WiFi flu

Haxx0r3d-router As if we don’t already have enough “regular” viruses to worry about, a research team from Indiana University suggests that a specially designed computer virus made to attack and propagate on unsecured WiFi routers could easily infect entire cities.

While the risk is apparently only theoretical at the moment, the potential for trouble is a function of the rapid uptake in wireless technology; there are enough open routers about nowadays that the theoretical bug could hop all across town unimpeded. [Image by kludgebox]

People tend to forget that routers are just little computers, but you can bet the malware industry is well aware of it. That said, I can’t really see the commercial potential of such a virus* – and if it can’t be used to make money, surely it would be a four-week proof-of-concept fad for script kiddies at worst?

[* The inevitable disclaimer here is that I’m not a computer security expert by any stretch of the imagination – if you can explain in more detail, please do so in the comments.]

[tags]WiFi, computing, virus, malware[/tags]

7 thoughts on “WiFi flu”

  1. Lots of commercial potential. If they control your router, they control your access to the Internet.

    They can easily use that to take control of your computer as well, by altering a web request to return something that exploits a Windows security vulnerability, or by modifying an executable program you were downloading anyway.

    That done your router and all your computers become part of something like the storm botnet (http://en.wikipedia.org/wiki/Storm_botnet). Whence all sorts of revenue opportunities – from stock pump and dump spamming schemes, through to military-funded denial of service attacks against enemy countries.

    It’s scary.

  2. Or they could turn your router into a mail server and use it to send to spam.

    Or they could reroute legitimate requests to your bank to a phishing site instead. Since this attack corrupts the network, you and your browser, with all its anitphishing tools, would be completely unaware.

    Scary indeed.

  3. People forget that “internet” routers includes the one in your home. If that’s compromised, you’re prone to every “man in the middle” attack conceivable.

    Windows updates which permanently install backdoors or trojans, the ability to silently snag personal info without needing to redirect to fraudulent sites(make the router the end point of any https sessions and forward the decrypted page to the computer so all personal info is transmitted unprotected), ‘local loop’ vulnerability scanning to instantly infect new Windows installs; you name it, they could do it.

  4. i don’t see the huge danger here, let me explain my point of view.

    if a virus get’s to your router, they can’t connect to other routers (at least, most routers can’t, they should have to find a way to your own computer, spread a virus there and use the computer to connect to another router… most routers can’t connect directly to other routers (yet)
    another point, is that most routers are very limited in capasity, making it impossible to install full mailservers or proxy servers that relay your web trafic.

    one thing the IS dangerous is the possibility there already is for anarchist, just to spread chaos: they can just drive through the city with a laptop sending the virus to all different routers, which could then take over other machines… but i still believe they will need someone to spread it first, router-to-router interaction seems very unlikely…

  5. Yeah, this could be a big issue. Simply poisoning the nameserver entries (usually assigned by DHCP from your ISP) could redirect all DNS requests (i.e. Where’s google.com? Oh, it’s over there at Great, Thanks!) to a server pointing at a bunch of phishing sites, or at best a proxy that adds ads to each site visited (Some ISPs already do this, cheeky bastards) where there is a LOT of money. This attack wouldn’t even require a firmware hack or modification. I could write a shell script to do this using freely available default password lists in about 10 minutes per major manufacturer. This is just the money side, for actual attacks and such there is a lot more fun to be had, but it’s a bit more complicated than I want to get into. Scary stuff eh? (I’m off to lock down my router now :p )

  6. I am afraid that you underestimate the maliciousness and stupidity of script kiddies and 12 year geeks who get picked on too much at school. It will probably last MUCH longer than 4 weeks. They are the ones that do not care to make a profit; its more about tipping the scales of power in their favor, as they are thouroughly unable to do so in real life.


  7. Hows about simple ad injection like some public hotspots already have… Shoot, I can already see it. DD-WRT + LinkToAds + a little contagion magic.

Comments are closed.