Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Wireless Networking Security Worms Hardware

Researchers Say Wi-Fi Virus Outbreak Possible 165

Posted by Zonk from the batten-down-the-hatches dept.
alphadogg writes with a link to a NetworkWorld article about a troubling security scenario. Indiana University IT researchers are now saying that a WiFi attack intended to piggyback across unsecured access points could do serious damage in a city like Chicago or New York. By essentially brute-forcing the passwords on insecure routers, a worm-like firmware agent could be introduced to an estimated 20,000 networks in New York City alone. "Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36% of passwords can be guessed using this technique."
This discussion has been archived. No new comments can be posted.

Researchers Say Wi-Fi Virus Outbreak Possible More

Researchers Say Wi-Fi Virus Outbreak Possible

Comments Filter:

  • Really? (Score:4, Interesting)

    by MyDixieWrecked ( 548719 ) on Friday January 04, 2008 @12:26PM (#21910250) Homepage Journal
    I'm not so familiar with Belkin, Netgear and all no-name wireless routers out there, but the newer (last year or two) Linksys WRT54G routers don't allow administrative access over the WLAN by default. You simply get an access denied page when attempting to access it. I'm kind of surprised that linksys doesn't just deny wireless connections to the administrator pages.

    Unfortunately, that means that I can no longer log in to those routers with default passwords and open up ports for myself when I'm on some stranger's network and it requires me to plug in when I need to make changes on my own networks.

    Of course, you should disable access to the administrator pages over the WLAN (or restrict it to a maintenance port if your router has one), change your administrator password (and username, if possible) and make sure you've got strong encryption with a strong password/key.

    When I was living in manhattan (2004-2005), there were over 20 visible wireless access points from my apartment. Running kismet and walking from the front to the back of my apartment with my powerbook, I could pick up closer to 30 networks and about 3/4 of them were password protected; mostly with WEP. Nowadays, living in brooklyn, I can pick up around 15 wireless networks and all but 2 are password protected and most are using WPA or WPA2.

  • Re:Varying router models and revisions (Score:3, Interesting)

    by kebes ( 861706 ) on Friday January 04, 2008 @12:39PM (#21910428) Journal

    How many router models and hardware revisions would the worm need to support to make this effective?
    Since wireless routers are (usually) connected to the Internet, the worm could "phone home" to some central repository in order to get the code it needs to attack different models. What I mean is that the virus wouldn't need to carry code for all makes/models. Instead, an infected access point would scan nearby access points (or computers) for open or crackable connections, and then access a central store for the exact methodology/code/virus needed to spread to those new access points. This also means that the virus author could add new makes/models to the "central store" (which would probably be running in a botnet or compromised webserver somewhere) thereby augmenting the virus as it spreads, making it more virulent with time.

    Of course you're right that this does indeed require the virus author to design code for a wide variety of routers and access points.

    On another note, configuring the router for administrative access only via ethernet would completely stop the problem.
    That should really be the default. Routers are typically less secure from the wireless end than from the wired end (hacking someone's router from the internet is harder than just accessing it wirelessly, since many people don't even secure the wireless end with a password). So it may be viable to create a "bot-mesh" of wireless access points, which gives you all kinds of dangerous abilities (e.g. you can convincingly spoof websites for anyone on the affected LAN as part of a phishing attack).

  • Not that hard (Score:3, Interesting)

    by seanadams.com ( 463190 ) * on Friday January 04, 2008 @01:08PM (#21910796) Homepage
    Sveasoft has firmware for most of the ARM/Linux based routers, which covers all the common Linksys/Netgear models. All you'd need to do is make a hacked version of each one and put them on a server (or botnet).

    Then all a worm would need to is gain access to the router, and then notify the server that it has been cracked. The server takes it from there... it would connect to the router, identify its model number from the status page, and upload the appropriate firmware.

    With a little ingenuity it would not be hard to do this in a way that is transparent to the user - i.e. most users have a plain vanilla setup and it would be easy enough to snarf the configuration and apply that to the new upgrade too.

  • Similar work (Score:2, Interesting)

    by desultration ( 997997 ) on Friday January 04, 2008 @01:19PM (#21910942)
    Similar work has already been published at Usenix Security. http://www.usenix.org/events/sec07/tech/akritidis.html [usenix.org]
    Full paper is available at one of the authors' website. http://s3g.i2r.a-star.edu.sg/papers/metrowifi-usenixsec07.pdf [a-star.edu.sg]

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close