Wardriving
What is Wardriving?
WardrivingThe act of driving, walking or flying through an area while logging Wi-Fi access points, their SSIDs and locations to build wireless coverage maps.
Wardriving was popularized in 2001 by Peter Shipley, who paired GPS with a Wi-Fi card to map open access points in Berkeley. The name echoes 'wardialing' from the 1983 film WarGames. Modern wardrivers use Kismet, airodump-ng, Wigle WiFi or commercial probes to passively capture BSSID, channel, encryption type and GPS coordinates, then upload the results to crowd-sourced databases such as Wigle.net. The data is used by researchers, geolocation providers and red teams to identify weakly protected networks, locate corporate offices, or seed targeted attacks (PMKID, KARMA, evil-twin). Passive listening is legal in most jurisdictions, but actively associating without consent is not. Defensive measures: WPA3, hidden SSIDs are not effective; perimeter wireless monitoring and rogue-AP detection are.
● Examples
- 01
Hobbyists driving with a Raspberry Pi running Kismet to upload BSSIDs to Wigle.
- 02
A red team mapping all WPA2-PSK networks within a kilometre of a target campus.
● Frequently asked questions
What is Wardriving?
The act of driving, walking or flying through an area while logging Wi-Fi access points, their SSIDs and locations to build wireless coverage maps. It belongs to the Attacks & Threats category of cybersecurity.
What does Wardriving mean?
The act of driving, walking or flying through an area while logging Wi-Fi access points, their SSIDs and locations to build wireless coverage maps.
How does Wardriving work?
Wardriving was popularized in 2001 by Peter Shipley, who paired GPS with a Wi-Fi card to map open access points in Berkeley. The name echoes 'wardialing' from the 1983 film WarGames. Modern wardrivers use Kismet, airodump-ng, Wigle WiFi or commercial probes to passively capture BSSID, channel, encryption type and GPS coordinates, then upload the results to crowd-sourced databases such as Wigle.net. The data is used by researchers, geolocation providers and red teams to identify weakly protected networks, locate corporate offices, or seed targeted attacks (PMKID, KARMA, evil-twin). Passive listening is legal in most jurisdictions, but actively associating without consent is not. Defensive measures: WPA3, hidden SSIDs are not effective; perimeter wireless monitoring and rogue-AP detection are.
How do you defend against Wardriving?
Defences for Wardriving typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Wardriving?
Common alternative names include: War-driving, Wi-Fi mapping, Warwalking, Warflying.
● Related terms
- attacks№ 943
Rogue Access Point
An unauthorised wireless access point connected to a network, either installed maliciously by an attacker or naively by an employee, that bypasses network security controls.
- attacks№ 579
KARMA Attack
A rogue access point attack in which a malicious AP answers every probe request, masquerading as any preferred network a client is looking for.
- attacks№ 837
PMKID Attack
An offline WPA/WPA2-PSK cracking method that derives the passphrase from a single PMKID field captured from an access point, no client needed.
- attacks№ 1251
WPS Attack
An online brute-force attack on the eight-digit Wi-Fi Protected Setup PIN that recovers the WPA/WPA2 passphrase in hours.