It's an interesting element of wireless security, rarely discussed - what happens if Wi-Fi routers are used to propagate malware directly?
No known software has been created to exploit this principle, but now researchers at the Indiana University in Bloomington have at least modelled the possibilities. The idea was to see how easily a piece of malware - an old-style worm - could jump from one infected router to other, without having to use any medium other than radio to make the leap.
The context is an urban one containing unknown thousands of Wi-Fi routers, sometimes dozens in a single street or block, virtually none of which will have any integrated malware detection. The team simulated an attack on the known Wi-Fi infrastructure in a number of US cities, finding that in Manhattan alone, such a piece of malware could spread to 18,000 boxes in around two weeks.
The purpose of the attack would be to cull information from the PCs connecting to the APs.
That <a href=" http://www.technologyreview.com/blog/editors/22538/ "target="_blank"> Wi-Fi attack simulation can be seen here </a>
The attack does assume two insecurities - lousy (WEP) or no encryption and/or poor use of passwords, but neither of these is far-fetched. Once such an attack was underway, it would be undetectable until intercepted data started to be exploited. The PCs connecting to the compromised routers would see nothing amiss, making it a near-perfect blindside attack.
What chance that StarBucks will start charging for lengths of Ethernet?