Virus danger from wireless hotspots could leave laptop users open to charges
Public laptop users could end up breaching the Computer Misuse Act if their laptops are used to spread viruses via a wireless botnet
Business laptop users are laying themselves wide open to the threat of wireless botnets hijacking and maliciously using their PC, a security expert has warned.
Ken Munro, managing director of network testing company Securetest, told IT Pro that unwary laptop users are spreading a trail of vulnerability behind them as they work in public places. This is leading, he said, to a new kind of threat for which there could be serious consequences for the whole enterprise.
"This poses a far greater danger to mobile communications than any other type of mobile hijacking, including blu-snarfing," he warned.
"This is because the wot-net (wireless botnet) harnesses together disparate laptops and instructs them to rebroadcast a signal without the knowledge of the user. In effect, this triggers the laptop to pass on the connection like a virus and places the end-user in breach of the Computer Misuse Act."
Munro explained that an attack works when an attacker within the vicinity of a laptop starts an 'ad-hoc' or 'peer-to-peer' wireless network connection.
"Any wireless client in proximity can view this, so in a wireless hotspot area, there's a significant chance a user trying to find the hotspot may inadvertently select this," he said.
"The attacker client device will be in the same class B subnet as the target [169.254.X.X], so he has simply to run a 'pingsweep' and detect the target device before then giving himself a static address in the correct range. The attacker now has a trusted wireless connection to the target. The target device then begins sending out 'probe' packets looking for the attacker's ad-hoc connection, even when out of range."
Munro warned that any other wireless clients in the vicinity of the 'infected' client device can also see the ad-hoc connection being broadcast. Users looking for a hotspot who go through the same process can select the wrong connection and 'infect' themselves with the connection before then broadcasting it too.
"It's amazing how badly prepared a lot of laptop security is," said Munro. "Their anti-virus software wouldn't see the problem. SSL certificates don't help as anyone can serve one."
He said the solution for network managers is fairly simple: "When deploying new laptops, make sure they are configured not to broadcast ad hoc connections. When existing laptops come into the office, do the same. Wireless can be very secure if implemented properly. There's no reason for enterprises to be scared of it."
Wireless botnets are a bona fide threat, says Rob Bamforth, senior analyst with research firm Quocirca.
"This isn't one of those things security companies come up with to scare people," he said.
Security analytics for your multi-cloud deployments
IBM Security QRadar SIEM solution briefDownload now
Five reasons to move to the cloud
Join the enterprises moving their workloads to the cloudDownload now
Architecting hybrid IT and edge for digital advantage
Why business leaders should consider a hybrid IT strategyDownload now
Six reasons to accelerate remote asset monitoring with AI
How to optimise resources, increase productivity, and grow profit margins with AIDownload now