Warkitting: the Drive-by Subversion of Wireless Home Routers
Alex Tsow
Indiana University, Bloomington
Monday, October 23, 3:00PM
Lieb 3rd floor conference room
Stevens Institute of Technology
Abstract
In this talk we introduce the notion of warkitting as the drive-by
subversion of wireless home routers through unauthorized access by
mobile WiFi clients. We describe how such attacks can be performed,
evaluate the vulnerability of currently deployed wireless routers
based on experimental data, and examine the impact of these attacks on
Internet fraud. Our analysis shows that it is possible in practice to
carry out warkitting attacks with low cost equipment widely available
today and that the volume of credential theft possible through
warkitting exceeds current estimates of credential theft due to
phishing. We discuss how to detect a warkitting attack in progress
and show how to analyze warkitted routers for evidence linking it to
the attackers.