Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Wireless Networking Security Worms Hardware

Researchers Say Wi-Fi Virus Outbreak Possible 165

Posted by Zonk
from the batten-down-the-hatches dept.
alphadogg writes with a link to a NetworkWorld article about a troubling security scenario. Indiana University IT researchers are now saying that a WiFi attack intended to piggyback across unsecured access points could do serious damage in a city like Chicago or New York. By essentially brute-forcing the passwords on insecure routers, a worm-like firmware agent could be introduced to an estimated 20,000 networks in New York City alone. "Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36% of passwords can be guessed using this technique."
This discussion has been archived. No new comments can be posted.

Researchers Say Wi-Fi Virus Outbreak Possible

Comments Filter:
  • by morgan_greywolf (835522) on Friday January 04, 2008 @11:11AM (#21910028) Homepage Journal
    Ha! They'll never guess my router admin password, which is '5l@$hd0t.!st.ps0t!'
    • Re: (Score:3, Funny)

      by somersault (912633)
      I see your new USB 'big F5' button working out well since the one on your keyboard died?

      Back on topic I wonder what this new breed of virus will be called, if indeed it worked.. Weasles? WAIDs? Winfluenza? Actally Winfluenza could work on so many levels :)
      • Re: (Score:2, Funny)

        WiThrax? WiVi? I hear Sony is actually pushing for Wiinfluenza for some reason.

      • Back on topic I wonder what this new breed of virus will be called, if indeed it worked.. Weasles? WAIDs? Winfluenza?

        It's called "linksys" and it's everywhere alreaedy!

    • by sm62704 (957197)
      Ha! They'll never guess my router admin password, which is '5l@$hd0t.!st.ps0t!'

      Ah, the classics never die, do they? My wifi password is... oh wait I don't have wifi
  • Only 36%? (Score:2, Insightful)

    by Odin_Tiger (585113)
    36% seems like a severe lowball estimate, to me. I wouldn't be at all surprised if 1/3 of WAP's still have the manufacturer's default admin login.
    • Re: (Score:2, Insightful)

      by j.sanchez1 (1030764)
      36% seems like a severe lowball estimate, to me. I wouldn't be at all surprised if 1/3 of WAP's still have the manufacturer's default admin login.

      1/3 is 33 1/3%. How is that severly off of the 36% estimate?
      • Re: (Score:2, Insightful)

        I think grandparent is saying that he thinks that more than an additional 3% could be guessed from the list of a million commonly-used passwords. He could be right.

      • 1/3 is 33 1/3%. How is that severly off of the 36% estimate?
        because as well as trying the default password, they are suggesting trying a million common passwords, so that would mean the million passwords only gained 3% penetration, which hardly seems worth the bother.
      • "1/3 is 33 1/3%. How is that severly off of the 36% estimate?"

        I think he means that if 33% alone are default passwords, with another huge chunk (maybe 10% - 15%?) being among the common million.

        On a more shocking note: Have you noticed that 40% of Slashdot posts made during the work week are done on Mondays and Fridays? :)

        • by peragrin (659227)
          >>On a more shocking note: Have you noticed that 40% of Slashdot posts made during the work week are done on Mondays and Fridays? :)

          90% of the posts I make are during work. i visit three to four times a day. Of course I rarely respond in the same day. when i check my email account in the morning I read the responses to what I said and reply back. That way i don't get into stupid flame wars, or I can shut up when i put my foot on the keyboard.
      • by mhall119 (1035984)
        The article cites 36% as default + dictionary. GP says a full 33.3% are probably default alone, with the implication that a dictionary attack would get more than 2.7% more, so therefore a combined 36% is "lowball".
      • by gstoddart (321705)

        "36% seems like a severe lowball estimate, to me. I wouldn't be at all surprised if 1/3 of WAP's still have the manufacturer's default admin login."

        1/3 is 33 1/3%. How is that severly off of the 36% estimate?

        I think he's saying that if 1/3 of all routers have the default password, "brute forcing" those happens in O(1) time, and that if you were brute forcing the remaining 2/3 of all routers, you'd probably find more than 36% are vulnerable.

