Proximity Breeds Danger: Emerging Threats in Metro-area Wireless Networks

The growing popularity of wireless networks and mobile devices is starting to attract unwanted attention especially as potential targets for malicious activities reach critical mass. In this study, we try to quantify the threat from large-scale distributed attacks on wireless networks, and, more specifically, wifi networks in densely populated metropolitan areas. We focus on three likely attack scenarios: "wildfire" worms that can spread contagiously over and across wireless LANs, coordinated citywide phishing campaigns based on wireless spoofing, and rogue systems for compromising location privacy in a coordinated fashion. The first attack illustrates how dense wifi deployment may provide opportunities for attackers who want to quickly compromise large numbers of machines. The last two attacks illustrate how botnets can amplify wifi vulnerabilities, and how botnet power is amplified by wireless connectivity. To quantify these threats, we rely on real-world data extracted from wifi maps of large metropolitan areas in the States and Singapore. Our results suggest that a carefully crafted wireless worm can infect up to 80% of all wifi connected hosts in some metropolitan areas within 20 minutes, and that an attacker can launch phishing attacks or build a tracking system to monitor the location of 10-50% of wireless users in these metropolitan areas with just 1,000 zombies under his control.

[1]  Zhao Jun Distributed Intrusion Detection System , 2006 .

[2]  Farnam Jahanian,et al.  The Internet Motion Sensor - A Distributed Blackhole Monitoring System , 2005, NDSS.

[3]  Lorrie Faith Cranor,et al.  Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine , 2004, Privacy Enhancing Technologies.

[4]  Stefan Savage,et al.  The Spread of the Sapphire/Slammer Worm , 2003 .

[5]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[6]  Mark Handley,et al.  The final nail in WEP's coffin , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[7]  Robert Beverly,et al.  The spoofer project: inferring the extent of source address filtering on the internet , 2005 .

[8]  Markus Jakobsson,et al.  Drive-By Pharming , 2007, ICICS.

[9]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[10]  Stefan Saroiu,et al.  A preliminary investigation of worm infections in a bluetooth environment , 2006, WORM '06.

[11]  Helen J. Wang,et al.  A Framework for Location Privacy in Wireless Networks , 2005 .

[12]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[13]  Ling Liu,et al.  Location Privacy in Mobile Systems: A Personalized Anonymization Model , 2005, 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05).

[14]  David Kotz,et al.  Extracting a Mobility Model from Real User Traces , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[15]  William A. Arbaugh,et al.  Your 80211 wireless network has no clothes , 2002, IEEE Wirel. Commun..

[16]  Tadayoshi Kohno,et al.  Devices That Tell On You: The Nike+iPod Sport Kit , 2006 .

[17]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[18]  Charles U. Martel,et al.  Analyzing Kleinberg's (and other) small-world Models , 2004, PODC '04.

[19]  Vern Paxson,et al.  The top speed of flash worms , 2004, WORM '04.

[20]  Wei-jen Hsu,et al.  On Modeling User Associations in Wireless LAN Traces on University Campuses , 2006, 2006 4th International Symposium on Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks.

[21]  Marco Gruteser,et al.  Enhancing Location Privacy in Wireless LAN Through Disposable Interface Identifiers: A Quantitative Analysis , 2003, WMASH '03.

[22]  Markus Jakobsson,et al.  Warkitting: The Drive-by Subversion of Wireless Home Routers , 2006, J. Digit. Forensic Pract..

[23]  Neal Leavitt,et al.  Mobile phones: the next frontier for hackers? , 2005, Computer.

[24]  Nam C. Phamdo,et al.  Requirements on worm mitigation technologies in MANETS , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[25]  Tristan Henderson,et al.  The changing usage of a mature campus-wide wireless network , 2004, MobiCom '04.

[26]  Brian D. Noble,et al.  Modeling epidemic spreading in mobile environments , 2005, WiSe '05.

[27]  Herbert Bos,et al.  Argos: an emulator for fingerprinting zero-day attacks for advertised honeypots with automatic signature generation , 2006, EuroSys.

[28]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[29]  Tristan Henderson,et al.  Analysis of a Wi-Fi hotspot network , 2005, WiTMeMo '05.

[30]  Raheem A. Beyah,et al.  The case for collaborative distributed wireless intrusion detection systems , 2006, 2006 IEEE International Conference on Granular Computing.

[31]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[32]  Sharon L. Milgram,et al.  The Small World Problem , 1967 .

[33]  P. Reiher,et al.  Mobile contagion: simulation of infection & defense , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[34]  William A. Arbaugh,et al.  YOUR 802.11 WIRELESS NETWORK HAS NO CLOTHES , 2001 .