Hi there, just asking as part of my degree dissertation idea, not to bore with the project idea's so far etc. I was looking into researching about 'average' home users use to secure their home networks would be to use programs such as inSSIDer or Kismet and note down what networks were found and what security they were running (known as WarWalking/Driving/Biking.. Basically War<modeoftransport>). But does anyone know if wardriving is infact legal or illegal in the UK? I know piggybacking is (under communications act 2003) but can't find any real info on wardriving.
I think Google got into trouble over it, but I'm sure that may have been because they were capturing actual network data, not just SSIDs. I believe Google Maps apps on Android can determine their location through the use of local SSIDs as well as GPS. I can't see how just reading the SSID and security type is breaking any laws - surely it's publicly broadcast information? As long as you don't try to access the network in any other way, you're not actually using the connection, aren't you just reading its status?
Yeah would just be reading the SSID and the encryption for the access key (WEP, WPA etc. & not using this at all other than to get an idea of the current usage) as a part of research for my dissertation. Reason I'm asking is Supervisor said it could be borderline computer misuse act. However will see what the ethics committee say about it all. One issue I could see is inSSIDer logs the routers MAC addresses of which can be used to "attack" the router to gain access. Also Jaybles - I was told there is data out there if I'm not allowed to do it myself (and incorporate data) from Manchester that was a authorised survey.
Might be worth just skipping to the end and getting the data straight-up if it's relevant, that way the bits you can't have can be redacted.
I see your point with that. We do all the approval and ethics of our projects in year 2 (so now) So if I'm not allowed it wouldn't make too much difference as no time would be wasted doing it all to be told I can't etc.
Sounds illegal, but if no actual personal data/ any data is taken/processed I cant see why it would be. It could be illegal if the ssids are stored, especially without consent.
Capturing the SSID and encryption method information would not be illegal (in the UK at least) as the network is publicly broadcasting that information. If you had to break the wifi password to get to that data it would be a different matter and highly illegal. Google got into trouble as they were actually capturing data packets (user data) from un-secure networks so were actually capturing users personal data without their consent - this is illegal. So long as you only capturing publicly broadcast information and no personal user data you would be within the confines of the law.
Would you be capturing handshakes? Or just ssid/mac/encryption? As long as it is just the public ally available data its fine. Have done a fair bit if war driving in the past, my alfa awus036h is the business when it comes to that.
Actually Google didn't get in trouble for capturing the SSID or encryption method, not even for capturing the (encrypted) WiFi data itself. What the problem was that they stored the WiFi data and got the SSID/encryption from it later. So if you only do what all laptops do - search for WiFi networks in range and write down their names and MAC addresses, then there is nothing which could make it illegal. What would make it illegal if you actually stored someone else data (not network name and MAC address).