All right, so you can wardrive. And, as long as none of the
sniffed systems you find are actually accessed, it should be completely fine. A lot of people choose to wardrive this way, making it out to be a
hobby not unlike
trainspotting,
birdwatching, or using a
police-band scanner. These signals are being sent into the
public airspace, after all. Some wardrivers even put on a
white hat, and inform businesses and residences of the
security risk they're running by having unsecured
wireless nodes.
But the big question is, should you make any use of the access points you find? There are those wardrivers who feel that latching onto the bandwidth of an unprotected network to check email, chat, or websurf is perfectly all right...but is it?
Let's take a look at what people from both sides of the fence might say.
Digital Trespassing, Bandwidth Burglary?
If I forget and leave my front door unlocked, or even wide open, does that give you the right to come into my house uninvited? No...my house is my property, and if you enter without invitation, it may not be burglary, but it is at least trespassing. And who knows what you might do in my house if I don't know you're there? I might come home to find my bookshelves rifled through, my music out of order, my silverware gone.
It doesn't matter whether or not I've secured my wireless access point, you have no right to be using it even if I haven't.
If It's Not Forbidden, It Must Be Permitted
It is trivially simple to secure a wireless router in such a manner that, while still not impossible to crack, it requires enough effort that most would-be whackers won't bother. Therefore, if someone hasn't bothered to put in the minimal amount of effort necessary to secure the access point against unauthorized use, he must have intended for me to be able to use it.
Or, if he was too stupid to secure it against unauthorized use, he deserves to have me use it.
First of all, this noder does not condone hacking (in the sense of gaining unauthorized access to private information). If you use someone's wireless access point without authorization, you are inside their firewall. You can access all the boxes on their network. For crying out loud, leave them alone! Pilfering a little bit of bandwidth to surf the net is at least defensible: the network was wide open, and as many people are intentionally sharing wireless bandwidth these days, how could you know that this wasn't one of those community access points? But if you start rummaging through confidential information, you could open yourself to hacking charges.
When you make unauthorized use of wireless networks, you are using some of the bandwidth that the owner of that network pays for—thus, less bandwidth is available to that network's legitimate users. Now, unless you're running a peer-to-peer node or a webserver, uploading or downloading lots of files, the actual amount of bandwidth you use is probably so trivial that the network owner in question would never notice or care. Some writers even suggest that part of the reason for 802.11b's rapid adoption is the great number of insecure access points so that prospective buyers can use their Wi-Fi-equipped laptops almost anywhere. Still, as the Doonesbury strip at http://karlo.org/archives/images/db020721.php suggests, it is freeloading.
It is very easy to secure a wireless point such that it would not return a signal to every computer that requests it. Enable WEP (preferably with a 128-bit key), restrict access by MAC address, and turn off public broadcasting of the network ID. This can often be done in under five minutes using the wireless router's administrative software. It doesn't make it impossible (or even necessarily very hard) for hackers to access, but makes it difficult enough that most wardrivers won't bother. It also serves as a sort of digital "no trespassing" sign: if the company has tried to secure its network, that must mean it doesn't want unauthorized people using it.
That being said, many companies with insecure wireless access points may not even realize that they have them—as a result of impatient employees plugging in their own wireless routers in the office, not realizing they should secure them, and leaving their whole corporate network open to anyone who drives by. That a bank or other business probably doesn't intend for just anyone off the street to be able to use its network should be a matter of common sense.
However, sometimes it can be hard for a wardriver to tell whether an access point is intended to be public or not—or even if he is on the public network he intends to be using. Consider the point raised in http://www.newsfactor.com/perl/story/21529.html of two unsecured wireless networks located within a few hundred feet of each other: one public-access (an Internet coffeehouse), one not intended to be (a library). Because wireless-equipped computers will hook onto whichever signal is strongest, it is possible for someone to be located in the the coffeehouse but accidentally browsing via the library network.
In the end, whether or not to borrow bandwidth from possibly-unintentionally-open access points will be up to the individual wireless user. But this noder would suggest keeping a "caveat browser" mindset. It is not impossible for unauthorized access to be discovered and traced...so be certain that you are not doing something you shouldn't.