wardriving in cybersecurity

Wardriving in cybersecurity is the practice of scanning for Wi-Fi networks while moving through an area, usually by car. Wardrivers use laptops, phones, or custom setups to log network data, typically to look for unsecured or poorly secured connections.

Wardriving traces back to the movie WarGames, where the main character “war dialed” every phone number in a location to find working computers. This idea evolved into mapping Wi-Fi access points to find weak or open networks. The term itself was coined by Peter Shipley, who created software that worked with portable GPS devices.

This guide covers how wardriving works, the reasons people do it (both ethical and malicious), and whether the practice itself is illegal. It also explains how to protect your Wi-Fi from being exposed to these kinds of scans.

What is wardriving, and how does it work?

Wardriving in cybersecurity involves driving around scanning for Wi-Fi networks, typically using free wardriving apps on a laptop, tablet, or Android device. Some popular wardriving software options include WiGLE WiFi Wardriving, iStumbler, and InSSIDer.

Alternatively, wardrivers may use specialized tools like a Raspberry Pi, Flipper Zero, or others. Raspberry Pis are especially popular for custom setups due to their flexibility, and tools like the Flipper Zero can scan multiple signal types, including Wi-Fi and Bluetooth.

Regardless of the tool, wardrivers also require a GPS to locate the network’s physical position. Some might even use antennas (like omnidirectional ones) to pick up Wi-Fi signals from farther away while driving through neighborhoods or city blocks.

Of course, wardriving tools log more than just network locations. They gather technical information that is often uploaded to mapping sites like WiGLE.

screenshot of the wigle.net website showing a heatmap of Wi-Fi networks obtained through wardriving

Here’s the kind of data typically recorded:

  • Network name (SSID)
  • MAC address of the access point
  • Signal strength
  • GPS coordinates
  • Encryption type (WEP, WPA, WPA2, WPA3, or open)
  • Channel/frequency in use
  • Timestamp of when the network was detected
  • Device manufacturer info (inferred from MAC using OUI lookup)

Now that you have an idea of what wardriving is (and its inner workings), here’s why people wardrive in the first place.

Reasons for wardriving: Ethical and non-ethical

What is the purpose of wardriving? Well, the usual answer is to find networks that aren’t secured with a password. Connecting to one allows an attacker to use packet sniffers and other methods to gather sensitive data from victims.

Wardriving is often done maliciously, but there are still some ethical applications to consider. Here are the main reasons why people go wardriving, good or bad:

  • Mapping Wi-Fi network distribution: Some people collect data on Wi-Fi signals in an area to study coverage, spot dead zones, or build heatmaps. This can help organizations improve public or private network infrastructure.
  • Network security testing: Ethical hackers (or penetration testers) may use wardriving techniques to find vulnerabilities in a Wi-Fi network. The goal is to identify risks like open networks or weak encryption before bad actors do.
  • Stealing personal data: Most hackers drive around looking for unsecured networks, which make it easier to snoop around for sensitive info, like financial details, account logins, or anything that could help with identity theft.
  • Pinning the blame on someone else: Criminals may engage in illegal activity on your Wi-Fi network (such as torrenting copyrighted content, accessing dark web marketplaces, or engaging in crypto scams), leaving you to take the blame.

Is wardriving illegal?

On its own, wardriving isn’t illegal. As you’ve seen above, you can obtain some useful data from a wardriving session. It’s only when you start using other people’s networks for shady activities that it enters illegal territory.

Of course, cyber criminals aren’t the only ones who can get in trouble for wardriving. In 2010, Google faced a class-action lawsuit after its Street View cars were found collecting private data (like emails and passwords) from unencrypted Wi-Fi networks while mapping streets.

The company initially called it a mistake, but court documents later revealed that the data collection was intentional, having been done using software built by Google engineers.

How to prevent wardriving: 8 useful tips

Wardriving is less common nowadays, but that’s no reason for your cybersecurity to slack. Here’s how you can reduce the chances of an attack.

1. Update your router’s username and password

Change your router’s default credentials, which is usually “admin” for both username and password. Otherwise, a hacker (or even a tech-savvy child) may do it and lock you out of your own network. Use a reliable password manager to generate a long, unique password and store it securely.

2. Enable WPA2 or WPA3 encryption

Encryption scrambles your network traffic so outsiders can’t easily read it. WPA3 is the newest and strongest option, but WPA2 still provides solid security. Make sure your router uses one of these protocols to keep your network from being an easy target. Avoid outdated options like WEP or standard WPA, which are vulnerable and easy to crack.

3. Stop broadcasting your network’s SSID

Your network name, or SSID, is usually visible to anyone nearby. Turning off the SSID broadcast hides your Wi-Fi from casual scanning tools. While this won’t block advanced hackers, it adds a layer of difficulty for anyone trying to find your network.

4. Set up a separate guest Wi-Fi

A guest network keeps visitors and smart devices isolated from your main setup. That way, even if someone connects to the guest Wi-Fi, they won’t have access to your personal devices or shared files on the main network.

5. Add a firewall to your setup

Firewalls act as gatekeepers, monitoring incoming and outgoing traffic on your network. They block suspicious activity and prevent unauthorized access. Since your router likely has a built-in hardware firewall, install or enable a firewall on your devices as an extra line of defense.

6. Disconnect your Wi-Fi during downtime

Turning off your Wi-Fi when you’re not using it cuts off access completely. This simple step stops hackers from connecting to or scanning your network when you’re away. It’s especially useful during long periods without internet use, like vacations or overnight.

7. Protect accounts with multi-factor authentication

No matter how strong it is, attackers may use phishing, malware, or other methods to discover your password. Adding multi-factor authentication (MFA) means logging in requires an extra check (like a code sent to your phone). This makes it much harder for attackers to access your accounts, even if they get your password.

8. Don’t skip firmware and OS updates

Updates fix known security holes, so don’t put them off. This goes for your router, phone, computer, and any connected devices. Many routers let you turn on automatic updates, so you get the latest patches without the hassle.

What is wardriving? FAQs

What is an example of wardriving?

A common example of wardriving is an attacker driving around looking for Wi-Fi networks with no password, so they can steal payment data or logins. More famously, Google’s Street View cars gathered emails, documents, and passwords from streets they were mapping.

What wardriving tools do hackers use?

Hackers and researchers use tools like the Flipper Zero, Raspberry Pi, or an Android phone running the WiGLE WiFi Wardriving app to scan for nearby networks. These tools help detect Wi-Fi and other wireless signals, making it easy to map what’s out there.

What is warwalking?

Warwalking (or warjogging) is a variation of wardriving, but on foot instead of using a car. This allows the person to cover places like parks, campuses, and others with no car access. Other versions include warbiking/warcycling, warrailing/wartraining, and even warflying.