        I mean, if 1/3 are using four or five distinct passwords, those are

    • by Denial93 (773403)
      It probably factors in wire connection only admin interfaces, MAC filters, obscure firmwares or some other hindrances. Even routers where the user never bothered to set a password now sometimes have wireless administration disabled. Should have RTFA, but the video is slashdotted.
  • Why brute force your way through when simply typing "admin" works far more often than it should?
  • by Facetious (710885) on Friday January 04, 2008 @11:19AM (#21910142) Journal
    Holy crap! Maybe we should deal with existing security problems before we start with the imaginary ones.
    • Well we were fighting the "existing security problems" of the Russians when the Gulf War kicked off. Perhaps had we been working on "imaginary" problems like Iraq and Saddam Hussein in 1990, we wouldn't be in this 18-year cycle of off-and-on War with Iraq?
    • by pilgrim23 (716938)

      Oh no! Imaginary problems are best dealt with by imaginary solutions, You hold a Press Conference and weave imagery to the media. Then they write it up. imagining they have it right. Face it, they lack the imagination on their own. Imagine that...

      - I craftily set my D-Link SSID to "Linksys"
      • You know that's likely more secure than you would think.
        The vast majority of the "hackers" out there likely simply try the default admin password (and assuming that the Dlink is different) would give up and move on.
        -nB
  • by Dan East (318230) on Friday January 04, 2008 @11:21AM (#21910174) Homepage Journal
    How many router models and hardware revisions would the worm need to support to make this effective? It would take a great deal of resources to produce custom firmware for that many devices and hardware revisions, especially considering that people have been trying to produce custom firmware for specific devices for a long time without any success at all.

    On another note, configuring the router for administrative access only via ethernet would completely stop the problem.

    Dan East
    • On another note, configuring the router for administrative access only via ethernet would completely stop the problem.
      Making any changes to the out-of-box condition would severely curtail the problem. Unfortunately, far too many are just that - out-of-box and plugged in.
      • Unfortunately, far too many are just that - out-of-box and plugged in.

        I wonder if it is too much to expect that when the routers are first set up, the default password should expire on the first log-in and should require a different password. Are there any routers out there that do this? How come this isn't default behavior?
        • How many people do you think buy a router, plug it in, then never login to it?

          I'm betting most of these default name/password routers around have never been logged into even once by the owner.
          • Yup. Too many people don't even know that their router has an administrative interface.
            • Too many people don't even know that their router has an administrative interface.

              Funny, if it weren't so painfully true. At a recent booze-up, one of the group comes up to me (resident technical person) and asks how they set up their new wireless modem-router at home. I asked them if they had accessed it like a web-page, with the usual 192.168.blah.blah address.

              "That's what they [whoever THEY are] told me to do on the phone, but it won't connect still."

              "Did you try connecting the computer to the thing usin
          • Would covering the router ports with a note that indicates a required login to set it up be out of the question here? A little paper insert as part of the quick setup notes would go a long way to getting users to setup some basic configuration. A setup wizard at the minimum should require users to select a new password and allow them to walk through an informative configuration sequence.
            • by David_W (35680) on Friday January 04, 2008 @12:27PM (#21911026)

              Would covering the router ports with a note that indicates a required login to set it up be out of the question here?

              They are getting there. A Linksys I recently picked up had a label over the ports reminding you to RUN CD FIRST. I'm assuming their CD will do things like change passwords and turn on encryption (wouldn't know since I prefer to do that manually).

              • by mlts (1038732) *
                I learned the hard way that the Linksys CD is worthless. Every time I've installed a Linksys router (either for myself or for friends), the CD ends up erroring on the install saying "whups, that's not doable". This occurs even on simple setups where the Linksys router is the firewall, and the wireless access point (its default config). I've found that the only real way to configure the router is to plug a machine into it with a netmask that can address 192.168.1.1, browse the web page at 192.168.1.1, use
            • A physical note would be stupid. It'd get torn off and tossed and forgotten about.

              They should just do what the wireless servers at a lot of hotels do: redirect all http requests to an internal page server. Only instead of going to a billing page, if no password is set, the first page is the setup page.

              ASIDE: Come to think of it, why is only the wireless bit encrypted? Shouldn't the wired links also be encrypted? It's not like that's compute expensive anymore.

              Of course, then they'd have to remember set t
              • by 1u3hr (530656)
                ASIDE: Come to think of it, why is only the wireless bit encrypted? Shouldn't the wired links also be encrypted? It's not like that's compute expensive anymore.

                Why would you want to do that? What possible use would it be? I can SEE exactly what is wired into my router.

                How about encrypting the link between your keyboard and PC? Your monitor? ... Looks like you've just invented Palladium.

                • How about encrypting the link between your keyboard and PC? Your monitor? ... Looks like you've just invented Palladium.

