Wardriving at Ekoparty #13


As you may already know the Wardriving Bus Tour is one of the most popular activities every year at Ekoparty. After hopping on the bus pirate ship the participants drive around the most touristic places in Buenos Aires searching for WiFi networks in order to plot them in a map later on.


Due to popular demand this year we held two rounds instead of just one - the first one on Wednesday and another one on Friday.

On both occasions notebooks, cellphones and a Raspberry Pi were all used to record the wireless traffic. The locations were saved using a GPS module connected to the Raspberry Pi, and as a backup we used wigle on the cellphones.

This year it was Infobyte's turn to organize the activity, including a brief workshop.

The full tour on Wednesday included:
  • A brief Workshop done at Konex (approx 30 mins)
  • The wardriving excursion

On friday, the ship was "captured by pirates" and driven towards the Centro de Exposiciones y Convenciones de la Ciudad de Buenos Aires, were the Smart Cities Expo was being held. The exhibit included a section with electronic voting machines which some of the Ekoparty participants found extremely interesting. A review of the experience by Javier Smaldone can be found here (in Spanish).

As a starting point, we created a new Github repo, were you can find all the resources, including the slides for the workshop as a PDF file.


In order to centralize all the data we found, we decided to use Faraday, showing how to push its Plugins Engine to the limit.

In order to do so, we added three new Plugins to analyze open traffic for DNS and HTTP packets, generate a map of all the WiFis and generate statistics to quantify the security.


Open Traffic Plugin


The file import_dns_pcap.py will read all packets saved from Open WiFi networks. It will create vulnerabilities for non-encrypted cookies or authorization data.

Wigle Plugin


The file import_wigle.py will create a vulnerability with Informational severity and attach a map as evidence. This plugin uses the Android SQLite database as input.

Statistics Plugin


The file import_wardriving_pcap.py creates objects in Faraday according to the security settings of the networks found in a PCAP. Users will be able to see statistics in the Faraday Dashboard including how many networks are using wpa, wpa2, wep and open. It will create vulnerabilities for open and wep. If any of the PCAP files contain a 4way handshake it will also create a vulnerability.
Also, a vulnerability containing the top 10 probe requests found.

Results

Map


The next maps are the results of the wardriving.

The points in green correspond to secure WiFi, yellow are WPA and in red Open and WEP.

Day 1 - Wednesday
We found that the percentage of access points using WEP was lower than expected. Most of the open access points were internet providers offering free WiFi.

Day 2 - Friday

Dashboard

 The resulting Faraday Dashboard also shows an abridged version of the results.


To complement it, we generated a few piecharts to get a better understanding of the findings.

Statistics of the access points that were found. In total we captured 3623 access point, 2990 had WPA2 security, 427 only had WPA, 91 WEP and 23 Open.

Access points by Vendor. The chart shows the top 10 vendors. Other contains many other vendors but with low quantity each (less than 1%).


Get the code for the Plugins from our Github repo here: https://github.com/infobyte/wardriving

We'd like to thank all of the workshop attendees and especially those who came with us on the Bus Tour! We hope to see you soon :)

The Infobyte Crew
www.infobytesec.com
https://twitter.com/infobytesec






Post a Comment
Thanks for your comment