If malefactor were to aim unlocked wireless routers , they could make an attack that could piggyback across thousands of Wi - Fi meshing in urban areas like Chicago or New York City , allot to researcher at Indiana University .

The researchers estimate that a Wi - Fi flak could take over 20,000 wireless routers in New York City within a two - week period , with most of the contagion occurring within the first solar day .

“ The offspring is that most of these routers are installed out of the box seat very insecurely , ” sound out Steven Myers , an assistant professor at Indiana University , who publish the report in November , along with researcher from the Institute for Scientific Interchange in Torino , Italy ,

The researchers theorize that attack would solve by guessing administrative passwords and then learn the routers to install new worm - similar firmware which would in turn stimulate the infected router to attack other devices in its range .

Because there are so many closely connect Wi - Fi networks in most urban field , the attack could skip from router to router for many miles in some cities .

The squad used what is known as the Susceptible Infected Removed ( SIR ) model to track the growth of this attack . This methodology is typically used to estimate things like influenza outbreaks , but it has also been used to predict thing like computing machine computer virus infections , Myers say .

Although the researchers did not develop any attack computer code that would be used to carry out this infection , they believe it would be possible to drop a line code that approximate default watchword by first entering the nonpayment administrative countersign that embark with the router , and then by trying a tilt of one million unremarkably used passwords , one after the other . They believe that 36 percent of passwords can be approximate using this technique .

Even some router that apply encoding could be cracked , if they use the democratic WEP ( Wired Equivalent Privacy ) algorithm , which security expert have been able to crack for eld now . Routers that were code using the more - safe WPA ( Wi - Fi Protected Access ) touchstone were considered unacceptable to infect , Myers say .

Myers ’ model is based on data compose from theWireless Geographic Logging Engine(WiGLE ) , a voluntary - run effort to map Wi - Fi meshwork around the world , which has over 10 million connection in its database .

Using this data , they were able to map out out orotund web of made out of Wi - Fi routers that were each no more than 45 metre ( 49 yards ) from the net — in other words , nigh enough for an contagion to spread . The big such connection in New York include 36,807 organization ; in Boston it was 15,899 ; and in Chicago : 50,084 .

Because New York is such a dumb city with a relatively low percentage ( 25.8 pct , according to the research worker ) of encrypted router , it was particularly susceptible to this character of onset . San Francisco , on the other deal , where 40.1 percent of routers are code and which had a lower concentration of routers was less susceptible .

Myers says that because the flak would be technically complex , he doubts that crook will undertake it any clip before long . There are only too many other , easier way to take over computers , he said .

Still , he thinks hardware makers should take note of hand . “ The bigger stage for developer and people crap wireless entropy technology is to realize that there are serious surety issues . ”