Jump to content

First contagious WIFI virus


Recommended Posts

Posted

Cool research but it has been done before. Can't remember the details but it was research and only against a single vendor I think.

I also don't like the way they've described it

The propagation of the virus effectively constitutes an advanced rogue AP attack which is unique in that it occupies the exact location of the victim device.

this doesn't quite describe what they've done, to me this implies that they have placed a new AP in the same location rather than just infecting the existing one. I think just bad wording rather than anything else.

Most of the time the defence for this is just using strong keys on the AP and disabling WPS but you could have an instance where the low level drivers are vulnerable in which case just sending traffic to the AP could exploit it. This happened with madwifi-ng drivers years ago when Karma was becoming popular. Lots of people showed up at a conference with vulnerable machines and got popped.

Posted

Most of the time the defence for this is just using strong keys on the AP and disabling WPS but you could have an instance where the low level drivers are vulnerable in which case just sending traffic to the AP could exploit it. This happened with madwifi-ng drivers years ago when Karma was becoming popular. Lots of people showed up at a conference with vulnerable machines and got popped.

That's OK for a business environment. But over here the 2 biggest ISP set there routers to have a standard open wifi network. Like Fon. In such a case a city wide infection would just take hours?

Posted

True, if there were a vuln in one of the firmwares that provided hotspots then that would be a good attack vector.

Posted

That's OK for a business environment. But over here the 2 biggest ISP set there routers to have a standard open wifi network. Like Fon. In such a case a city wide infection would just take hours?

Yeah, Comcast offers free XFinity Wifi access all around my area to people who already have an account with them and not sure if they do it via peoples rented modems that have build in wifi, their cable boxes(which some now have wifi built in without them knowing, as well as cameras and microphones!) or have something setup in my town or with local businesses, like the McDonald's down the street I think uses XFinity to let you sign in for free wifi. You login to their portals using your main Comcast account though I think and need to already be a Comcast internet subscriber so I can see that being abused.

Wouldn't touch one with if you paid me though. I always wonder if any of them are rogue captive portal run on someones home network to capture logins and sniff Comcast accounts, but would be an easy target to spoof against unsuspecting users and attack their systems. VPN wouldn't even help in this case, since you can't get to or use your VPN service if you aren't logged onto the portal first for interet access, so VPN's wouldn't help save an end user in cases where they make you login with your account info for your ISP first, which you'd just be handing over your creds to the rogue AP if they're impersonating the captive portals well enough.

Posted

Yup same kinda stuff over here. At least with the change to docsis 3 there modems now starting to use nat. Before that you got a direct internet ip adres. And could even find like printers of the neighbors and such on that network ;)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...