dslreports logo
 story category
The Wi-Fi Flu
And WPA is your vaccine....
Ars Technica points to new research (pdf) out of Indiana University that focuses on potential future malware attacks aimed specifically at wireless routers. Said attacks could do significant damage on a city-wide scale, given the routers are essentially "contagious" to other routers within signal range. These new infections would have their limits, however:
quote:
Interestingly, the modeled router infection patterns resembled a biological equivalent. Router infections are slowed or stopped completely by geographical barriers such as rivers, for instance. Isolated areas with a limited chain of wireless connections leading back to the point of infection could remain entirely untouched if one router along the chain uses WPA.
Researchers note that strong security practices (using WPA instead of WEP, strong passwords) could make these Wi-Fi "contagions" a non-issue.
view:
topics flat nest 
patcat88
join:2002-04-05
Jamaica, NY

patcat88

Member

hw assignment

Um, what exactly is taken over, I see the associating with a router part, I dont see the carrier. Is this someone's idea of a semester long project, that they conviently ignore certain real world facts in order to make this hypothetical study?

The only carrier I can think of would be exploiting a linux/firmware security hole, or interfering with TCPIP traffic and injecting something to infect a web browser or similar PC application/

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

1 edit

FFH5

Premium Member

Re: hw assignment

said by patcat88:

Um, what exactly is taken over, I see the associating with a router part, I dont see the carrier. Is this someone's idea of a semester long project, that they conviently ignore certain real world facts in order to make this hypothetical study?

The only carrier I can think of would be exploiting a linux/firmware security hole, or interfering with TCPIP traffic and injecting something to infect a web browser or similar PC application/
I read the linked PDF on this and there is no mention of how you would infect a router once you can gain access to it. Their whole paper is based on ease of access due to no or weak security. There is nothing on how malware could get on the router once access is attained. The only home WiFi routers I am familiar with(Netgear & Linksys) do not let you change code except thru an ethernet linked PC.

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

cacroll

Premium Member

Re: hw assignment

said by FFH5:

The only home WiFi routers I am familiar with(Netgear & Linksys) do not let you change code except thru an ethernet linked PC.


Every WiFi router that I've seen lets you flash firmware by connecting to the management server. Using Ethernet or Wifi is equally acceptable to the firmware update process.

I constantly and seriously advise against using WiFi for firmware updates, as it is the best way that I can think of to brick a router. But I don't think that the update process prevents you.

joako
Premium Member
join:2000-09-07
/dev/null

joako to FFH5

Premium Member

to FFH5
I've flashed firmware plenty of times via WiFi. What needs to be done is somewhat elaborate: create firmwares for the routers and be able to identify the router connected to and load the correct firmware. It's not impossible.... it's not even that hard just needs someone that is dedicated and applies their effort into the matter.

Also many routers use Linux so there might be a more trivial way to have the router execute some code.

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

1 recommendation

cacroll

Premium Member

Re: hw assignment

said by joako:

I've flashed firmware plenty of times via WiFi.


I do 5 things before flashing firmware.

  • Record or save all settings.
  • Reset all settings to factory defaults.
  • Turn the radio off (if WiFi).
  • Disconnect all Ethernet connections.
  • Connect one single Ethernet cable, to one single computer.

The second time I flashed my BEFSX41, I neglected to remove all Ethernet cables. That was when I had to learn, from a thread in this forum, how to unbrick a BEFSX41.

Maybe I can flash using WiFi. Maybe I can drive down the highway at 80 mph and not get nailed by the cops. Maybe not.

I don't recommend speeding to anybody. Nor will I recommend using WiFi to flash firmware.

joako
Premium Member
join:2000-09-07
/dev/null

1 recommendation

joako to patcat88

Premium Member

to patcat88
Totally agree.. I wouldn't try to flash a router when I have ethernet access to it... just saying its possible and most of the time it will work.

AnonProxy
Premium Member
join:2001-05-12

AnonProxy

Premium Member

bla bla bla

More experts talking out of their ass trying to create a buzz about theories that are basically crap.

Here's a new phrase I just coined...

Wandemic or Wan-demic in the same vein as pandemic but for wans.

Cjaiceman
MVM
join:2004-10-12
Castle Rock, WA
(Software) pfSense
Ubiquiti UniFi UAP-AC-PRO

Cjaiceman

MVM

No chance here, keep lookin...

