Last modified: Wednesday, November 15, 2006
IU informatics scientists seek tools to shield against Wi-Fi drive-bys
FOR IMMEDIATE RELEASE
Nov. 15, 2006
BLOOMINGTON, Ind. -- As wireless networking usage increases in homes and at small businesses, so grows the threat from cyber crooks who use slick software to steal consumers' personal information and wreak havoc with their computer systems.
Researchers at the Indiana University School of Informatics and the Stevens Institute of Technology in New Jersey are tackling that threat. Their recent study, "Warkitting: the Drive-By Subversion of Wireless Home Routers," outlines the problems and suggests countermeasures that can be taken.
Specifically, the research team probed the weaknesses of wireless router technology. A router is a device that allows wireless users to create home networks and connect with other computers, or link to the Internet. Wireless routers can be maliciously altered through either bad configuration or replacement of their internal software, also known as firmware.
"Our study detected wireless networks using a laptop computer and the open-source network detection software 'iwlist,' which detects properties of a Wi-Fi network," said principal investigator Alex Tsow, a computer science doctoral student and visiting research associate at IU.
"Once compromised, a wireless router spoils Internet access for all clients," Tsow continued. "Clients would be vulnerable to pharming, password sniffing and other man-in-the-middle attacks. Since a compromised router can victimize all connected clients, public hotspots become a high value target for this kind of attack."
Joining Tsow were Markus Jakobsson, IU associate professor of informatics; and Stevens Institute computer scientists Lui Yang and Susanne Wetzel.
They compared broadcast addresses, a unique identifier assigned to each wireless network, to derive make-and-model distribution in the Hoboken, N.J., area. The team estimated that as many as 10 percent of wireless home routers have no security changes from widely known default settings, and that as many as 33 percent of the routers they detected have readily available open source firmware. This would leave the routers exposed to becoming virtual passports to wireless hackers.
Jakobsson points out that the user would not even know that the router is being probed. "It could be somebody in the parking lot outside your building or maybe your neighbor."
The type of attacks that may result can achieve a variety of things, such as pharming, malicious coding installed on a personal computer or server to misdirect users to fraudulent Web sites, and click-fraud, which is the theft of advertising revenue from legitimate Web sites. Another type of attack can effectively "starve" anti-virus filter updates.
"This latter attack can effectively disable the protection on any computer connected only to the affected routes," Jakobsson said. "It can turn a person's router into a zombie controlled by hackers who can steal people's credentials and finances, deliver spam and even host child pornography Web sites."
There are no known anti-virus software kits that can protect against the attacks described in the Warkitting study. But the IU-Stevens Institute researchers believe protective measures can be devised.
They suggest the development of "honeypots," systems designed to attract and analyze warkitting behavior by deliberately emulating vulnerable wireless systems. The strategy allows the study of these phenomena in a controlled setting.
Honeypots emulating vulnerable wireless networks can be implemented with a single computer running multiple wireless interfaces that notifies authorities about unauthorized administrative access.
"The easiest protections for an individual, small business or those operating wireless Internet cafes are to use a strong administrative password, disengage wireless administration when possible, or use wireless protected access encryption methods," Jakobsson said.
"If you have problems remembering long and strange passwords, then write them on a sticker on your router," Jakobsson suggested. "The guy in the parking lot will not be able to read it."
The IU School of Informatics and Stevens Institute of Technology researchers will discuss their work at the Anti-Phishing Work Group eCrime Researchers Summit, Nov. 16-17, in Orlando, Fla.
To arrange an interview with Alex Tsow or Markus Jakobsson, contact Joe Stuteville at 317-946-9930 or firstname.lastname@example.org