top of page
  • Mike

Cheap wardriving on a Bird scooter

First, a disclaimer.

My purpose for doing this was not to exploit any networks or even looking for vulnerable networks. This is in the scientific interest of understanding how many, and where wireless networks and devices are in my environment and how prevalent they are. This is totally legal and has many valid reasons to be done. But before I could do anything with my data I first had to collect it.

Second, an explanation.

Wikipedia defines wardriving as the act of going around and looking for wireless networks with a laptop or smartphone. Today's technique is a bit more elegant with automatic tagging of networks. "Wardrivers use a Wi-Fi-equipped device together with a GPS device to record the location of wireless networks. The results can then be uploaded to websites like WiGLE, openBmap or Geomena where the data is processed to form maps of the network neighborhood. There are also clients available for smartphones running Android that can upload data directly. For better range and sensitivity, antennas are built or bought, and vary from omnidirectional to highly directional."

Why use a scooter?

Scooters can go where cars can't or would be difficult to access. It's also very useful when you're constantly making switchbacks. The method of scanning for networks in a city is that is most efficient is to cut back and forth from block to block in a grid pattern. We want to get accurate location information and so skipping streets will incorrectly locate the network to where it was detected, not to where it was in actuality. We also have to consider that the speed and location of a vehicle down a road matters. Slower moving vehicles will probably detect more networks than a faster moving vehicle. An example of this would be that a car doing 55 mph on a highway will detect less networks than a bicycle riding on the shoulder at about 10-15mph.

Why do this?

Google has been doing this for years, Google and other companies have a legitimate use for this. One very useful reason is that WiFi hotspots rarely move and if you have accurate geotagging to devices you can treat them like a GPS or GLONASS constellation when GPS is unreliable. This is the act of using WiFi for geolocation. Another important fact to consider is that while intelligence agencies and big corporations have access to this information, the rest of us do not normally. So in the interest of democratizing information that can be studied and found useful by normal citizens this seemed like a worthy cause if my experiment worked. I consider myself a scientist so I did what any scientist would do, I gathered data. I wanted to somewhat localize my data as well as provide a comprehensive dataset for the area that was accurate and as complete as possible.

For this operation I used the WiGLE WiFi app on my Android phone to detect WiFi networks and Bluetooth devices. The software creates a local database of all detected networks and can natively export .KML files to external software like Google Earth. I also planned to upload my findings automatically to WiGLE to help with the mapping of US WiFi networks. However I opted out of submitting for commercial use. WiGLE took a few runs before I had the hang of everything and got everything configured in order to best gather data. But once it was logging data in the manner I wanted my task became to simply start moving around in my environment to gather data points.

I first started by walking my dogs around the neighborhood and letting my phone detect networks as we walked. However I soon realized that if I wanted a concise map of somewhere I needed a better solution. I considered buying a drone and fantasized about how I could automate flight paths to map an area, but my down-to-earth needs dictated something more realistic. Driving around is expensive. Let's be honest, distracted drivers are the second leading cause of vehicle fatalities behind DWI and even with a hands free setup it was less than ideal to have to drive around in unfamiliar neighborhoods trying to keep my phone situated best in the car to have good reception. I needed something better suited to the job. A bike maybe?

I use Bird a lot because it's super convenient, I don't have to worry about getting my bike stolen,(a major problem here in the South End.) and I can arrive at a destination and not have to find a place to secure a bike. It's also nice being able to cruise at 15+mph to my destination while standing still. It has great service coverage here in Bay City but can become very expensive with a single 30 minute ride costing around $15. However, I had noticed that there was a "5 for 4" promotion going on where for $20 you could get five rides. Upon reading the fine print though I discovered that the duration of the ride was up to 30 minutes per ride. What this really means is that the per-minute cost of riding of around $0.50, plus a $1.50 "unlock fee." At .50 a minute a 30 minute ride works out to $15, and that's pretty close to what it calculated my savings to be on every ride I took with ridepass. In order to get the maximum value from the ridepass one would have to ride as close to 30 minutes as possible. Every Android phone has a timer app. So I set my timer to 29 minutes and that was how I maximized my purchase. $20 would get me 150 minutes, or $0.13 per minute.

That may still seem steep but remember that you are getting a serviced vehicle that can reach 20mph, has lights, and when your battery dies you can grab another one wherever you need to. Armed with a scooter, a stopwatch app, and WiGLE I took off into the night and began running city streets as best I could, up one street and down the next. In a single afternoon I had gathered over 40,000 WiFi hotspots and around 25,000 unique Bluetooth devices in my database. I ran several scooters into the ground and had to switch to a new scooter about once an hour, or once every two rides. I think the scooters got really good mileage since I was holding the throttle down and gliding along for quite a long time in a single direction, with very little starting and stopping. It felt like I wasn't making much progress until I got home and started exporting my runs into the computer. It was only upon looking at my data that I realized how much data I was really gathering. Google Earth would crash if I loaded all my data points and tried to view them with the map zoomed out.

Big data

My database grew quickly, every time I went down another uncharted city street I would snag hundreds of new data points. Even a simple trip to the store in the car would yield over a thousand more discovered networks or devices.

Bluetooth devices began to show up with consistent patterns to them. I could even see the same device ID's in different places on different runs indicating that they were mobile. Bluetooth transmitters in cars, or on devices that people carry would show up in multiple places meaning that one could track the movements of their owner. This is creepy and something that goes on around us every day but because we aren't actively involved we don't really realize how much information we are giving away.

I soon fell into a rhythm of going up one street and down the next, back and forth, as far as I could get on one street before switchbacking a block over. Bike trails, and roads were fair game along with a quick pass through the large parking lots around large businesses. Nothing I was doing was illegal, but it soon started to creep me out both how much WiFi radiation was out there and what happens when one gets into big data, when you graph data like this it displays starkly certain patterns and the single biggest pattern I saw was that everywhere I went there were hundreds of wireless networks. On the plus side only a few networks, mostly ones that are meant to be public are. When I was a kid almost no one was using password protected WiFi for their home network, today it's almost standard to have a password.

In the end I was left with a very accurate though incomplete map of WiFi networks across mostly the South End of Bay City. I'll probably not continue this exercise. It's really interesting how for $20-$40 one can build a map of wireless networks in a downtown area thanks to a Bird scooter. My progress was very efficient and comprehensive in the downtown business districts and I'm pretty sure the data I gathered will be useful in helping understand the way a city like ours uses this technology. I think it also shows the need to be aware of what your home is broadcasting on the net. For instance there is someone in Bay City with a Wifi connected dishwasher, a stove, many washing machines, and TVs are broadcasting this fact to anyone who passes by outside. Should any of these devices have an exploit in their software(and this definitely never happens. ) they could be used by hackers. I also am much more dubious about carrying around BT devices in my pocket because I feel that I have raised in myself a privacy concern. I also have changed settings in some of the devices around my own home.

Big data is beautiful and I hope you find this data as interesting and beautiful as I do. Here's a map of the discovered networks in Bay City overlayed onto Google maps. If you'd like my datasets get in contact with me. I'd love to share it with you.

60 views0 comments


bottom of page