Security researchers at the University of Liverpool have warned of the potential for computer viruses to spread over WiFi networks with the same effectiveness as the common cold.
The team in the University’s School of Electrical Engineering, Electronics and Computer Science developed a virus called Chameleon, which is able to move across WiFi networks and avoid detection with ease.
"This attack replaces the firmware of an existing AP [access point] and masquerades the outward-facing credentials. Thus, all visible and physical attributes are copied and there is no significant change in traffic volume or location information," it said.
"Hence, this attack is considered advanced and difficult to detect, as IDS [intrusion detection system] rogue AP detection methods typically rely on a change in credentials, location or traffic levels."
The researchers then ran tests on a simulation of the WiFi networks in London and Belfast and found that Chameleon acted like an airborne virus, as the close proximity of WiFi APs made it easy for the virus to spread.
The virus also easily adapted to its surroundings. If it encountered an AP with good security encryption and passwords, it would move onto another AP that was not sufficiently protected and continue to spread.
Alan Marshall, professor of network security at the university, said the study underlined the risks posed by public WiFi.
“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” he said.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks, but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely.”
The full research paper entitled Detection and analysis of the Chameleon WiFi access point virus is available online.
The research is worrying as public WiFi networks are being rolled out across major cities such as London all the time. The London Underground now has more than 130 stations hooked up while numerous boroughs are offering free services to residents.
Advertising can be targeted to an individual level for less than $1,000
Google push to make the web all-HTTPS forces websites into line
IoT_reaper spreading fast across poorly secured connected devices
Screen burn more commonly associated with old CRT monitors