Schneier on Security
A blog covering security and security technology.
« Difficult-to-Pronounce Things are Judged to Be More Risky |
| HIPAA Accountability in Stimulus Bill »
February 18, 2009
Computer Virus Epidemiology
"WiFi networks and malware epidemiology," by Hao Hu, Steven Myers, Vittoria Colizza, and Alessandro Vespignani.
In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attacks. In this article, we consider several scenarios for the deployment of malware that spreads over the wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for georeferenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little as 2 weeks, with the majority of the infections occurring in the first 24–48 h. We indicate possible containment and prevention measures and provide computational estimates for the rate of encrypted routers that would stop the spreading of the epidemics by placing the system below the percolation threshold.
Honestly, I'm not sure I understood most of the article. And I don't think that their model is all that great. But I like to see these sorts of methods applied to malware and infection rates.
EDITED TO ADD (3/13): Earlier -- but free -- version of the paper.
Posted on February 18, 2009 at 5:53 AM
• 10 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I don't think multi-culture is a panacea though. It just makes the most successful worms the ones that are able to exploit multiple platforms at once. If some one waited and got a hand full of exploits on many different systems, and took the time to make their worm portable to multiple platforms, I think we would be in trouble. Adding router exploits to the list is even more potent, since that is many home network's first line of defense.
Routers are probably less likely to be patched, and the options for running a different OS on any particular brand of router is very limited to the average joe.
There are a few flaws in the analysis, including:
1) Not all WiFi routers run the same or similar firmware or OS, so spreading the virus involves adapting to different hardware/firmware.
2) WPA doesn't make the router immune; a poorly chosen common password using WPA-PSK is vulnerable to this attack.
3) It's doubtful that most (or even many) routers will have the capability to do the computations associated with cracking WEP. Even if they did, the necessary time to succeed would likely be much longer than 24-48 hours.
This was a good effort, but mostly undone by a very casual analysis of the underlying technologies associated with wireless technologies. A more likely scenario is an infection of mobile phones enabled by those annoying bluetooth earphones ("snakes on your blackberry")
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.