CIS Help Desk
Telephone: (401) 863-4357
help@brown.edu

Computing & Information Services - Administrative Offices
Office Locations
Brown University
Box 1885
Providence, RI 02912
Telephone: (401) 863-7247
Fax:(401) 863-7329
CIS_Reception@brown.edu

Secure IT! logo

Focus on Mobile Security: Viral wireless networks (SSIDs)

ISG reminds you to securely configure your laptop to protect it from threats like “viral SSIDs”: ad-hoc wireless networks that sneak onto your laptop in the guise of “Free Public WiFi”.

While many laptops come pre-configured to make it easier to connect wirelessly, this feature can have the unintended consequence of allowing an expanding series of “viral SSIDs” onto your computer without your knowledge. Once a hacker discovers a computer with the vulnerability that permits multiple machines to connect to it, your laptop is pegged as poorly secured and a prime target. The hacker can then attempt to exploit this vulnerability to gain access to your computer. Worst case scenario? An attacker or group of attackers could use this to create a massive wireless botnet.

The viral nature of this growing phenomenon is the way Windows and some other wireless configuration software was designed. The original intent was to make connecting to the WiFi network easier or even seamless. Unfortunately, it can now make you more vulnerable as it opens up an avenue of opportunity for a hacker who probes wireless networks.

How does this happen? Simple for Windows users. Once you click on a fake SSID, Windows automatically adds that SSID to its preferred networks and begins broadcasting it to other users, who connect and are then “infected” as well.

What can you do to protect yourself?

Never click on an ad-hoc network — the icon with the two laptops — when looking for a WiFi hot spot.
Use a VPN connection when using a public hot spot.
Disable any attempts to auto-connect to available networks (this behavior is default in Windows Vista).
Use the “Infrastructure Networks Only” setting.
Delete unrecognized entries in your Preferred Network List (PNL).
Delete any fake SSIDs from your PNL to stop propagating this exploit and to avoid being attacked by someone who knows about the exploit.

For more information about “viral SSIDs” (Server Set Identifiers) , see the following articles:
» http://blogs.techrepublic.com.com/hiner/?p=602
» http://www.airtightnetworks.com/home/resources/knowledge-center/viral-ssid.html
» https://edge.arubanetworks.com/article/how-wifi-ad-hoc-networks-are-zombies-or-free-public-wifi-phenomenon-part-2

If you suspect that you may have become infected, contact the Help Desk at 3-HELP or help@brown.edu.

January 2009 Edition

Contact us at isg@brown.edu