The Unreasonable Man
Security Quotables

Zombies at Starbucks

Don Park

Another excellent piece of thinking from Don Park.

This particularly ghoulish scene from the movie Security Scenarios from Hell has three actors: WiFi, Zombies, and Spyware.

The perils of WiFi are well known and well publicized. WiFi is now commonly available which means those perils are now common as well.

Zombies are also well publicized. Typically, they are poorly protected servers or home PCs with broadbands which are hijacked by hackers, supposedly even traded like Yu-Ki-Oh cards in the hacker community, and used to increase scalability to their attacks and to reduce likelyness of capture.

Spyware is software running on desktops that monitors user activities and report back to it's master. Most of them are just privacy violators, some are used for more sinister purpose and are called trojans. Earthlink recently claimed that PCs had, on the average, 28 spyware installed. While I think the claim is over-hyped to fit their agenda, spyware is nonetheless common place and it's not difficult to place one on anyone's compure. If your PC is more than six months old, chances are that there were plenty of opportunities for hackers to seed it with spyware.

So here is the scene: imagine a new class of spyware that monitors wireless network packets using code from these open source wiretapping tools. AirSnort and one of the ARP poisoning packages should be enough. Now imagine this spyware being delivered to laptops with WiFi cards that supports features AirSnort needs. The laptop just became a new kind of zombie, which I call wireless zombie, that only wakes up when the WiFi card is used.

All that is missing from the scene is the stage: a WiFi hotspot like Starbucks. The laptop owner sits in a corner and access the Net through the WiFi, it could even be someone like me writing this very blog post. The spyware wakes up and starts monitoring the wireless traffic looking for passwords and credit card numbers. If very strong encryption is used, wireless zombies can form a global grid and split up the work of cracking encryption keys. Once a month, the zombies reports back to their master via USENET posts.

This Zombies at Starbucks scenario is particularly nasty because the potential number of compromises is just staggering. Maybe the FCC will have to dictate higher level of standards and send out a warning that helps WiFi users detect wireless zombies by the unusual fan activities triggered by the zombie grid working overtime.

Follow me on Twitter: @IanYorston