Page 210 - StudyBook.pdf
P. 210
194 Chapter 4 • Communication Security: Wireless
assume that the following in any way constitutes authoritative legal
advice or is definitive with regard to the legal status of wardriving.
If wardriving is defined as the benign activity of configuring a wire-
less device to receive signals (interference) from other wireless devices,
and then moving around to detect those signals without the presence of
an ulterior or malicious motive on the part of the wardriver, then
wardriving is probably legal in most jurisdictions. Most of this thinking is
based on Part 15 of the FCC regulations, which can be found at
www.access.gpo.gov/nara/cfr/waisidx_00/47cfr15_00.html. According to
these regulations, wireless devices fall under the definition of Class B
devices, which must not cause harmful interference, and must accept any
interference they receive, including interference that harms operations.
(In Canada, the situation is identical, except that Class B devices are
known as Category I devices. For more information on Canadian regula-
tions regarding low-power radio devices, see the Industry Canada Web
site at http://strategis.ic.gc.ca/SSG/sf01320e.html). In other words, simply
accepting a signal from another wireless device could be considered a
type of interference that the device must be able to accept.
So far, wardriving appears legal; however, this is only because there
are no laws written to specifically address situations involving the com-
puter-related transmission of data. On the other hand, cordless phones
use the same ISM and UNII frequencies as wireless networks, but wiretap
laws exist that make it illegal to intercept and receive signals from cord-
less phones without the consent of all the parties involved, unless the
interception is conducted by a law enforcement agency in possession of
a valid warrant. (In Canada, the situation is a little different and is based
on a reasonable expectation of privacy.)
No one has been charged with violating FCC regulations regarding
wardriving and the passive reception of computer-related data over the
ISM or UNII bands. However, in the wake of September 11, 2001, both the
federal and state governments passed new criminal laws addressing
breach of computer network security. Some of these laws are written in
such a way that makes any access to network communications illegal
without authorization. Although many of the statutes have not yet been
tested in court, it is safest to take the conservative path and avoid inten-
tionally accessing any network that you do not have permission to access.
The issue gets more complicated when considering the implications
of associating with a wireless network. If a wireless network adminis-
trator configures a DHCP server on a wireless network to allow any wire-
less station to authenticate and associate with the network, wireless
users in the vicinity may find that the wireless station automatically
Continued
www.syngress.com
