This is no different than a bunch of tin foiled idiots saying it's possible that sometime this year an evil force will rain down herpes on all of us unless we submit to the new god McButtNutt.
The only possible good this article did is to get the ignorant (I mean that nicely, not derogatorily) to be motivated to become educated.
This is so ludicrous, I have decided to tear it apart in order of importance:
1) It requires actual access to the routers administration interface. This is, for the most part, HTTP and cannot be accomplished by telnet, etc. Sometimes that cannot happen over the WLAN at all. There are devices that ship that way by default. The WLAN is NOT to be confused with the WAN either. You may be able to access it over the internet, but not from a wireless AP client of the AP itself running on the router. I do know there are PLENTY of standalone AP's that allow administrative access from a wireless AP client. Many times I have accessed an AP from the other side of a wireless bridge and modified some of its settings. Standalone APs are RARE. They almost don't even sell them anymore in retail outlets. You have to special order them or get them on the internet. Considering how rarely they are used, and by who they are used, I would say standalone APs are generally configured by more sophisticated people that configure them better.
2) Assuming, that there was a device that allowed administrative access to it through the WLAN by default, it would still require the password. Sure there are plenty of unprotected routers on default settings. Not a problem. However, just how close are these unprotected nodes to each other? Do they really form a contiguous wireless chain? 36% being brute forced, is not the same as a default password. That percentage is even less according to that statistic. It would take a fair amount of time to brute force a wireless router. If it took you 48 hours to brute force a SINGLE node to use it to extend your reach and brute force other nodes, it would take a unreasonable amount of time to compromise 20,000 networks. I think they would have Wireless-Z 802.11ZZZZAE by that time. I have been at many clients, family, and friends houses and helped them with their routers and/or experienced what wireless APs were in service in RANGE. From my own experience, it is actually below 50% unprotected routers. Meaning, less than 50% of the locations had unprotected routers in the first place. Where I live right now, there are about 15 APs in range and NONE of them are unprotected. That would lead me to believe that a contiguous coverage "bubble" may not actually exist in the FIRST PLACE.
3) Assuming a wealth of customized attack firmwares available, it would still disrupt service. Statistically, SOMEONE is going to notice. They may not understand what is going on, but they very well could do the ol' power cycle trick. That would most likely brick the device and thereby solve the problem. New router, or RMA'd router with newer firmware that may have stronger security settings by default. Maybe not a strong point, but a valid observation. A single person would probably not connect the dots and conclude a conspiracy, but just something to consider. The need for a large amount of customized attack firmwares is very important though, more on that later.
4) Assuming that you did indeed compromise a network of 20,000 wireless routers forming one hugely connected contigious bubble of coverage in a city. What NOW? Internet Access? You already had that. They were unprotected. Run a whole P2P network using all of that bandwidth to receive or send more porn? How? You would need compromised machines on each one of those networks since the router itself cannot store any amount of data. Compromise the machines on those networks for some nefarious purpose? Great. A whole other futile project. You can get machines bot netted or otherwise controlled in different methods far easier than that. Maybe I am lacking in vision, but anything destructive would most likely prompt the creation of 20,000 wireless networks with a higher percentage being better secured. Diminished Returns to be sure, that 5th wave is going bear far less fruit.
Don't underestimate how hard it would be to program literally a couple hundred attack firmwares. It would be insanely difficult and require government sanctioned resources to create and maintain something like that. Maybe China could pull that off, but not this week or next month or next year. Hell, the manufacturers have the resources and their firmware can SUCK :)
Unless you could have enough firmwares to ensure a reasonable ability to chain from one router to the next, your little worm is going to stop dead in its tracks. The more firmwares, the higher success rate, and therefore greater coverage area of the infected routers which leads to the possibility of even more victims. Some people have posted that the worm would have to store all possible firmwares. That is not true. There are plenty of Malware delivery vehicles that rely on so called dark websites to host the payloads. This could operate just the same. An infected router could analyze a brute force router and select the appropriate firmware and attack protocols to download from a location on the internet.
Even STILL, who is actually going to create the attack code in the first place? Those morons even pointed out that it does not exist. A HUGE task to undertake. Why not take those very talented resources and work for Linksys, and the others to help them out with their even shittier firmwares they already have. Probably make more money. I know its possible to create something like this, but the immense and overwhelming nature of it makes it so improbable. There is a better chance I'll wake up with Ron Jeremy's penis tomorrow... and the chance to stick it where he has.
I guess we should be grateful though, many Bothans probably died to bring us THAT information
I think I may have forgot the most important point of ALL.
Last time I checked, you could not make a backup of the existing firmware. Not every router allows you to make backups of the settings either.
This means that current settings could only be obtained by inspection through the web interface. If it had to brute force a password, then it stands to reason that other settings were modified as well. I have a hard time believing that the administrative password was changed from the default, and encryption/authentication was NOT enabled on the wireless router as well. That means the attack firmwares may actually have to store intercepted packets in memory and break the wireless encryption. I seriously wonder if those wireless routers have enough processing power and/or memory to perform such attacks in the first place.
If the worm does not copy those settings back, then any resultant disruption of services due to the missing settings will alert the owner to check on the device. If they call tech support, the first thing they ask is what the current firmware revision is and they may direct the owner to update the firmware to correct the error.
If the local subnet was changed from default, the owner will notice that right away too. If they type in 192.168.x.1 and don't get the page they were expecting, then regardless of their level of experience, they are going to investigate.
Too many problems with this whole Wi-Fi firmware "virus" to begin with. I could spend the whole day coming up reasons that its bullshit.
Following the commercial success (and technical disappointment) of the original Wildfire -- which featured a miserly 528MHz CPU and QVGA display -- HTC has returned with the Wildfire S.
