WiGLE Database

Summary

Excerpt From Wi-Fi Vulnerabilities Part 1 Webinar
Check Out This Short Video on WiGLE Database.
Wi-Fi network monitoring involves a variety of methods and tools, explained by CTO Dr. Brett Walkenhorst. The hardware options and open-source tool availability for Wi-Fi monitoring are highlighted in the video below. Using the WIGLE database, white hat researchers were able to pinpoint weak networks in close proximity to critical infrastructure facilities, highlighting the practical consequences of monitoring activities in aiding focused attacks on physical systems.

Video Transcript

Lots of tools out there. One methodology is you go out, you capture a bunch of information. You come back. You analyze it. Another is that you you're actually out there. Maybe you're in a a coffee shop across the street from your target, and you're live monitoring what's happening.

As you are operating it live, you might find that you have enough information to segue immediately into some other attack. So that's another methodology that could be used. Lots of open source tools that you can get out on the web, out on GitHub. And hardware is really anything that can host a Wi Fi chip, which as I mentioned is almost anything you could imagine.

So from highly capable computing devices all the way to low cost raspberry pies, really anything can be your platform for conducting this kind of Wi Fi monitoring. And last, I wanna talk about something that is part a product of monitoring activities and also a tool in an attacker's toolkit for the monitoring function.

And that's the WIGGL database. This is an open access database, stands for wireless geographic logging engine, and it has data on Wi Fi networks worldwide. This is largely crowdsourced information. Lots of people contribute to this. They load an application on their device, and then their device becomes a monitoring tool.

They roam around, and they're conducting war driving effectively without really having to do anything, and it's all populating this open source database. So if you haven't looked at that database, it's an interesting experience, slightly disturbing perhaps, and you'll probably find that in fact, I'm very confident that you'll find your her home network is probably in there.

Maybe if you're in a more remote location, it's less likely that someone has captured your network, but chances are pretty good that your home network is in there. And I can almost guarantee you your corporate network is in there if it's anywhere near a reasonably busy road. So here's an example of what can be done.

The Wiggle database, which I described just a minute ago, was searched for vulnerable networks in the vicinity of critical infrastructure facilities. And they found multiple networks with weak encryption authentication mechanisms. And that's really the upshot of it. So this work was done by white hat researchers to identify a very simple attack vector that could be used that all they now have to do is identify a target that they wanna go after.

Maybe it's oil, gas, public utilities, whatever it is. And they go and attack those low hanging fruit that appear to be of interest to them for whatever their objective is, and they've identified the target network that makes it a low hanging fruit. Now the all they have to go is go in there, crack the encryption, connect, and begin their attack.

They might be able to establish a presence as a person in the middle. They might be able to directly attack the physical systems and machinery that are being housed in that facility. A lot of OT systems are quite vulnerable, not because they have to be, but because they're so proliferated and easy to set up that very often we just don't think about the security aspects, and we leave default things in place and just bad security hygiene.

So once you've connected, now you begin to issue commands that corrupt the systems these PLC devices control and you can cause havoc with physical systems. This is not theoretical. I mean there are physical compromises that have occurred in the past and researchers have demonstrated some of this stuff in lab environments in various ways.

So anytime you can attack that kind of infrastructure, that ought to get a lot of people's attention. And these white hat researchers identified a pretty simple way to go about doing that. So this is sort of theoretical, but sort of not. Right? Because it's this stuff happens. And this this is kind of illustrating the point behind a monitoring mechanism that can help position you for a strong attack.