Wi-Fi networks offer rich environment for spread of worms

An international team of computer scientists has demonstrated in the lab that it is possible for overlapping Wi-Fi networks in densely populated areas to support the rapid spread of malicious code that could infect an entire city in a matter of weeks.

The study, results of which are published in the Jan. 26 issue of the Proceedings of the National Academy of Sciences, showed that by exploiting known security weaknesses tens of thousands of routers could be infected in as little as two weeks from a single point of infection.

“Within six to 24 hours, you could take control of the largest part of the network,” said Alessandro Vespignani, professor at Indiana University’s School of Informatics in Bloomington, one of the study’s authors. “The good news is that this type of network can be protected.”

Securing a relatively small number of routers and endpoints could effectively stem the spread of malware and localize the epidemic, said Vespignani, who also works at the Complex Networks Lagrange Laboratory at the Institute for Scientific Interchange in Turin.

Also contributing to the study were Hao Hu of IU’s School of Informatics and Physics Department; Steven Myers of IU’s School of Informatics; and Vittoria Colizza of Turin’s Complex Networks lab.

The fact that Wi-Fi routers are vulnerable to malicious code comes as no surprise, Vespignani said. “The surprise here is the extent of the proximity network you create with Wi-Fi.”

Wi-Fi is wireless local-area networking based on the IEEE 802.11 family of standards. Routers and access points typically have a range of from 10 to 80 meters, depending on their power and local conditions.

The fact that the networks are built on interoperable standards is both a strength and a weakness.

“If two routers are within that range, they communicate,” Vespignani said. Again, this is not a surprise. But the number of networks located close enough to communicate with each other in densely populated urban areas such as New York City or Chicago is greater than expected. “Basically, the entire city is a connected component. People didn’t expect that the network created by proximity would be that large.”

That is a problem because although Wi-Fi security features are available, many routers and access points are not securely configured.

“A lot of people just take the routers out of the box and deploy them completely open,” Vespignani said. Many routers that are configured to use security are not using the latest and strongest protocols.

The team conducted the study using mathematical models that simulate the spread of infectious diseases. This idea is not new. “Biological models have been used to study computer viruses and worms for a long time,” Vespignani said.

The simulations were run against mapping databases created by “war driving” through urban areas with Wi-Fi and Global Positioning Systems equipment to identify and accurately locate open networks. “This was made from real data,” Vespignani said, but the infections were carried out only in simulation.

“Is it possible to write this worm? Yes,” Vespignani said. “But we didn’t want to try this, even in the lab.”

Why hasn’t such an outbreak occurred already? “I don’t know,” he said. But much of the attention of the hacker and security world has been focused on the continuing game of exploit-and-defend being played out on the Internet, and only in recent years has the density of Wi-Fi networks reached the point that they could support an epidemic outbreak. Writing malicious code for Wi-Fi routers also is more difficult than for standard computers and servers because of their limited memory and the need to make the malware work in firmware.

The success of mathematical models in predicting the behavior of biological viruses gives a high degree of confidence to the results of this study, Vespignani said. “I am confident in the methodology.” But, he added, “what will happen in the real world will be different” from the simulation, depending on local conditions. “A lot of what will happen will depend on the characteristics of the worm. But the mathematical model is a good approach.”

The purpose of the study is not to frighten people away from Wi-Fi but to alert them to the need for security, he said. By adequately securing as few as 60 percent of Wi-Fi routers, using strong passwords and WPA (Wi-Fi Protected Access) rather than WEP (Wired Equivalent Privacy) protocols, an infection could be stopped before it was able to spread throughout an entire ecosystem.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Mon, Feb 2, 2009 Hi Tehk

A Microsoft update could do the same thing. An unsecured wireless MAN would be a bad thing. Who would ever devise such a thing? I have to ask this because it is something I can't fathom. Why did it take an international consortium to come to this conclusion? Anyone who has engineered a wireless network could have explained that quite easily. If you put it under a microscope, the Internet is the vulnerable not only city wide but internationally as well. The gathering should have concentrated on this instead.

Mon, Feb 2, 2009

EtherLinx has promoted this concept for years. No Suprize WiFi coverage in densely populated urban areas such as New York City or Chicago is greater than expected. “Basically, the entire city is a connected component"... EtherLinx Long Range WiFi (up to 50 mile links) could cover the entire U.S. in the same manner using inexpensive EtherLinx Secure Signal WiFi radios. EtherLinx solution are the most secure and advanced in the industry and were designed specifically to prevent eavesdropping and/ or attacks by hackers. EtherLinx CustomKey-RF™ Radio

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above