JUST 24 hours. That鈥檚 how long it would take a computer virus to infect half the wireless internet connections in New York.
Wireless routers are vulnerable to a potentially devastating form of cybercrime because they, like computers, have memories and are programmable. They are also now so commonplace that in crowded cities the ranges of neighbouring devices often overlap. A previous study by of Indiana University in Bloomington, and colleagues, showed that a virus planted on just one router could hop from device to device until it had infected large swathes of a city.
Now the team has analysed this vulnerability in detail. Using modelling techniques developed to study infectious diseases, they found that the spread of a virus would be largely contained if 60 to 70 per cent of routers used some form of encryption. But none of the US cities they looked at had that level of protection: in the best-protected city, San Francisco, only 40 per cent of routers were encrypted.
Advertisement
The consequences could be dramatic. In San Francisco, Hu estimates that more than one-tenth of the unencrypted routers would be infected after two weeks. Even worse, in New York, where only 26 per cent of routers use encryption, 45 per cent of the city鈥檚 unencrypted routers would be infected within a day of a virus appearing (Proceedings of the National Academy of Sciences, ). In Chicago, 25 per cent of unencrypted routers would be infected within two days (see diagram).
鈥淚n New York, 45 per cent of the city鈥檚 unencrypted routers would be infected within a day鈥
Finding a device on which to start the infection is likely to be easy as many users do not change the default password installed on their router at the factory. What鈥檚 more, one form of encryption used by many routers, known as Wired Equivalent Privacy (WEP), can be broken by tracking the signals sent to and from the device.
Infected routers could be used to steal bank account details and passwords. Hu advises people to change their passwords, and says manufacturers should ditch the WEP system in favour of safer encryption methods.