Computer Virus Epidemiology

"WiFi networks and malware epidemiology," by Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani.

Abstract

In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24–48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold.

Honestly, I'm not sure I understood most of the article. And I don't think that their model is all that great. But I like to see these sorts of methods applied to malware and infection rates.

EDITED TO ADD (3/13): Earlier -- but free -- version of the paper.

Posted on February 18, 2009 at 5:53 AM • 10 Comments

Comments

CalumFebruary 18, 2009 6:20 AM

I'm kinda with Bruce on this one. Are they talking about malware running on the router itself? In which case, I can kind of understand you might have a problem. On the other hand, it's one easily dealt with by not running a monoculture.

Josh O.February 18, 2009 6:36 AM

I don't think multi-culture is a panacea though. It just makes the most successful worms the ones that are able to exploit multiple platforms at once. If some one waited and got a hand full of exploits on many different systems, and took the time to make their worm portable to multiple platforms, I think we would be in trouble. Adding router exploits to the list is even more potent, since that is many home network's first line of defense.

Routers are probably less likely to be patched, and the options for running a different OS on any particular brand of router is very limited to the average joe.

PiPFebruary 18, 2009 12:01 PM

In a real-world environment this type of attack is currently very low-risk; re-flashing the firmware on a typical router is a difficult process that usually takes multiple attempts, hardware resets, and often ends in failure. If a skilled and deliberate firmware upgrade has such a low success rate, I doubt that any malware will be able to successfully spread through it. Compare it to a disease that kills its victim before it has a chance to spread to other hosts.

Mike WFebruary 18, 2009 4:55 PM

There are a few flaws in the analysis, including:
1) Not all WiFi routers run the same or similar firmware or OS, so spreading the virus involves adapting to different hardware/firmware.
2) WPA doesn't make the router immune; a poorly chosen common password using WPA-PSK is vulnerable to this attack.
3) It's doubtful that most (or even many) routers will have the capability to do the computations associated with cracking WEP. Even if they did, the necessary time to succeed would likely be much longer than 24-48 hours.

This was a good effort, but mostly undone by a very casual analysis of the underlying technologies associated with wireless technologies. A more likely scenario is an infection of mobile phones enabled by those annoying bluetooth earphones ("snakes on your blackberry")

Mike W

laptop asusMay 26, 2010 4:47 AM

In a real-world environment this type of attack is currently very low-risk; re-flashing the firmware on a typical router is a difficult process that usually takes multiple attempts,

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..