Mobile, TDR

Analyst: Threat of virus attacks on Wi-Fi networks “overstated”

January 6, 2008

Updated Tuesday, Jan. 8, 2008, at 1:30 pm EST.

A leading analyst has labeled as "overstated" a recent warning regarding the potential vulnerability of urban Wi-Fi networks to malware attacks that theoretically could be amplified into massive incidents as unsecured wireless routers in cities are infected and directed to spread viruses.

"The idea of infecting access points and then 'directing' them has lots of barriers to overcome before becoming a meaningful risk scenario," Gartner vice president and senior fellow John Pescatore told SCMagazineUS.com.

"The [likelihood] of that happening on any scale is much lower than what is actually happening with botnets and compromised PCs. It's like worrying about earthquakes when you are living in tornado alley," he said.

Pescatore added that while there are "too many WLAN access points with insufficient security, quite often all they do is allow internet access. [Attacking Wi-Fi routers] is no different than an attacker connecting to the internet, so this doesn't appear to be a new risk."

Researchers at Indiana University recently raised an alarm about the potential vulnerability of Wi-Fi networks to malware attacks that theoretically could be amplified into significant incidents.

The researchers said that, in the absence of software to detect or prevent Wi-Fi virus attacks, faster adoption of the
Wi-Fi Protected Access (WPA) encryption protocol is needed to at least contain this emerging threat if it materializes.

The Indiana research team used a Susceptible Infected Removed (SIR) model – more commonly used by epidemiologists to track outbreaks of infectious diseases – to project the potential damage from an attack in which a worm programmed to guess administrative passwords would be introduced to a Wi-Fi router and then instruct the router to pass the virus on to other routers within range.

Using this model, the researchers estimated that thousands of routers could be infected within one or two days, and that within two weeks the outbreak could spread to most of the networks servicing a large city.

“Wi-Fi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attack and affect [the Wi-Fi networks of] entire urban areas,” the Indiana University researchers, including Hao Hu, Steven Myers, Vittorio Colizza, and Alessandro Vespignani, declared in a recently published paper entitled “Wi-Fi Epidemiology: Can Your Neighbors' Router Make Yours Sick?”

Colizza and Vespignani also are affiliated with the Institute for Scientific Interchange (ISI) in Torino, Italy.

The researchers warned that large cities with dense populations and a low percentage of encrypted routers could be particularly vulnerable to this type of attack. As an example, they cited New York, which has more than 35,000 Wi-Fi systems of which an estimated 26 percent are not encrypted.

The team said that any routers that are positioned not more than 50 yards from the network are close enough to spread such a virus, and warned that modest encryption methods currently in use, such as the Wireless Encryption Protocol (WEP), also might be circumvented if attackers gain access to encrypted data.

“Unlike PCs, [wireless routers] tend to be always on and connected to the internet, and currently there is no software aimed at specifically detecting or preventing their infection,” the researchers noted, adding that the increasing popularity of devices with increased wireless communications range (such as those utilizing 802.11n radios), may make possible even larger infections than those projected in the Indiana study.

  

prestitial ad