Virus danger from wireless hotspots could leave laptop users open to charges

Public laptop users could end up breaching the Computer Misuse Act if their laptops are used to spread viruses via a wireless botnet

Business laptop users are laying themselves wide open to the threat of wireless botnets hijacking and maliciously using their PC, a security expert has warned.

Ken Munro, managing director of network testing company Securetest, told IT Pro that unwary laptop users are spreading a trail of vulnerability behind them as they work in public places. This is leading, he said, to a new kind of threat for which there could be serious consequences for the whole enterprise.

"This poses a far greater danger to mobile communications than any other type of mobile hijacking, including blu-snarfing," he warned.

"This is because the wot-net (wireless botnet) harnesses together disparate laptops and instructs them to rebroadcast a signal without the knowledge of the user. In effect, this triggers the laptop to pass on the connection like a virus and places the end-user in breach of the Computer Misuse Act."

Munro explained that an attack works when an attacker within the vicinity of a laptop starts an 'ad-hoc' or 'peer-to-peer' wireless network connection.

"Any wireless client in proximity can view this, so in a wireless hotspot area, there's a significant chance a user trying to find the hotspot may inadvertently select this," he said.

"The attacker client device will be in the same class B subnet as the target [169.254.X.X], so he has simply to run a 'pingsweep' and detect the target device before then giving himself a static address in the correct range. The attacker now has a trusted wireless connection to the target. The target device then begins sending out 'probe' packets looking for the attacker's ad-hoc connection, even when out of range."

Munro warned that any other wireless clients in the vicinity of the 'infected' client device can also see the ad-hoc connection being broadcast. Users looking for a hotspot who go through the same process can select the wrong connection and 'infect' themselves with the connection before then broadcasting it too.

"It's amazing how badly prepared a lot of laptop security is," said Munro. "Their anti-virus software wouldn't see the problem. SSL certificates don't help as anyone can serve one."

He said the solution for network managers is fairly simple: "When deploying new laptops, make sure they are configured not to broadcast ad hoc connections. When existing laptops come into the office, do the same. Wireless can be very secure if implemented properly. There's no reason for enterprises to be scared of it."

Wireless botnets are a bona fide threat, says Rob Bamforth, senior analyst with research firm Quocirca.

"This isn't one of those things security companies come up with to scare people," he said.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Most Popular

What should you really be asking about your remote access software?

What should you really be asking about your remote access software?

17 Nov 2021
Microsoft seizes domains used by Chinese hacking group
cyber attacks

Microsoft seizes domains used by Chinese hacking group

7 Dec 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021