BLOOMINGTON, IN – As free, citywide Wi-Fi networks become more popular in major urban areas, researchers at Indiana University are warning that they, coupled with home Wi-Fi networks, could pose a major security risk.In a recent report, researchers at IU warned that hackers could distribute a firmware worm by compromising one access point and then “piggybacking” across thousands of other connections. In New York alone, 20,000 wireless routers could be taken over within a two-week period, with most of the infections occurring during the first 24 hours.

Myers and colleagues at the Institute for Scientific Interchange in Torino, Italy, collaborated on the study, which was published in November. It only recently has gained attention because of San Francisco’s efforts to become the largest American city with a free, citywide Wi-Fi network. Originally proposed in 2004 and begun in 2006, the project that would have installed wireless access points on telephone and light poles throughout the city was cancelled in September 2007 when San Francisco officials began to doubt the financial viability of technology partner Earthlink. Google-funded startup Meraki last week announced it would pick up the project in a modified form.

“The issue is that most of these routers are installed out of the box very insecurely,” Steven Myers, an assistant professor at Indiana University, told NetworkWorld.

The researchers said because so many networks use no passwords at all or employ easily guessed or default passwords, hackers could employ “brute-force” attacks fairly easily in order to gain access.

Using an infection model called Susceptible Infected Removed, which primarily is employed to track and predict influenza outbreaks, the researchers theorized that 36-percent of a network could be compromised very quickly, and a self-replicating worm then could use the infected routers to attack others located within 49 yards, regardless of network. In New York, the largest network with nodes that close together includes 36,807 systems; in Boston, it includes 15,899, and in Chicago, it includes 50,084. The location data was compiled by the Wireless Geographic Logging Engine, a volunteer effort to map Wi-Fi networks worldwide.

Even some encrypted routers could be cracked if they employ the widely used Wired Equivalent Privacy algorithm, which security experts have called “insecure” for several years. More-secure Wi-Fi Protected Access-encrypted routers probably would be immune, however, according to the researchers.

The researchers considered New York a prime target for a Wi-Fi attack, because it is densely populated with wireless routers and very few of them (about 25.8-percent) are encrypted, the researchers noted. San Francisco, where about 40.1-percent of routers use good encryption and the population of wireless routers is less dense, would be a tougher target, they said.

Despite the relative ease with which a tech-savvy hacker could cause widespread damage, Myers said he thought the possibility of a Wi-Fi network attack was remote. There are other, easier ways to take over computers currently, he told NetworkWorld.

But the situation does bear watching, he cautions.

“The bigger point for developers and people making wireless information technology is to realize that there are serious security issues,” he said.