Researchers Say Wi-Fi Virus Outbreak Possible 165
alphadogg writes with a link to a NetworkWorld article about a troubling security scenario. Indiana University IT researchers are now saying that a WiFi attack intended to piggyback across unsecured access points could do serious damage in a city like Chicago or New York. By essentially brute-forcing the passwords on insecure routers, a worm-like firmware agent could be introduced to an estimated 20,000 networks in New York City alone. "Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36% of passwords can be guessed using this technique."
Only 36%? (Score:2, Insightful)
Re:Only 36%? (Score:2, Insightful)
1/3 is 33 1/3%. How is that severly off of the 36% estimate?
troubling security scenario? (Score:4, Insightful)
Varying router models and revisions (Score:5, Insightful)
On another note, configuring the router for administrative access only via ethernet would completely stop the problem.
Dan East
Re:Only 36%? (Score:2, Insightful)
Re:1 million passwords? (Score:5, Insightful)
Re:Really? (Score:3, Insightful)
I know it was that way on my linksys.
Common Sense Should Prevent This (Score:3, Insightful)
Just my take on it.
Re:Varying router models and revisions (Score:4, Insightful)
They are getting there. A Linksys I recently picked up had a label over the ports reminding you to RUN CD FIRST. I'm assuming their CD will do things like change passwords and turn on encryption (wouldn't know since I prefer to do that manually).
Re:Question... (Score:3, Insightful)
Re:Question... (Score:3, Insightful)
First, the router providing the wireless AP access should not be the same router firewalling your LAN from the rest of the Internet. This keeps "management" ports that might accidently be open from being Internet accessible. This is hard sometimes. One router I have has two connections to my little LAN, one from one of its machine ports, and one from its "internet" port. This allows it to check for firmware upgrades and whatnot, letting it think its connected to the Net.
Second, if WEP is all you got [1], put the wireless AP on its own network segment, and have the only way in via a hardened machine with a PPTP/L2TP port and a good username and secure password, secure password being preferably over 30 characters. Then, when (not if) someone does bag the wireless key and hops on the network, they will not obtain much in the way of access. If you can't firewall off your WEP AP, nor are able to replace it, consider making it a daily or weekly item in your schedule to change the WEP key.
I personally avoid the fluff of not broadcasting the SSID, but I do use MAC address protection because its another lock on the front door, and once set up, it really takes little administrative work.
[1]: Only use WEP as a *last resort*. Any router made since 2006 (from what I know) *has* to support WPA-PSK and WPA2-PSK (because WPA and WPA2 are part of the 802.11i spec), so if you can, buy a replacement access point from a CompUSA closeout or something similar and use that. Use a decent (12+ chars) for the router's admin account, and have KeePass generate a 63 character WPA/WPA2 key. I personally generate a 63 char key from KeePass, paste it into the router's config. Then, I copy the key's text into a file on a USB flash disk, carry that to all the machines which use the wireless AP, and paste it in their configs. I have my router set to only allow WPA2 and deny WPA, as all my wireless devices understand AES, but other people may need both WPA and WPA2 available.
Of course, just to be safe, consider changing the WPA/WPA2 key every so often (I've heard monthly to six months.)