I agree with above that this is a theory at best, but I am prepared and have been for a long time. I run a WRT54G with Thibor15c, WPA2-PSK with 21+ character key, hidden SSID and MAC filtering. The next large step up from this is to just turn off the wireless. I guess I could do that if needed since this doesn't run as a router, just an AP.

For all the people running open wireless I think they should secure it to prevent a large outbreak of something like this, but I just for some reason can't see this moving around too much. Just something about there being a lot of different types of routers, Linksys, Netgear, Belkin, D-Link just to name a few.
ctggzg
Premium Member
join:2005-02-11
USA

ctggzg

Premium Member

Re: No chance here, keep lookin...

Slightly overkill, but okay. AES instead of TKIP?

asdfghjklzx5
Premium Member
join:2004-05-03

1 recommendation

asdfghjklzx5 to Cjaiceman

Premium Member

to Cjaiceman
Using a hidden SSID and Mac Filtering accomplish nothing in the way of wireless security.

WPA2 is the only thing you need.

cacroll
Eventually, Prozac becomes normal
Premium Member
join:2002-07-25
Martinez, CA

cacroll to Cjaiceman

Premium Member

to Cjaiceman
said by Cjaiceman:

I run a WRT54G with Thibor15c, WPA2-PSK with 21+ character key, hidden SSID and MAC filtering.


A hidden SSID, and MAC address filtering, will protect you from your clueless neighbor who is just learning how to turn his computer on. They will do nothing to protect you from the really bad guys who can hurt you, or damage your reputation. Plus, they identify you, in a way that you don't need:

  • Someone who wants to hide.
  • Someone who hasn't a clue how to protect himself.

Like a typical tourist, with bulging camera bag, shoulder bag, and map which he is anxiously perusing, on a crowded city street, a WiFi network using a hidden SSID and MAC address filtering, is seen as an easy target by the beginner level criminals. The pros will attack you when they are bored, or really broke.
»nitecruzr.blogspot.com/2 ··· ing.html
»nitecruzr.blogspot.com/2 ··· sid.html

wruckman
Ruckman.net
join:2007-10-25
Northwood, OH

wruckman

Member

Awsome!

I find it hilarious that computers are becoming more and more like us. Modeling them in our own image. Even our weaknesses are becoming their weaknesses. haha!

Uhh
@insightns.com

Uhh

Anon

girls

They aren't going to tell you how to do it. LOL

GlobalMind
Domino Dude, POWER Systems Guy
Premium Member
join:2001-10-29
Indianapolis, IN

GlobalMind

Premium Member

GO IU

Good stuff or not, might as well give props to the alma mater.

In any event, hasn't it been considered best practice for some time now to use WPA?

The Mad Hacker
@qwest.net

The Mad Hacker

Anon

Doesn't make sense

Consumer grade wireless routers don't talk to each other, how can malware spread wirelessly through them?

huh
@170.153.25.x

huh

Anon

Re: Doesn't make sense

said by The Mad Hacker :

Consumer grade wireless routers don't talk to each other, how can malware spread wirelessly through them?
This is what I want to know. Will they try to find other ones over their broadband connection?
Isn't the default for most access points to NOT have the remote management enable?
Or do they expect a vulnerability to be used via the lan to propagate? and that isn't a wireless infection method as they are trying to 'hype'.

KP
JimF
Premium Member
join:2003-06-15
Allentown, PA

1 edit

JimF to The Mad Hacker

Premium Member

to The Mad Hacker
On page 2 of the PDF, they state:
"Further, as routers need to be within relatively close proximity to each other to communicate wirelessly, an attack can now take advantage of the increasing density of WiFi routers in urban areas that creates large geographical networks where the malware can propagate undisturbed."

So they are simply assuming some sort of wireless network, maybe a mesh network for coverage of large areas. On the other hand, earlier on that page, they talk about the percentage of households that have WiFi routers. Clearly, those don't (at present) talk to each other. So they are mixing apples and oranges.

wxboss
This is like Deja vu all over again.
Premium Member
join:2005-01-30
Fort Lauderdale, FL

wxboss

Premium Member

Wifi Bewilderment

If anything good comes out of this, maybe it will be the awareness for the need to lock down your networks.

One guy that I work with deliberately keeps his WAN unlocked so that, 'The neighbors can use it as we all share our networks.'

After just a few minutes of trying to ingrain the need for some security, I realized that my attempts were futile. Some people - if they don't already know, you just can't tell them.