TY - JOUR
T1 - Malnets
T2 - Large-scale malicious networks via compromised wireless access points
AU - Traynor, Patrick
AU - Butler, Kevin
AU - Enck, William
AU - McDaniel, Patrick
AU - Borders, Kevin
PY - 2010
Y1 - 2010
N2 - Densely populated areas are increasingly filled with vulnerable wireless routers set up by unsophisticated users. In isolation, such routers appear to represent only a minor threat, but in aggregate, the threat can be much greater. We introduce the notion of malnets: networks of adversary-controlled wireless routers targeted to a physical geography. Similar to Internet worms such as Slammer and Code-Red, malnets are created by the recursive compromise of targeted devices. However, unlike their traditionally wired counterparts, malnet worms exploit only other routers that are within their transmission range. The malnet thus creates a parallel wireless infrastructure that is (a) completely under control of the adversary, and (b) spans a targeted physical area, creating a valuable infrastructure for a variety of virtual and physical attacks. We initially study the propagation characteristics of commercial routers and model inter-router connectivity using publicly available war-driving data. The resulting characterization is applied to well-known epidemiological models to explore the success rates and speeds of malnet creation across cities such as New York, Atlanta, and Los Angles. Finally, we use a sampling of available exploits to demonstrate the construction of multi-vector, multi-platform worms capable of targeting wireless routers. Our analysis show that an adversary can potentially deploy a malnet of over 24000 routers in Manhattan in less than 2h. Through this work we show that malnets are not only feasible but can be efficiently deployed.
AB - Densely populated areas are increasingly filled with vulnerable wireless routers set up by unsophisticated users. In isolation, such routers appear to represent only a minor threat, but in aggregate, the threat can be much greater. We introduce the notion of malnets: networks of adversary-controlled wireless routers targeted to a physical geography. Similar to Internet worms such as Slammer and Code-Red, malnets are created by the recursive compromise of targeted devices. However, unlike their traditionally wired counterparts, malnet worms exploit only other routers that are within their transmission range. The malnet thus creates a parallel wireless infrastructure that is (a) completely under control of the adversary, and (b) spans a targeted physical area, creating a valuable infrastructure for a variety of virtual and physical attacks. We initially study the propagation characteristics of commercial routers and model inter-router connectivity using publicly available war-driving data. The resulting characterization is applied to well-known epidemiological models to explore the success rates and speeds of malnet creation across cities such as New York, Atlanta, and Los Angles. Finally, we use a sampling of available exploits to demonstrate the construction of multi-vector, multi-platform worms capable of targeting wireless routers. Our analysis show that an adversary can potentially deploy a malnet of over 24000 routers in Manhattan in less than 2h. Through this work we show that malnets are not only feasible but can be efficiently deployed.
UR - http://www.scopus.com/inward/record.url?scp=77950217678&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77950217678&partnerID=8YFLogxK
U2 - 10.1002/sec.149
DO - 10.1002/sec.149
M3 - Article
AN - SCOPUS:77950217678
SN - 1939-0114
VL - 3
SP - 102
EP - 113
JO - Security and Communication Networks
JF - Security and Communication Networks
IS - 2-3
ER -