                  I meant encryption that you, as the user, have control over. Keyboard and monitor encryption are actually not bad ideas. They prevent a certain kind of invasion of privacy that is unlikely, but the cost of implementing them would also be low, so the cost is in line with the risk. As long as YOU can decide if you want it, and you can still use a the full capabilities of a monitor that do

              • The physical note would just be there to inform them that they need to go through a setup process though. The process that hotels use could easily be a redirect to the setup wizard. The note simply informs the consumer that they will go through that process.
            • by arminw (717974)
              ...A setup wizard at the minimum should require users to select a new password and allow them to walk through an informative configuration sequence.....

              A little switch labelled program/run would work to prevent modifications of any settings when in the "run" position. Anyone who wanted/needed to change any settings would need physical access to the router. When switch is in "program", the router doesn't connect to the Internet. Companies could fix this for little extra cost.
    • Re: (Score:3, Interesting)

      by kebes (861706)

      How many router models and hardware revisions would the worm need to support to make this effective?

      Since wireless routers are (usually) connected to the Internet, the worm could "phone home" to some central repository in order to get the code it needs to attack different models. What I mean is that the virus wouldn't need to carry code for all makes/models. Instead, an infected access point would scan nearby access points (or computers) for open or crackable connections, and then access a central store for the exact methodology/code/virus needed to spread to those new access points. This also means that

    • Not that hard (Score:3, Interesting)

      by seanadams.com (463190) *
      Sveasoft has firmware for most of the ARM/Linux based routers, which covers all the common Linksys/Netgear models. All you'd need to do is make a hacked version of each one and put them on a server (or botnet).

      Then all a worm would need to is gain access to the router, and then notify the server that it has been cracked. The server takes it from there... it would connect to the router, identify its model number from the status page, and upload the appropriate firmware.

      With a little ingenuity it would not be
    • And this is why I did not buy my wireless router from at&t. The models you can buy form them are pretty common and a survey of my neighborhood reveals that a number of them are out there, and they have the default network id identifying them as att wireless routers. Roughly 1/10 of the routers I found.
    • by Lumpy (12016)
      I can see it now for current Linksys routers....

      WEP virus wants to infect your router... can you please hold down reset for 6 seconds and start a TFTP server so the virus can infect your router??

      I call wishful doom. Getting DD-WRT on most of these things is a PITA enough, a Virus that will silently install it's self on everything?? yeah right. there has not been a router made that did not require special tasks to flash the firmware to something else other than a blessed version from the maker for over 3 y
      • by ZorbaTHut (126196)
        I don't know what you're smoking, but I have a Linksys router next to me that I purchased two weeks ago. Flashed it to Tomato using the "update firmware" tab on the admin interface and nothing more - no holding down reset, no TFTP, just upload and go.
    • by Zadaz (950521)
      In San Francisco you need to be in a pretty deep dark Faraday cage to not pick up at least 1 "2WIREXXX". These are what AT&T has been handing out as DSL modems for the past few years.

      Out of they box they are WEP based and have their serial number as a password. (So if you don't feel like sniffing it you can easily brute force it).

      There is no manual provided with it and no indication of how to change the password or run in WPA. (Fair enough. For most people that would just confuse them but it took some
    • by hughk (248126)

      On another note, configuring the router for administrative access only via ethernet would completely stop the problem.

      There is a German company, AVM shipping routers mostly in Europe that does the right thing. The router is shipped with a random WPA key and admin password which is distributed on a label stuck on the box. Not only that, they are also now choosing the optimal channel based on least interference. With such a device it is usable out-of-the-box for almost anyone sensible enough to use a comput

  • by dotpavan (829804) on Friday January 04, 2008 @11:22AM (#21910186) Homepage
    They believe that 36 percent of passwords can be guessed using this technique.

    Solution: Use any of the 64 percent of the pwds

  • Even though a lot of people are idiots and leave the password at the default, there are still at least 3 or 4 different types of hardware (think Belkin, D-Link, NetGear, etc., and all the different models they each have available) that are in common use. This means that to be fully effective, a virus would need to contain several different firmware images of itself, and would have to store it all in the limited space available in the flash memory of the infected unit.

    Of course, you could choose to infe

    • by zappepcs (820751)
      IANA Virus Writer, but if my program had access to the Internet as well as another AP, I'd just download the required image for the next infection on the fly?
    • by Deadstick (535032)
      Don't remember what the OEM firmware does, but with the DD-WRT firmware on my WRT54GL, you're not permitted to enable remote router access with the default password in effect.

      rj
  • Really? (Score:4, Interesting)

    by MyDixieWrecked (548719) on Friday January 04, 2008 @11:26AM (#21910250) Homepage Journal
    I'm not so familiar with Belkin, Netgear and all no-name wireless routers out there, but the newer (last year or two) Linksys WRT54G routers don't allow administrative access over the WLAN by default. You simply get an access denied page when attempting to access it. I'm kind of surprised that linksys doesn't just deny wireless connections to the administrator pages.

