Ethics are something which cannot be forced upon someone. They just happen. They result from you as an individual, your environment, and well, anything that influences you. Media, like the news, music, sitcoms, movies, and such can all have a deep effect on the psychology that goes into ethics and what decisions you as an individual make.
Imagine you walk through a bar where people are all yelling at the bartender like so:
man: “I would like a drink, here is my credit card number! 1234-1234-1234-1234!! Sec code: 123!! expiration: 11-12!!!”
and this is how drinks are ordered in the bar. Well, you may think to yourself, why are these people okay with yelling their cred card numbers? Well, what about the people who run the bar? They are okay with the customers yelling it out loud too? Well. I wouldn’t. I would go somewhere else. But imagine if they where yelling in different languages you could understand. They knew you couldn’t understand because you’re a dumb fat American. But with a dictionary, or a few classes, you could understand the language just fine. it’s not like the language is a secret.
What if you went into the bar with a tape recorder. you recorded everything for about 1 hour and left. You paid for classes in what ever languages you recognize don the tape. You then decifered the languages and were able to “hear” the credit card information of each customer. <-- You did nothing illegal up to this point. That is, unless there's a huge sign on the wall in the bar that says "no tape recorders." But then, what if you were blind? you relied on your senses to "hear" the communications only. This is similar to wardriving to an extent. The act of wardriving usually entails a lot of movement though, hence the "driving" part. You wouldn't really "hear" enough data to get a lot of credit card numbers, or even tell what language those people are speaking. The key to deciphering what language is being used comes from statistically analyzing 40 to 250 thousand words, minimum.
To make this analogy more realistic, let's say every person had a megaphone in their hands and used it to speak the credit card information in their native language (which you don't understand yet.) Now, you don't have to enter the building with the tape recorder, you can just sit outside. Well, because wireless mediums are shared, and most access points and network data can actually be "heard" from outside of the building - you are seriously not breaking any laws yet, no matter if there is a "no tape recorders in building" or if you were blind. Well, I guess if you were loitering in the back alley, or trespassing onto the bar's lawn, you would be busted.
With this in mind, read this article: ComputerWorld:Wardriving
“WEP has well-documented security flaws and has been considered for years to be unsecure, but was widely used in routers built between about 2000 and 2005.”
VeriZon’s own Actiontec routers STILL to this day come preloaded with WEP.
Here is the key statement:
“Because WEP’s encryption can be cracked using easy-to-find tools, even unsophisticated hackers can break into WEP networks and mine them for data.”
I retweeted this over the weekend and realised that you don’t necessarily have to “break into … networks” to get this data. The data is there. WEP’s IV, or initialization vector used for the PRGA keystream during RC4 is transmitted in plain text. So, here’s another example to get your gears going:
I can watch my neighbors (I don’t I assure you) as they watch Netflix for 15 seconds to 1 minute in HD and produce enough Data packets with Initialization Vectors to crack the key offline. No intrusion needed. Now, what if after they watch Netflix, or during that time, one of their computers running Thunderbird transmits a plain text password for IMAP or POP? Whoops, I can now see that using Wireshark and putting their key into the settings for packet decryption.
“…got many of the card numbers by wardriving retailers including TJX Companies, OfficeMax and Barnes & Noble”
This is where our bartender comes in. He owns the place and he was told by security standards officials (we’ll call them the PCI compliance people) to not use the megaphone / different language technique. But to use a far more secure technique called “WPA2″
What these people did wrong was misuse the data. The distributed it, abused, or sold it. That’s completely unethical. The fact that wireless signals go all over the place in 3 dimensions is not a flaw either. It’s how RF works with the dipole antennas. If your equipment is tool old to process the cipher block code (CCMP) used by WPA2 and you need to use WEP, use a weaker antenna. One that is directional to the receiver. Not one that will broadcast outdoors. What Google did in the past, wardriving and seeing your information wasn’t illegal either. In fact, they told everyone that they saw the data to teach them to not use unencrypted networks! And they got in trouble over it!!
“They confessed that emails, passwords and other sensitive public data had been collected by the fleet of cars from unsecure wireless networks.”
You can limit your libpcap based sniffing application to only capture beacon frames if you want too!