The increasing use of wireless technology and particularly wifi is likely to soon attract the attention of attackers, as attackers evolve and explore ways to exploit new technology to their advantage. This paper discusses a range of "modern" threats specifically tailored to metro-area wireless networks: wildfire worms that spread topologically due to infected hosts being able to carry the worm from one wireless LAN to another; large-scale wireless spoofing attacks that can be highly effective for phishing and spam campaigns; and malicious Tracknets that profile and track the whereabouts of wifi users. Such threats are greatly amplified by the increasingly dense deployment of wifi Access Points, and by the limited use of wireless security mechanisms such as 802.11i. Our results suggest that the density of large metropolitan areas has a profound impact on the severity of the threat.
Some specific contributions of this work include the modeling of fast, proximity-based worm propagation in metropolitan areas using real data from wardriving maps, wifi worm propagation using browser vulnerabilities, retrofitting of reactive mechanisms for wireless worm detection, spoofing defenses that are easy to implement, discussion of the whisper attack and defenses, and using RSS feeds to track users.
Our primary intention with this study is to raise awareness on the threats of wireless networks, specifically in densely populated areas, and to explore possible countermeasures. Much of the problem lies in the limited use of 802.11i. The wider deployment of 802.11i would reduce the risks significantly, but it would not completely eliminate them. More specifically, it would counter several instances of the spoofing threat; but it would only slow down, rather than mitigate wildfire worms; and it would not by itself eliminate the Tracknet threat, as MAC addresses remain unencrypted in 802.11i and other means of profiling may be possible.
Perhaps one of the main reasons behind the limited adoption of 802.11i is poor usability, as it involves configuration, and, once again, burdening users with yet another set of passwords or keys. Wider adoption requires convincing users that the extra trouble is worth it, by raising awareness on the risks of keeping wireless LANs open and unencrypted. We hope that our study contributes to this cause.
Improving usability of wireless security standards, if feasible, is another path to improving adoption, but until such adoption is achieved and to counter the remaining threats, we have also suggested a variety of countermeasures, which we have implemented and evaluated experimentally. Users may want to guard themselves against threats such as those described here, without having to take the cost of closing down their network using 802.11i or WEP.