    Unfortunately, that means that I can no longer log in to those routers with default passwords and open up ports for myself when I'm on some stranger's network and it requires me to plug in when I need to make changes on my own networks.

    Of course, you should disable access to the administrator pages over the WLAN (or restrict it to a maintenance port if your router has one), change your administrator password (and username, if possible) and make sure you've got strong encryption with a strong password/key.

    When I was living in manhattan (2004-2005), there were over 20 visible wireless access points from my apartment. Running kismet and walking from the front to the back of my apartment with my powerbook, I could pick up closer to 30 networks and about 3/4 of them were password protected; mostly with WEP. Nowadays, living in brooklyn, I can pick up around 15 wireless networks and all but 2 are password protected and most are using WPA or WPA2.
    • by peragrin (659227)
      WPA is the security choice as it is harder to crack but not impossible.

      The trick is all you have to do is lock the front door. That prevents most random theives. though if your sharing music via P2P unlock your router. that way you can blame others.
      • Re: (Score:3, Insightful)

        by schnikies79 (788746)
        Even if that is true, if remote management is not enabled, it doesn't matter if you have the password.

        I know it was that way on my linksys.
      • The problem with WPA is that certain manufacturers of certain non-computer wifi-devices decided not to support anything other than WEP...

        Damn stupid if you ask me.
        • The problem with WPA is that certain manufacturers of certain non-computer wifi-devices decided not to support anything other than WEP

          Yeah, like my Nintendo DS. Although my Wii gets onto our network without issue.

          And I'm not sure if this is still the case, but I've had significant issues getting XP machines to log into WPA2 protected wireless networks. There was supposedly a separate update which fixed that and gave you the ability to connect to such a network, but I was unable to get it installed/working a

        • by Danse (1026)

          The problem with WPA is that certain manufacturers of certain non-computer wifi-devices decided not to support anything other than WEP...

          Damn stupid if you ask me.

          This is the problem that I have. I needed to get my living room devices connected to my wireless router in my office, but the access points that are available either aren't compatible with my router, or only support WEP when used as a wireless bridge. There's probably a solution, but I'm not a networking genius, so I don't know what it is, and with all the various devices out there, it's hard to tell what will work and what won't without actually trying them in my specific setup. That would get expensiv

        • by peragrin (659227)
          WPA is only 2002 or so tech. Windows XP only supports it in SP2 and above. Devices older than this probably don't accept it as it wasn't around when they were built. given the consumer industries record anything initially designed before 2004 most likely doesn't have support.
    • by Have Blue (616)
      Unfortunately, that means that I can no longer log in to those routers with default passwords and open up ports for myself when I'm on some stranger's network

      Unfortunately? You were taking advantage of a security flaw that has now been fixed.
    • by blhack (921171)

      I can pick up around 15 wireless networks and all but 2 are password protected and most are using WPA or WPA2.

      When i moved into my new apartment and saw a similar scenario I went "SUHWEEEEET!" and busted out the ubiquiti gear, the amps, a giant satelite-dish-sized directional antenna and its tripod, and few soekris boxen.

      Oh, and a little openwrt box that runs my wireless network. If you ever see a network called "secret_awesome" go ahead an join, i leave it open for anybody to use (you're going to get subnetted away from me though).

      Please tell me I'm not the only one who did that...cause that would be really sad.

      • When we first moved into my current apartment and didn't have internet, yet, I needed to get online with my desktop machine (no wireless and no signal in my room) so I set my powerbook up to an available network and set it up to share that internet connection through ethernet, then attached that to my switch and my access point so we could all get online with a good signal.

        I thought about it for a while but decided against simply leeching off the neighbor forever since I like to have some degree of control
    • by ImaLamer (260199)
      As an owner of, and now a hijacker of, Linksys wireless routers I must say: Wha???

      I've only used the ethernet ports once or twice, and have always been able to administer it over the air. It's the default settings. Also, two of my neighbors have unsecured AP's, both Linksys, and both allow WLAN configuration. One is setup to allow remote configuration by default (the owner has never edited a setting, I doubt he/she has turned this, of all features, on - it's hidden in the advanced setup pages).

