Saturday, January 27, 2007

Ad-Hoc Virus, part 2

I posted earlier this week about the viral nature of ad-hoc networks, now I see this Computer World story that gets it wrong. According to the article: in-depth survey of the ad hoc networks found at O'Hare, visiting on three different occasions. It found more than 20 ad hoc networks each time, with 80% of them advertising free Wi-Fi access.

As I pointed out in my previous blog post, the problem is that joining an ad-hoc network also means advertising the ad-hoc network. Maybe you are in a bar in downtown San Francisco. You connect to an ad-hoc network called "Free Wi-Fi". You then go to the airport and open your laptop computer. Other people then see that you are advertising "Free Wi-Fi".

The reason there are so many at airports is the same reason people get sick on planes: it's a lot of diverse people from around the world suddenly cramped into a tight space. Indeed, the viral spread of "Free Wi-Fi" is likely to follow the same path as bird-flu once it appears and kills us all.

I've traveled a lot recently and probed every single ad-hoc network I've come accross in airports. Not a single one returned a DHCP address. Indeed, using the ad-hoc features built into PCs is actually harder to carry out MitM attacks setting up real access points, such as with monowall on a linux notebook or bringing along a WRT54G. Thus, Computer World gets it completely wrong: it tells you to distrust ad-hoc networks in airports, but in fact it's the access-points you see that are likely more of a threat.

This is destined to go down to one of the wrong pieces of cyber-security advice like "don't trust e-mail from strangers" that isn't true, but hits all the right prejudice that everyone repeats it anyway.

No comments: