Page last updated at 15:03 GMT, Tuesday, 27 January 2009

Alarm sounded over wi-fi networks

Simulation of virus spreading, Steven Myers
Using wi-fi routers, malware could spread very quickly.

Wireless access points could be used by hi-tech criminals to spread viruses and worms, warn US researchers.

Security holes and the popularity of the devices in cities make them ideal for spreading malware, they found.

Using modelling methods from real diseases the team showed how a worm could gradually infect all access points in urban areas.

They found that the majority of vulnerable access points would be hit in the first 24 hours of an outbreak.

Password cracking

The simulation work showed that within two weeks of an outbreak occurring 55% of wi-fi access points would be compromised. In urban areas this could mean tens of thousands of people were at risk, said the researchers.

Before now malicious attacks carried out via wi-fi routers have been limited in scope. Most revolve around the creation of fake access points that steal login and other details from those using them to get online.

The work by Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani from Indiana University shows how the ubiquitous access points could be used in a much more ambitious attack.

The theoretical attack modelled by the team involved attempts to subvert the firmware inside a wi-fi access point or router which keeps the device running.

Hi-tech criminals keen to subvert wi-fi access points could rely on the fact that few people take basic steps to stop unauthorised access to the device, said the researchers.

Surveys of consumer use of wi-fi routers suggest that a maximum of 40% of the machines use encryption to limit who can use them. In addition, most people do not change the default password the device ships with making it easy for attackers to get access.

Also, noted the researchers, few routers have lock out mechanisms that stop endless attempts to guess passwords that have been changed.

The researchers modelled attacks in seven areas including Manhattan in New York and Chicago. The numbers of wi-fi routers in each location were taken from public lists of access points. In the New York simulation about 18,000 access points were infected over a two-week period.

"We note that there is a real concern about the wireless spread of wi-fi-based malware," wrote the researchers in their paper which appeared in PNAS.

They added: "Action needs to be taken to detect and prevent such outbreaks, and more thoughtful planning for the security of future wireless devices needs to occur, so that such scenarios do not occur or worsen with future technology."

The team recommended that people be forced to change default passwords and encouraged to use encryption - both of which can limit the ability of wireless-borne malware to spread.

Print Sponsor

Wireless turns iPod into a phone
06 Dec 08 |  Technology
Computer virus hits navy e-mails
15 Jan 09 |  Hampshire
Wi-fi security system is 'broken'
19 Oct 07 |  Technology
Computer viruses make it to orbit
27 Aug 08 |  Technology
Clock ticking on worm attack code
20 Jan 09 |  Technology
'Evil twin' fear for wireless net
20 Jan 05 |  Technology
Google backs 'white space' wi-fi
25 Mar 08 |  Technology

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific