Tuesday, 19 June 2007

Are WiFi BotNets Possible?

Following from my blog about unsecured Home WiFi networks and just how widespread they are in "home user" land. I have been wondering whether it might be possible to create a kind of "WiFi BotNet".

Let’s say the attacker setup in a metropolitan area, constructed an antenna to boost the WiFi range of their device, allowing the attacker to scan and connect to any unsecured or low security WiFi networks over a significant range. Going from my own experience, there should be plenty of unsecured WiFi access points within a metro area. From this point I have two theories.

One trick could be to try and connect to several WiFi networks at the same time and create a kind of mini BotNet, perhaps by the attacker fashioning a network access point, this could provide major bandwidth and anonymity for the attacker. I need to investigate this theory further.

Or the other way, which I think could be easily possible, is to automate connecting to each unsecured WiFi network in turn, do bad stuff while connected, like send out Spam, then disconnect and move onto the next scanned unsecured WiFi access point. Again it would be almost impossible to trace back the attacker.

1 comment:

ibneko said...

Hmmm. Several WiFi networks at a time would be kinda difficult, I imagine. One would have to specially configure software to talk to each network at the same time or... something. And as of yet, I've not know of easy ways to combine multiple connections to increase my overall file-transfer speeds - P2Ps usually require one single IP, unless you have a homebrew client that can take advantage of such a configuration. Straightforward HTTP/FTP downloads might be helped if the server allows resumes... still, potentially more hassle than it's worth. Maybe a server setup - allowing different points of entry - that would work, but it would require port forwarding on the part of the WiFi network, so the router would have to be completely unconfigured.

Sequentially, it shouldn't be a problem though - perhaps a small script to take care of the network hopping, and you could easily hop from one network to another. But for spam purposes, it'd be inefficient and much more time consuming than the current massive networks of botnets to generate lousy spam... so it seems somewhat unlikely that a spammer might choose this route. Maybe if you wanted to attack a specific target, and needed to hide your trail, this would be a possible route of attack... but in that case, you might as well just go wardriving or something. Or visit your local wireless-enabled coffee shop.