Skynet is coming.

[rjaypeters]

No, but neither are babies.

These are first- or second-generation efforts at bio-mimicry of the aeronautical sort. The later generations may end up indistinguishable from their biological antecedents, at least from a distance.

Ubiquitous surveillance, anyone? Imagine the possibilities! Drug wars won on the demand side, heck, even the supply side. Criminals with their own clouds of "dragonflies" keeping tabs on their every movement. Oh, don't do anything Big Brother doesn't want because the evidence will be there plain as day.

[ladajo]

No, but neither are babies.

I think we are a ways off for unobstrusive true micro-scale that can handle anything but indoors in flight. My only point was an observation on how big (and noisy) it is.

All good.

[hanelyp]

Hmmm..... Time to engineer some electric pest control? High voltage strips to zap creepy crawlers. Ion curtains or electrified "bead curtains" for flying bugs?

(Yes, it would work for real insect also.)

[ladajo]

Or an automated laser to track and blast small critters.


Oh wait, they already have that...

http://www.youtube.com/watch?v=fwyMuwNYKvI

[hanelyp]

Scientists demonstrate first contagious airborne WiFi virus

Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans.
...
“Chameleon” was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. ...

http://scienceblog.com/70678/scientists ... ifi-virus/

Is this the security disaster it appears on the surface, or poor reporting that leaves out an important detail like a mono-culture of routers?

[JohnFul]

Small linux based appliances like Linksys or NetGear WiFi APs depend on security through obscurity. Security holes in virtually every major lLnux distribution are not only well know, but a mile wide. BTW, that little Linksys or NetGear AP isn't running any Antivirus...

[JoeP]

Scientists demonstrate first contagious airborne WiFi virus

Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans.
...
“Chameleon” was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. ...

http://scienceblog.com/70678/scientists ... ifi-virus/

Is this the security disaster it appears on the surface, or poor reporting that leaves out an important detail like a mono-culture of routers?

The important detail is that nearly half of all WiFi networks are wide open. The other detail is that the router's have to be a certain type. So this simulation isn't really the huge problem is appears to be and isn't much in the way of new. They just infect a particular router instead of a machine on the WiFi LANs. The problem is already well known. People generally have lousy WiFi security.

I'm more concerned about the WPS security hole. I don't think that will ever be fixed. So anyone using it and cares about security should deactivate it.

[ladajo]

I was more curious as to how the virus embeds without the AP operator noticing. It would seem to require a firmware update of somesort. And that is not a mouseclick per-say.
The transport layer for public architecture has always been weak. If you can get in the middle ahead of time, you own anything passed on it. It it not like military systems where encryption is end point pre-entry and post exit to the transport layer, and even in multiple layers sometimes. If you get the PKI Key negotiation you own the data.

I have sometimes wondered if PKI was an elaborate construct to give a false sense of security to the general network.
Kind of like Bitcoin. I bet the mystery man behind it is stupid rich at this point with his skimming.

[JoeP]

Well, sounds like you are interested in how they implemented the virus.

Firmware update probably isn't necessary. Once the router has been compromised somehow (e.g. buffer overflows to execute something that grants root level access to some new code), further injection may also be performed by zapping memory directly or downloading more evil code and executing.

As JohnFul pointed out, there usually isn't any anti-virus code running on these kind of systems, so it may go undetected. So long as the router isn't reset/rebooted, the malicious code will persist. So perhaps some kind of security software may be required if this kind of stuff gets into the wild.

All of this is pretty SOP for malware technique.

[ladajo]

I was thinking that any code running on a router is a function of the firmware. Even your settings are typically flashed.
I am just unclear as to how new code could be introduced to run on the router without a flash and restart.
Granted I am thinking specifically to wifi routers at this point, not other things like server operated access points, etc.

[paperburn1]

“All routers need to be model AP345.”
So far it seem to be a machine exploited hack, but It now just a matter of time I would guess before it blooms.
I mean there are programs out their that you can gansta wireless for your laptop, tablet and now my cell phone. So a virus no big stretch of the imagination.

[hanelyp]

A successful buffer overflow exploit can run arbitrary code. But such exploits are specific to the software, even to the point that changing compiler parameters or a couple lines of source code can change the details of what is needed for the exploit to work right. The buffer overflow needs to get a bit of data in just the right place to overwrite a select piece of code.

[JoeP]

I was thinking that any code running on a router is a function of the firmware. Even your settings are typically flashed.
I am just unclear as to how new code could be introduced to run on the router without a flash and restart.
Granted I am thinking specifically to wifi routers at this point, not other things like server operated access points, etc.

Some (or all) of the executable code stored in firmware is loaded into RAM before eligible for execution. So the code in the firmware is the non-volatile copy of the code, but the actual execution is on a shadow copy in RAM.

A buffer overflow (e.g. sending a unconventional string containing some executable machine code for the architecture of the router is piggy backed on some other normal response, such as a userid or password, icmp packet,..,or other variable the router would always interact with) may inject code into an area of ram reserved for execution. If the processor eventually branches to that address, the malware code is executed. This could contain code to, say, open a tcpip connection to some other infected machine, and download additional malware, or let another entity log in as root and do whatever.

The bad code that was injected persists until the router is rebooted and the code in ram is refreshed from the pristine copy in the firmware. Note that a flash could also be initiated by malware tomake the virus encoded in nvram as well; but this is not necessary for the initial infection. Also, routers typically are not rebooted for days on end.

The hard part is finding the exploit. But the rest of the above tactic is pretty conventional.

Note that I do not, nor have ever, written malware. But as a software developer, I have to make sure my interfaces are as secure as possible against these kind of tactics as part of my business responsibilities. Thus I am well familiar with how this works in many schemes.

[ladajo]

I had forgotten about the Shadow RAM float. It has been a while since I dealt with stuff like that. I should not have forgotten though. I guess in my defense I am failry busy at work these days and that has most of my attention. Still, JV mistake on my part, especially given my past experience. I guess we all get old.

Still though, I would think it would be hard to pull an overflow across an aggregate wifi population of diverse routers. You would need to build and test against each router type as well as each firmware variant that might be in circulation.

Router flavors are like people, diverse is an understatement.

[JoeP]

. . . I would think it would be hard to pull an overflow across an aggregate wifi population of diverse routers. You would need to build and test against each router type as well as each firmware variant that might be in circulation.

Router flavors are like people, diverse is an understatement.

My opinion also -- which is why I think the article was a bit overblown, although it is something that probably should be addressed. Still, there are bigger security things that need fixing first, like WPS hackability. And since like 40% (or more?) routers are wide open, many with default admin accounts and passwords, there isn't much incentive for the bad guys to do harder stuff