Open WiFi networks: Lethal weapons for botnets?

This paper assesses the potential for highly mobile botnets to communicate and perform nefarious actions using only open WiFi networks, which we term mobile WiFi botnets. We design and evaluate a proof-of-concept mobile WiFi botnet using real-world mobility traces and actual open WiFi network locations for the urban environment of San Francisco. Our extensive simulation results demonstrate that mobile WiFi botnets can support rapid command propagation, with commands typically reaching over 75% of the botnet only 2 hours after injection-sometimes, within as little as 30 minutes. Moreover, those bots able to receive commands usually have ≈40-50% probability of being able to do so within a minute of the command being issued. Our evaluation results also indicate that even a small mobile WiFi botnet of only 536 bots can launch an effective DDoS attack against poorly protected systems. Furthermore, mobile WiFi botnet traffic is sufficiently distributed across multiple open WiFi networks-with no single network being over-utilized at any given moment-to make detection difficult.