Sign up to save your podcasts
Or
Share Steve Myers, Indiana University, "Wireless Router Insecurity: The Next Crimeware Epidemic"
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Steve Myers, Indiana University, "Wireless Router Insecurity: The Next Crimeware Epidemic"
The widespread adoption of home routers by the general public has added a new target for malware and crimeware authors. A router's ability to manipulate essentially all network traffic coming in to and out of a home, means that malware installed on these devices has the ability to launch powerful Man-In-The-Middle (MITM) attacks, a form of attack that has previously been largely ignored. Making matters worse, many homes have deployed wireless routers which are insecure if the attacker has geographic proximity to the router and can connect to it over its wireless channel. However, some have downplayed this risk by suggesting that attackers will be unwilling to spend the time and resources necessary, nor risk exposure to attack a large number of routers in this fashion. In this talk, we will consider the ability of malware to propagate from wireless router to wireless router over the wireless channel, infecting large urban areas where such routers are deployed relatively densely. We develop an SIR epidemiological model, and use it to simulate the spread of malware over major metropolitan centers in the US. Using hobbyist collected wardriving data from Wigle.net and our model, we show the potential for the infection of tens of thousands of routers in short periods of time is quite feasible. We consider simple prescriptive suggestions to minimize the likelihood that such attacks are ever performed. Next, we show a simple yet worrisome attacks that can easily and silently be performed from infected routers. We call this attack 'Trawler Phishing'. The attack generalizes a well understood failure of many web-sites to properly implement SSL, and allows attackers to harvest credentials from victims over a period of time, without the need to use spamming techniques or mimicked, but illegitimate web-sites, as in traditional phishing attacks, bypassing the most effective phishing prevention technologies. Further, it allows attackers to easily form data-portfolios on many victims, making collected data substantially more valuable. We consider prescriptive suggestions and countermeasure for this attack. The work on epidemiological modeling is joint work with Hao Hu, Vittoria Colizza and Alex Vespignani. The work on trawler phishing is joint work Sid Stamm.
View all episodes
By CERIAS <[email protected]>
4.1
77 ratings
The widespread adoption of home routers by the general public has added a new target for malware and crimeware authors. A router's ability to manipulate essentially all network traffic coming in to and out of a home, means that malware installed on these devices has the ability to launch powerful Man-In-The-Middle (MITM) attacks, a form of attack that has previously been largely ignored. Making matters worse, many homes have deployed wireless routers which are insecure if the attacker has geographic proximity to the router and can connect to it over its wireless channel. However, some have downplayed this risk by suggesting that attackers will be unwilling to spend the time and resources necessary, nor risk exposure to attack a large number of routers in this fashion. In this talk, we will consider the ability of malware to propagate from wireless router to wireless router over the wireless channel, infecting large urban areas where such routers are deployed relatively densely. We develop an SIR epidemiological model, and use it to simulate the spread of malware over major metropolitan centers in the US. Using hobbyist collected wardriving data from Wigle.net and our model, we show the potential for the infection of tens of thousands of routers in short periods of time is quite feasible. We consider simple prescriptive suggestions to minimize the likelihood that such attacks are ever performed. Next, we show a simple yet worrisome attacks that can easily and silently be performed from infected routers. We call this attack 'Trawler Phishing'. The attack generalizes a well understood failure of many web-sites to properly implement SSL, and allows attackers to harvest credentials from victims over a period of time, without the need to use spamming techniques or mimicked, but illegitimate web-sites, as in traditional phishing attacks, bypassing the most effective phishing prevention technologies. Further, it allows attackers to easily form data-portfolios on many victims, making collected data substantially more valuable. We consider prescriptive suggestions and countermeasure for this attack. The work on epidemiological modeling is joint work with Hao Hu, Vittoria Colizza and Alex Vespignani. The work on trawler phishing is joint work Sid Stamm.