The most commented posts on Engadget over the past 24 hours.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Total Fucking Idiots.
This is no different than a bunch of tin foiled idiots saying it's possible that sometime this year an evil force will rain down herpes on all of us unless we submit to the new god McButtNutt.
The only possible good this article did is to get the ignorant (I mean that nicely, not derogatorily) to be motivated to become educated.
This is so ludicrous, I have decided to tear it apart in order of importance:
1) It requires actual access to the routers administration interface. This is, for the most part, HTTP and cannot be accomplished by telnet, etc. Sometimes that cannot happen over the WLAN at all. There are devices that ship that way by default. The WLAN is NOT to be confused with the WAN either. You may be able to access it over the internet, but not from a wireless AP client of the AP itself running on the router. I do know there are PLENTY of standalone AP's that allow administrative access from a wireless AP client. Many times I have accessed an AP from the other side of a wireless bridge and modified some of its settings. Standalone APs are RARE. They almost don't even sell them anymore in retail outlets. You have to special order them or get them on the internet. Considering how rarely they are used, and by who they are used, I would say standalone APs are generally configured by more sophisticated people that configure them better.
2) Assuming, that there was a device that allowed administrative access to it through the WLAN by default, it would still require the password. Sure there are plenty of unprotected routers on default settings. Not a problem. However, just how close are these unprotected nodes to each other? Do they really form a contiguous wireless chain? 36% being brute forced, is not the same as a default password. That percentage is even less according to that statistic. It would take a fair amount of time to brute force a wireless router. If it took you 48 hours to brute force a SINGLE node to use it to extend your reach and brute force other nodes, it would take a unreasonable amount of time to compromise 20,000 networks. I think they would have Wireless-Z 802.11ZZZZAE by that time. I have been at many clients, family, and friends houses and helped them with their routers and/or experienced what wireless APs were in service in RANGE. From my own experience, it is actually below 50% unprotected routers. Meaning, less than 50% of the locations had unprotected routers in the first place. Where I live right now, there are about 15 APs in range and NONE of them are unprotected. That would lead me to believe that a contiguous coverage "bubble" may not actually exist in the FIRST PLACE.
3) Assuming a wealth of customized attack firmwares available, it would still disrupt service. Statistically, SOMEONE is going to notice. They may not understand what is going on, but they very well could do the ol' power cycle trick. That would most likely brick the device and thereby solve the problem. New router, or RMA'd router with newer firmware that may have stronger security settings by default. Maybe not a strong point, but a valid observation. A single person would probably not connect the dots and conclude a conspiracy, but just something to consider. The need for a large amount of customized attack firmwares is very important though, more on that later.
4) Assuming that you did indeed compromise a network of 20,000 wireless routers forming one hugely connected contigious bubble of coverage in a city. What NOW? Internet Access? You already had that. They were unprotected. Run a whole P2P network using all of that bandwidth to receive or send more porn? How? You would need compromised machines on each one of those networks since the router itself cannot store any amount of data. Compromise the machines on those networks for some nefarious purpose? Great. A whole other futile project. You can get machines bot netted or otherwise controlled in different methods far easier than that. Maybe I am lacking in vision, but anything destructive would most likely prompt the creation of 20,000 wireless networks with a higher percentage being better secured. Diminished Returns to be sure, that 5th wave is going bear far less fruit.
Don't underestimate how hard it would be to program literally a couple hundred attack firmwares. It would be insanely difficult and require government sanctioned resources to create and maintain something like that. Maybe China could pull that off, but not this week or next month or next year. Hell, the manufacturers have the resources and their firmware can SUCK :)
Unless you could have enough firmwares to ensure a reasonable ability to chain from one router to the next, your little worm is going to stop dead in its tracks. The more firmwares, the higher success rate, and therefore greater coverage area of the infected routers which leads to the possibility of even more victims. Some people have posted that the worm would have to store all possible firmwares. That is not true. There are plenty of Malware delivery vehicles that rely on so called dark websites to host the payloads. This could operate just the same. An infected router could analyze a brute force router and select the appropriate firmware and attack protocols to download from a location on the internet.
Even STILL, who is actually going to create the attack code in the first place? Those morons even pointed out that it does not exist. A HUGE task to undertake. Why not take those very talented resources and work for Linksys, and the others to help them out with their even shittier firmwares they already have. Probably make more money. I know its possible to create something like this, but the immense and overwhelming nature of it makes it so improbable. There is a better chance I'll wake up with Ron Jeremy's penis tomorrow... and the chance to stick it where he has.
I guess we should be grateful though, many Bothans probably died to bring us THAT information
I think I may have forgot the most important point of ALL.
Last time I checked, you could not make a backup of the existing firmware. Not every router allows you to make backups of the settings either.
This means that current settings could only be obtained by inspection through the web interface. If it had to brute force a password, then it stands to reason that other settings were modified as well. I have a hard time believing that the administrative password was changed from the default, and encryption/authentication was NOT enabled on the wireless router as well. That means the attack firmwares may actually have to store intercepted packets in memory and break the wireless encryption. I seriously wonder if those wireless routers have enough processing power and/or memory to perform such attacks in the first place.
If the worm does not copy those settings back, then any resultant disruption of services due to the missing settings will alert the owner to check on the device. If they call tech support, the first thing they ask is what the current firmware revision is and they may direct the owner to update the firmware to correct the error.
If the local subnet was changed from default, the owner will notice that right away too. If they type in 192.168.x.1 and don't get the page they were expecting, then regardless of their level of experience, they are going to investigate.
Too many problems with this whole Wi-Fi firmware "virus" to begin with. I could spend the whole day coming up reasons that its bullshit.