IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

News

 

Wi-Fi Virus Outbreak? Researchers Say It's Possible

A Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, according to researchers.
 

By Robert McMillan

January 04, 2008 — IDG News Service (San Francisco Bureau) — Criminals looking to target unsecured wireless routers could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University.

MORE ON Wi-Fi
Wi-Fi Mesh Lights Up Mecca for Hajj
Can Muni Wi-Fi Be Saved?
Cisco, Aruba Top List of Voice Over Wi-Fi (VoWi-Fi) Ecosystem Vendors

The researchers estimate that a Wi-Fi attack could take over 20,000 wireless routers in New York City within a two-week period, with most of the infections occurring within the first day.

"The issue is that most of these routers are installed out of the box very insecurely," said Steven Myers, an assistant professor at Indiana University, who published the paper in November, along with researchers from the Institute for Scientific Interchange in Torino, Italy,

The researchers theorize that attack would work by guessing administrative passwords and then instructing the routers to install new worm-like firmware which would in turn cause the infected router to attack other devices in its range.

Because there are so many closely connected Wi-Fi networks in most urban areas, the attack could hop from router to router for many miles in some cities.

The team used what is known as the Susceptible Infected Removed (SIR) model to track the growth of this attack. This methodology is typically used to estimate things like influenza outbreaks, but it has also been used to predict things like computer virus infections, Myers said.

Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36 percent of passwords can be guessed using this technique.

Even some routers that use encryption could be cracked, if they use the popular WEP (Wired Equivalent Privacy) algorithm, which security experts have been able to crack for years now. Routers that were encrypted using the more-secure WPA (Wi-Fi Protected Access) standard were considered impossible to infect, Myers said.

Myers' model is based on data compiled from the Wireless Geographic Logging Engine (WiGLE), a volunteer-run effort to map Wi-Fi networks around the world, which has over 10 million networks in its database.

Using this data, they were able to map out large networks of made out of Wi-Fi routers that were each no more than 45 meters (49 yards) from the network -- in other words, close enough for an infection to spread. The largest such network in New York included 36,807 systems; in Boston it was 15,899; and in Chicago: 50,084.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

Wireless Vulnerability Management: What It Means for Your Enterprise

How to simplify mobility and reduce the cost of supporting mobile workers

Performance Brief: Mobile Application Acceleration

Wide-area data services enable todays global enterprise

WAN Optimization for mobile users is critical to your business success.

Read the FREE Forrester study "Optimizing Users and Applications in a Mobile World"

Webcast: Research insight into how organizations are using virtualization

3 Reasons to Invest in Integration Technology Now

A CIO's View of Server Virtualization

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

Increase conversions on your site with the help of EV SSL.

Strategies for centralizing data backup

The Best IT Strategy for a Company with Global Operations

Speed, agility, flexibility - The HP BladeSystem c-Class

The Business Value of Symantec Data Center Foundation Solutions

Webcast: Why standardizing your ECM platform is so critical to your success

The PCI Data Security Standard

See why 93 of the Fortune Global 100 depend on Blue Coat.

Taking Document Automation to the Next Level

Research about the efficiencies created by different operating systems.

Survey and Whitepaper: Reducing IT Energy Drain for Business Gain

Top 10 Reasons to Go Green in IT

Gaining Transparency in IT Outsourcing

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

Get Control of Mobile Data (and More)

Extending PCI Compliance to the Mobile Workforce

A proven approach to WAN optimization

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management

Global Crossing is the most viable alternative for voice, video and data.

The New Foundation of Storage: Xiotech's Intelligent Storage Element

3M saved $3M on printing. Learn how HP can help your business

Survival of the Fittest: Disaster Recovery Design for the Data Center

Windows Server 2008: To Upgrade or Not to Upgrade?

Data Loss Prevention Starts at the Endpoint

Green IT: Reducing Your Carbon Footprint with Citrix

Discover PMI's credentials and career path tools

Symantec State of the Data Center Report

Getting the Most from your Data Protection Solution

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Compliance by the numbers- addressing requirements with online document management and collaboration technology

Video Series: IT Leaders discuss how IT is becoming part of the innovation cycle.

White Paper: WebMethods Business Process Management Suite

Architecting A Better Network Storage Solution

Experience the colorful side of business. Visit Frugalcolor.com.

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks