doesn’t include WPA2, get a new one.
• Use a passphrase for the encryption password. Passphrases are longer than passwords—20 to 30 characters or more is typical.
• Use a secure password on your wireless router. Never use the default password! Passwords should be complex and unique. Strong passwords have eight characters or more and use a combination of letters, numbers, and symbols (e.g. #, $, %, !, or ?).
• Stop broadcasting the name of your wireless network. Also known as the SSID—change the name to something other than the default.
• Limit the computers that can access your network. You can allow only certain MAC addresses (specific IDs tied to networking hardware) to access your network.
• Protect the administrator interface. Ensure the administrator interface of the wireless router is available only from within the local network.