Sometimes I dislike how media deals with security news, always looking for the next scoop. Take the buzz around “WiFi Epidemiology: Can Your Neighbors’ Router Make Yours Sick?” paper, by Indiana University researchers. Excerpt from Network World article:
Although the researchers did not develop any attack code that would be used to carry out this infection, they believe it would be possible to write code that guessed default passwords by first entering the default administrative passwords that shipped with the router, and then by trying a list of one million commonly used passwords, one after the other. They believe that 36% of passwords can be guessed using this technique.
I think this is a dejavu. I remember Renderman (Church of Wifi) suggested a similar scenario in his talk “New Wireless Fun From the Church Of WiFi“. At DEFCON 14 (2006). Including the usage of third-party-firmware.
The guys over at Indiana University didn’t develop any exploit for that, so I think I can develop all this theory a little bit. For good.
What about a Wi-Fi healer instead of a attack, a World Wide WEP Wipe (WWWW) or something like that? A wardriving device which breaks into WEP WAPs and “heals” it with WPA-PSK / WPA2-PSK using a database of known administration interface URL (for popular models, for most firmware versions). Maybe it would not be necessary to even change the WEP key since breaking WEP is a matter of resouces and time and breaking WPA-PSK is a matter of luck (bad, easy guessable keys + cowpatty “classic”, cowpatty with lookup tables, aircrack-ng). Some users wouldn’t even notice the new security scheme once you keep the same key