On 10th November 2008, ClubHack with support of Cyber Crime Cell of Pune Police conducted a Wardriving in Pune, Maharashtra.

This Wardriving aimed at analysis of wireless network security in Pune city at common places like IT parks, residential areas, market areas, hotels, airport etc.

Download the report

High resolution PDF for print (2783KB)

Low resolution PDF for web (256KB)

Some Results

Overall Status

50% of Pune’s wireless networks were found to be Open.
31% of Pune’s wireless networks were found with weak encryption (WEP)
Only 19% of the networks were strongly encrypted with WPA (and its variants)

Overall Status

Hidden SSID

ClubHack observed that people believe in a myth that if they hide their SSID (wireless name which get
broadcasted), it will secure their network, where as the fact is for corporate users disabling SSID
broadcast will make other sophisticated wireless attacks easy.

Default SSID

ClubHack also observed that many wireless networks were working on the default SSID which was configured on the access point by the manufacturer. Some of these default SSIDs indicated that the wireless router was supplied by the ISP and whoever configured it (which in most of the cases are the network engineers from ISP) have not configured the devices properly

IT Parks & Corporate Areas

If statistics of hotel WiFi was separated from corporate areas the status was little better and nearly 75% of the networks were not Open, but that did not mean they were secure. Many of such networks were found on WEP which is risky. It was observed that many corporate houses have an Open “guest” wireless network for visitors to use. Without proper security, these networks can be exploited for various purposes .

Residential Areas

Most of the default SSIDs were found in residential areas. The security status of home users is as in the chart. Home segment need a lot of awareness and must start securing their networks now

Hotel WiFi Security

As a common trend, ClubHack observed that maximum hotels in the city do not encrypt their network and use a captive portal in the background to restrict access to internet. ClubHack would like to bring attention of such people to a fact that using such restriction will surely deny access of unwanted users to internet but at the same time a malicious user can sniff the data of logged in users and get their data, passwords, credit card information etc The same phenomenon was observed for public WiFi hotspots too which includes a few coffee shops also but that’s a risky thing to have and educated users would refrain from using such networks. Interestingly some hotels were found with guest usage SSID with WEP/WPA encryption

Viral SSID

It was observed that out of all the wireless signals captured in wardriving, 1% were viral SSID which generally spread by traveling users. It is known to spread more at airports and corporate places.

Know more about Viral SSID