      AP's that hav
  • I attended a talk that Steve Meyer (one of the presenters of the paper) gave at Purdue as part of the CERIAS Security Seminar Series. Link to the video is here [purdue.edu]. It's definitely worth a watch.
  • by j.sanchez1 (1030764) on Friday January 04, 2008 @11:48AM (#21910540)
    I have a Linksys WRT54GL flashed with DD-WRT firmware. I use a MAC filter that only allows computers I SPECIFICALLY tell it to, I have disabled administrative access to the router wirelessly and changed the default login AND password, and I password protect my wireless access on top of all that. It took me about an hour (if I recall correctly) to set the router up, including flashing the DD-WRT firmware on it. But once it is done, I don't have to bother changing any more settings, aside from rotating the admin password and updated the MAC filter as needed.

    Just my take on it.
    • As a side point, MAC address filtering is tremendously ineffective.
      • As a side point, MAC address filtering is tremendously ineffective.

        Why is it ineffective? Is there some way to spoof a MAC Address? If so, how could someone get the MAC address of another computer they do not have physical access to?
        • Why is it ineffective? Is there some way to spoof a MAC Address?
          Yes, lots of hardware (especially routers) set their MAC Address in software.

          If so, how could someone get the MAC address of another computer they do not have physical access to?
          MAC Addresses are constantly being broadcast, it'd be trivial to catch one.
        • by jargon82 (996613)
          Yes, it is possible to spoof a mac. Also, Mac addresses tend to be floating around in the air on wireless... alot ;) If you can associate with the access point, you (easily) can catch quite a few active MACs.
        • Yes, there is some way to spoof a MAC address. In Linux you can do it with a simple ifconfig command. In Windows you have to edit the registry.

          In order to find out the MAC address of another computer across wireless, you just have to snoop on the packets (use wireshark). The MAC address is right there (otherwise how would the router find it out?)

          Now if everything is encrypted with a scheme that isn't broken (WPA not WEP), then snooping becomes impossible. But if you are using WPA already, MAC filtering
          • by GiMP (10923)
            While MAC address filtering will not block even a non-determined attacker, it may be enough to block some automated attacks. This is especially true of those originating from limited-size firmwares, eg... worms in other nearby routers.

            All else aside, MAC address filtering does no damage other than increased administrative burden... it makes wireless security no worse, even if its benefits are only marginal.
    • by shrikel (535309)
      I have a Linksys WRT54G flashed with DD-WRT firmware. I terminated all the patch cables from it onto a cinder block, unplugged the power adapter, put the whole thing in a grounded lead-coated copper box riveted AND welded shut, encased the whole box in six cubic feet of concrete, and buried it 4 feet under my well-watered garden. Oh, and I have a dog guarding my yard. A REALLY BIG dog with a laser strapped to its head. The whole process took about 1.5 hours. I guess I could have saved 30 minutes and ju
      • Oh, and I have a dog guarding my yard. A REALLY BIG dog with a laser strapped to its head.

        If only you had a SHARK with a laser strapped to its head. Then your router would truly be secure.
    • by ledow (319597)
      Fantastic, but if you'd use WEP instead of WPA, none of that really matters now, does it? I'd be on your local network and could boucne via ANYTHING there to configure/reflash the router. Once someone's in, that's the end of it.

      And MAC filtering takes exactly zero time to bypass once you know it's in place - some tools constantly read all connected MAC's of all nearby radios and "change" to take over their MAC with a single click. You have to TRANSMIT your MAC for any sort of networking to work, and it's
  • by CounterZer0 (199086) on Friday January 04, 2008 @11:50AM (#21910574) Homepage
    Church of Wifi has a hacked firmware-based worm that runs around and replaces firmware on APs, and then looks for other AP's to attack, and propagates itself.
    The key to this kind of attack, is that it could be potentially undetectable - how do you know if the linksys firmware was replaced or slightly modified or not?
    Another great use, would be to drop TOR endpoints on every single box infected :)
    • I was wondering the same, how to verify that a router has the firmware I think is on it. It seems the only reliable way would be to

      1. Place router in Faraday cage (or disconnect antennas and use a simpler equivalent)
      2. Flash it with new firmware that is all highly compressed/uncompressible data and fills the entire flash chip
      3. Power down unit for several minutes, to clear main memory
      4. Power up and ask this new firmware to send a copy of itself back to you.
      5. If it matches, then it would be extremely difficult for
    • by Yvanhoe (564877)

      Another great use, would be to drop TOR endpoints on every single box infected :)
      One would make the world quite better by doing this
    • by GWBasic (900357)

      Church of Wifi has a hacked firmware-based worm that runs around and replaces firmware on APs, and then looks for other AP's to attack, and propagates itself. The key to this kind of attack, is that it could be potentially undetectable - how do you know if the linksys firmware was replaced or slightly modified or not? Another great use, would be to drop TOR endpoints on every single box infected :)

      Maybe that's why my Linksys router stopped working?

