A virus that spreads through Wi-Fi networks as efficiently as a cold spreads between humans has been demonstrated by researchers.
The team from the University of Liverpool designed and simulated an attack by a virus, nicknamed Chameleon, and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which Wi-Fi access is least protected by encryption and passwords.
Researchers simulated an attack on Belfast and London in a laboratory setting, and found that Chameleon behaved like an airborne virus, travelling across the Wi-Fi network via Access Points (APs) that connect households and businesses to Wi-Fi networks.
Alan Marshall, Professor of Network Security at the university, said: “When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other Wi-Fi users who connected to it. The virus then sought out other Wi-Fi APs that it could connect to and infect.”
While many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected including open access Wi-Fi points common in locations such as coffee shops and airports.
Areas that are more densely populated have more APs in closer proximity to each other, which meant that the virus propagated more quickly, particularly across networks connectable within a 10-50m radius.
Chameleon was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon was only ever present in the Wi-Fi network.
The attack replaces the firmware of an existing AP and masquerades the outward facing credentials so all visible and physical attributes are copied and there is no significant change in traffic volume or location information.
This makes the attack difficult to detect, as the most common means of defence against rogue APs is deployment of an intrusion detection system but these typically rely on methods for detecting a change in credentials, location or traffic levels.
Marshall added: “Wi-Fi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack Wi-Fi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely.”
The research has been published in the EURASIP Journal on Information Security.