A group of researches from the University of Indiana have come up with a theory in which it appears that our wi-fi routers could be turned against us to launch massive attacks against our computer systems. They also note in their report that wireless routers should not use a default password and that a strong alternative should be used instead. Even though WEP has many flaws, the researches stated that even WEP is better than no encryption at all.

In densely populated urban areas WiFi routers form a tightly interconnected proximity network that can be exploited as a substrate for the spreading of malware able to launch massive fraudulent attack and affect entire urban areas WiFi networks. In this paper we consider several scenarios for the deployment of malware that spreads solely over the
wireless channel of major urban areas in the US. We develop an epidemiological model that takes into consideration prevalent security flaws on these routers. The spread of such a contagion is simulated on real-world data for geo-referenced wireless routers. We uncover a major weakness of WiFi networks in that most of the simulated scenarios show tens of thousands of routers infected in as little time as two weeks, with the majority of the infections occurring in the first 24 to 48 hours. We indicate possible containment and prevention measure to limit the eventual harm of such an attack.

On Monday my wife was trying to print a document from here wireless laptop to our network printer to no avail. After doing some checking her system had some how connected to our neighbors unsecured router that uses the default Linsky address.
Comments welcome.

Complete report in .pdf format is here.

[tags]royter, attack, unsecured, malware, viruses, report, [/tags]