      A couple of weeks ago, my network started acting very strange. My computers couldn't see each other through the LAN, and my wireless network disappeared. I figured out that the router was doing some kind of a soft reset every second; it ended up getting one of my DynDNS domains disabled due to abusively updating my domain. I couldn't reset the router with the physical button, so I replaced it with an Apple router that supports WPA2.

  • Why not make the password something like a printed number on the router itself? I know it's encoded in firmware, especially with the factory reset button, but it's not too hard to say read the ID and print up corresponding stickers. They already do it for the MAC address information.
    • by Tmack (593755)

      Why not make the password something like a printed number on the router itself? I know it's encoded in firmware, especially with the factory reset button, but it's not too hard to say read the ID and print up corresponding stickers. They already do it for the MAC address information.

      That would require either 1. compiling a new firmware for EVERY unit, or 2. storing the password in a separate chip, which increases parts, cost, and everything else. They might be able to bypass the drawbacks of #2 by using the LAN side MAC tho, since that shouldnt be accessible via wifi for most wifi "routers" (tho a simple AP might be.. not as familiar with those), unlike the wifi MAC thats transmitted to all.

      tm

      • by _14k4 (5085)
        Right. They could use the lanside mac and hell, we've all seen the admin page that already knows the mac address - so we know there is API written for that side.

        On the other hand, adding another PLC to simply return a code isn't a bad idea either. Like those bank websites that hand out a keyfob... there could be a rotating number on the front of the router and the PLC could be programming to recognize the same number (the number on the front is synonymous with the keyfob) and _that_ is the admin password
  • by sm62704 (957197)
    a worm-like firmware agent could be introduced to an estimated 20,000 networks in New York City alone.
    "Although the researchers did not develop any attack code


    "Scenario?" With a "worm-like software agent?" Wake me up when (a) such a firmware worm is written or (b) when someone from the security community can be a little more specific as to how such a worm could work. I remain skeptical.

    After all, they've been telling us about Linux and Mac viruses for years, but I have yet to hear of anyone actually gettin
  • Other than possibly create a few more zombies (and I am sure there are easier ways to do that) who cares?

    Folks with real and/or sensitive data will have a password, and likely even more security.

    Those that don't likely have little to offer any hacker or anybody else. A hacker may desire your cycles for zombified attacks, and the RIAA might like to look at your MP3 list. Maybe someone might go through the trouble of trying to data mine for identity theft, but again there are much easier ways to accomplish th
  • Similar work (Score:2, Interesting)

    by desultration (997997)
    Similar work has already been published at Usenix Security. http://www.usenix.org/events/sec07/tech/akritidis.html [usenix.org]
    Full paper is available at one of the authors' website. http://s3g.i2r.a-star.edu.sg/papers/metrowifi-usenixsec07.pdf [a-star.edu.sg]
  • Oh great, so they get access to the machine. Just as if it was plugged into a DSL/cable modem line. AND???

    Cracking the password and getting network access isn't the same as getting past the firewalls, installing yourself on the machine and getting something to run you. Someone is fear mongering, or has failed to think this through.
  • by Shotgun (30919) on Friday January 04, 2008 @02:57PM (#21913316)
    What happens with this virus spreads itself around, and then takes over a automated weapons manufacturing plant? I'll tell you what happens. It becomes SELF-AWARE. That's what happens. The next thing you know, we'll have governors showing up naked in deserted places and then beating up biker guys for their clothes. We have to stop this NOW!, before someone gets the bright idea of making a TV series about it.

    Aaaah!!! We're to late. Run for the hills!!



  • I don't have any practical experience with this, but theoretically, I think a virus could be created that would infect windows computers and enable internet sharing off the wireless card. It would look at the name of the existing wireless connection and then call the shared connection '+1'. Then when zombied laptops go to coffee shops, etc. they become an additional wireless access point named 'coffee shop2'. Others mistakenly connect to the internet through this spoofed access point and all their outgoing

Building translators is good clean fun. -- T. Cheatham

Working...