Warbiking in Helsinki

Biking is fun and especially when it comes to exploring new places. One day while driving around I got an idea to warbike with my Raspberry Pi. As Raspberry Pi consumes a very little amount of power and fit in a backpack with all other devices, it would be an easy and a light load to carry.

In case you aren’t familiar with the term ”wardriving”, here is a short explanation from Wikipedia:

”Wardriving is the act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).”

I didn’t try to access or hack into any networks. The data gathered in this project won't be given to anyone.

I had to decide the area I was going to cover. Usually wardriving is done by driving just bigger streets, but I wasn’t happy doing it that way. So, I defined a little bit smaller area, but I was going to cover it more carefully than usually is done.

By ”more carefully” I mean that almost every part of the every street seen in the map below were covered. Exceptions were like restricted areas and courtyards.

Picture 1. Covered area.

Here is a full list of the devices that were used:

- Raspberry Pi model B (256MB)
- Alfa AWUSO36H WLAN USB adapter (2.4Ghz, 802.11b/g)
- GlobalSat BU-353 GPS receiver
- Anker Astro E4 13000mAh power pack

Picture 2. Devices.

Raspberry Pi was using Raspbian OS. Alfa wlan adapter was grabbing wlan signals and GPS receiver to pinpoint found access points to a map. Note that the Alfa wlan adapter is 2.4Ghz and 802.11b/g.

All this stuff was powered by 13000 mAh power bank. I haven’t done any real capacity tests, but it was enough to power this combination for hours.

I ordered also a wlan adapter to be able to establish a management connection between Raspberry Pi and my mobile phone. However, I never got the wlan adapter.

The equipment was very stable, so I thought It’s okay to warbike without management connection. On my last run Raspberry Pi probably overheated and got stuck. Some access points were missed for sure, but luckily I had already covered the area quite well.

Before the warbiking sessions, I always planned the route with Google Maps. Even though the driving sessions were sometimes very twisting, I had no really issues to stay on the planned route. You just had to remember some reference points in the areas.

The needed processes (Kismet and GPS) were started on Raspberry Pi before closing my backpack and leaving outside. GPS usually got fix in a couple of minutes after going outside. Sometimes it took more than five minutes.

Picture 3. Bike.

Next lets see some (biking) statistics.

Distance (by bike): 106.16 km

Distance (by foot): 9.09 km

Total distance: 115.25 km

Total time: 10.75 hours

Total sessions: 11

There were some places I prefered to walk so that’s why 9.09 kilometers of the total distance was performed by foot. Rest of the kilometers, 106.16 km, was warbiked.

Now the most interesting part. There were 26309 unique access points (BSSIDs) which were broadcasting ESSIDs.

The ESSID which was broadcasted by the biggest amount of access points was ”eduroam”. The total number of access points was 348. Eduroam is some kind of project to allow university students to do network roaming in Europe and all over the world.

The next place goes to ”Univ Helsinki HUPnet” network with 309 BSSIDs. It’s unprotected network owned by University of Helsinki. The network can be accessed with university credentials.

The third one was ”Private WLAN2” with 219 BSSIDs. I couldn’t link this one to any company etc, so I believe this is some default ESSID value assigned by a manufacturer.

There was also a hotel with a big amount of access points. You know, all the areas inside need to be covered for roaming. It’s the same thing with many companies.

Some other much used ESSIDs: ”Private Wlan”, ”WLAN-AP”, ”ASUS”, ”AndroidAP” (hotspot), ”ZyXEL” and ”dlink”.

The two very often seen ESSIDs in Finland are ”ElisaKotiXXX” or similar and ”SoneraGatewayXX-XX-XX-XX-XX-XX”. With these default ESSIDs, Elisa had 670 and Sonera 715 unique access points.

Some years ago the situation wasn’t too good with the used encryption. Now for a long time access points have come with WPA2 as a default encryption setting and you can see it from the results.

Picture 4. Encryption.

WPA(2) is the preferred encryption and it should be used with a strong password. 22621 (86%) of all access points were using WPA(2). WPA and WPA2 were combined because the log doesn’t indicate clearly which one is used.

WEP is totally broken and it can be cracked very easily. 557 (2%) access points had it.

3131 (12%) access points weren’t using encryption at all. Many of these were companies' guest networks according to the ESSIDs.

141 access points with no encryption had ESSID like ”HP-Print-xx-xxxxx”. As far as I know some HP’s printers have access points which allow devices to connect and deliver a print job wirelessly.

In overall the whole project was successful. However, I had forgotten the whole WPS feature and Kismet doesn’t have WPS detection by default, so unfortunately WPS data (enabled/disabled) isn’t available.

In the end I just want to say that I hate these piece of shit stones under my tires. I really do.

Picture 5. Much love for bikers.