Project Warwalk: It’s All About the Numbers

Welcome back to the second installment of Project Warwalk. If you’re just tuning in, start here to learn about what this project is and use the Glossary for your reference.

In this post, we’ll be laying out the numbers for you and how they will pop up in the future articles in this series.

The sample size is 2565 discovered SSIDs after we removed duplicate entries. This was done by searching for redundant unique identifiers and deleting them. Filtering out by SSID names would produce an inaccurate count as some APs use the same name such as AliceAndBob, but one SSID is for the 2.4GHz channel and the other for the 5GHz channel for a router, which are two very different networks.

Speaking of SSID names, there 1076 that were labeled as “hidden.” Since this project is a read only exercise, this is the end of the road for digging deeper as to what they are. With this in mind, if we filter out the SSIDs labeled as “hidden,” there exists 1489 unique network names.

When it comes to the names of the SSIDs, 967 were left untouched meaning the owner didn’t rename the network attached device. Having these default names reveals things like who the ISP is that someone is using and types of devices connected to someone’s network, such as printers. We also observed that 516 SSIDs were renamed. Out of these devices, more than half (353) contained PII such as name, street address, hobbies, and sports teams. Out of the 353 SSIDs, only five contained contact information. Whether knowingly or unknowingly, by renaming the SSIDs this is an attempt to mask the type of networked device a person is using. This is security through obscurity that is hiding the make/model of the device and not an effective security measure. We’ll be discussing connected devices and IoT later on in this series such as printers and refrigerators. These naming conventions will also be explored in a later blog post in this series talking about PII, Social Engineering, and OSINT.

Regarding the security of the wireless networks, we discovered that 80.6%, or 2067 SSIDs, were using WPA2 to protect against unauthorized access. That leaves the remainder 498 devices with wireless security that is either broken/deprecated, like WEP or nothing is used at all, which is still a sizable amount that are open to compromise.

Lastly, we have WiFi signal range. These numbers are important when we get into the conversation about signal bleed, how it affects the security of the home, as well as business, in relation to the COVID-19 pandemic and the remote workforce. The closest we were able to detect a signal was 1.6m (5.25 feet). The farthest away we were able to detect a signal according to the software we used was 785m (0.49 miles).  The average distance for detection of a wireless signal was 136.5m (447.67ft).

With this groundwork laid out, these numbers present some interesting implications that we’ll address as the series progresses.

See you all in the next post.