Previous Entry Share Next Entry
The geographic model looks like the spread of a virus...
Binary
elite_fuzz
Wireless security is one of my favorite soapbox's. Whenever I teach an A+ class or a Net+ class I always spend a few minutes talking about the theory behind cracking WEP and WPA, and how easy it is, to drive home the point that wireless connections are just not secure without advanced encryption and authentication (something a RADIUS server would provide). Researchers at Indiana University have recently given me another talking point when lecturing students on wireless security.

Researchers at IU have come out with a scenario that is quite scary. A worm attack focused on infecting wireless routers! With the prevalence of wireless routers in the market today large gatherings of people will probably be covered in wireless signals (city's, towns, etc). A worm that could travel to, and infect, any wireless router within the range of an already infected wireless router could have the ability to infect an entire city in a very short period of time.

But wireless encryption should make this impossible right? Not hardly. Granted, a wireless router with a strong WPA key would probably be safe, but how many people do you know that willingly use a strong WPA key? For that matter, how many people do you know that change the default root username and password on their wireless router?

So what would a worm like this have to do to be successful? First you would have to be able to connect to wireless routers. Not very hard of they are unencrypted, use WEP, or weak WPA keys. Second, once connected the worm would have to be able to change the firmware of the wireless router. In order to do this you would have to log in as the administrator. Because very few people take the time to change the defaults this is relatively easy. It would be fairly easy (relatively) to create a Linux kernel small enough to load on a wireless router and carry out these small tasks.

Fortunately, a worm like this does not yet exist (as far as I am aware). Though now that someone thinks its possible it's only a matter of time until someone trys to do it. So take precautions now. If you have devices that can use WPA make a strong WPA key and use that. I know its a pain, but the added security should ease the pain slightly. If you haven't yet changed your default username and password go do it!

  • 1
will you teach me how to crack WEP? I need to start stealing my neighbors internet cause the free shit doesn't always work so well :)

The theory behind WEP cracking has to do with the IV (initialization vector) of the packet. When they say 64 bit WEP Encryption they're lying. 24 bits of that are used for the IV, which is basically a random number attached to the beginning of each packet to make it harder to crack. Unfortunately 24 bit IV's arn't large enough to ensure that random numbers arn't repeated. In 500 packets theres something like a 50% chance that an IV will be repeated. Seeing as the key to cracking encryption is repeatability (as an example "E" is the most common letter in our alphabet. If we were to cypher a long phrase using a straight substitution cypher, the most common symbol in the newly encrypted message is most likely "E", the more examples of the cypher we have, the more sure we can be that it really is "E")

I wont tell you where to get tools that will force packets from the AP or decrypt what you get... but a good place to start looking is insecure.org (link)

  • 1
?

Log in