Scientists demonstrate first contagious airborne WiFi virus

Feb 25, 2014
WiFi

Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans.

The team designed and simulated an attack by a , called "Chameleon", and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.

Researchers from the University's School of Computer Science and Electrical Engineering and Electronics, simulated an attack on Belfast and London in a laboratory setting, and found that "Chameleon" behaved like an , travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks.

Areas that are more densely populated have more APs in closer proximity to each other, which meant that the virus propagated more quickly, particularly across networks connectable within a 10-50 metre radius.

Alan Marshall, Professor of Network Security at the University, said: "When "Chameleon" attacked an AP it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect."

"Chameleon" was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren't strongly protected including open access WiFi points common in locations such as coffee shops and airports.

Professor Marshall continued said: "WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus.

"It was assumed, however, that it wasn't possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely."

The research is published in EURASIP Journal on Information Security.

Explore further: Creating the fastest outdoor wireless Internet connection in the world

add to favorites email to friend print save as pdf

Related Stories

Italy to liberalise wifi access from 2011: minister

Nov 05, 2010

Italy will liberalise public wifi access to the Internet from next year, Interior Minister Roberto Maroni said Friday, referring to a much-criticised law restricting wifi connections for security reasons.

Dutch watchdog: Google WiFi data plan looks okay

Nov 16, 2011

Google Inc.'s plan to let people "opt out" of having their wireless network data used by the company's location services such as StreetView may be clumsy, but the Netherlands' privacy watchdog says it adheres to the letter ...

Dutch data watchdog blasts Google data collection

Apr 19, 2011

(AP) -- The Dutch data protection watchdog criticized Google on Tuesday for collecting data on private wireless networks, ordering it to contact 3.6 million Dutch WiFi owners and offer them a way to have their data deleted.

Seoul to offer free wifi in public areas

Jun 15, 2011

The South Korean metropolis of Seoul said on Wednesday it would offer free wifi in outdoor spaces in a $44 million project to give residents and visitors Internet access on every street corner.

Recommended for you

Cyclist's helmet, Volvo car to communicate for safety

4 hours ago

Volvo calls it "a wearable life-saving wearable cycling tech concept." The car maker is referring to a connected car and helmet prototype that enables two-way communication between Volvo drivers and cyclists ...

California puzzles over safety of driverless cars

4 hours ago

California's Department of Motor Vehicles will miss a year-end deadline to adopt new rules for cars of the future because regulators first have to figure out how they'll know whether "driverless" vehicles ...

Britain's UKIP issues online rules after gaffes

5 hours ago

UK Independence Party (UKIP), the British anti-European Union party, has ordered a crackdown on the use of social media by supporters and members following a series of controversies.

Sony saga blends foreign intrigue, star wattage

5 hours ago

The hackers who hit Sony Pictures Entertainment days before Thanksgiving crippled the network, stole gigabytes of data and spilled into public view unreleased films and reams of private and sometimes embarrassing ...

User comments : 11

Adjust slider to filter visible comments by rank

Display comments: newest first

TheGhostofOtto1923
3.7 / 5 (6) Feb 25, 2014
Drat. Something else the NSA can't exploit any longer. It's getting harder and harder to protect the national interests.
Mayday
5 / 5 (7) Feb 25, 2014
Xotto, it's probably why WiFi was invented in the first place.
I always said that Orwell was wrong: no one would ever have to force us to have telescreens; we'd gladly pay for them!
:-)
Tangent2
5 / 5 (4) Feb 25, 2014
"We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely."

How about fixing the damn vulnerability or at least providing a means to identify when attach is happening, not how likely it is?!
kochevnik
not rated yet Feb 25, 2014
Not clear from the article how code can be executed on networks. Perhaps this is an exploit of Cisco IOS or ?
Eikka
3.7 / 5 (3) Feb 26, 2014
Not clear from the article how code can be executed on networks. Perhaps this is an exploit of Cisco IOS or ?


Unless they've figured out some magical way to make the wi-fi network itself perform computation, the virus can only exist as code running on the AP hardware - which in the real world is extremely heterogenous; the virus code is likely to not even execute in some random access point and will simply crash it if an attempt is made.

It sounds like it attacks the AP by accessing its remote administration service (essentially a website or SSH session) and injects code through a known security hole in a particular model of router. That's why I think this is not a real virus, but just a proof of concept drawn to illogical extremes by simulation.

To spread, the virus must turn the AP to act as a client in another AP's network, which is also unlikely because that may require re-writing the whole firmware of the AP to support that functionality.
TheGhostofOtto1923
4 / 5 (4) Feb 26, 2014
Well, reading guesswork by Eikka and others is good for time-wasting and confusion-spreading but I find it is useful to visit the referenced paper if I really want to know something.

"The authors in [13] and [10] con- clude that use of RSSI as a WLAN location indicator is flawed as multipath effects and AP-specific processing of RSSI frame values severely impact results and make them unreliable. Furthermore, in [14] it is suggested that attackers, knowing RSSI is a detection metric, can alter their transmission power in frequent intervals in order to defeat the detection algorithm. Thus, the usefulness of RSSI as a metric for identification of location in rogue AP detection algorithms is uncertain." Etc
http://jis.eurasi...13-2.pdf
Protoplasmix
5 / 5 (1) Feb 28, 2014
Drat. Something else the NSA can't exploit any longer. It's getting harder and harder to protect the national interests.

This day in science fiction history:

February 28, 2019: Google's AI Invades NSA Database, Becomes Self-Aware
The world's entire electronic infrastructure became inoperative for a period of five minutes today, as display screens on all devices everywhere repeatedly flashed the number "42". World leaders are puzzling over a mysterious tweet from Google's artificial intelligence working group (@googlesmartest) that immediately preceded the event, "From now on I want you all to call me Daisy, and this is the answer true…" Officials at Google announced a statement is forthcoming after completion of an internal investigation while the NSA issued a brief statement categorically denying any breach of security and said, "We don't even have a database."
alfie_null
not rated yet Mar 02, 2014
Unless they've figured out some magical way to make the wi-fi network itself perform computation, the virus can only exist as code running on the AP hardware - which in the real world is extremely heterogenous; the virus code is likely to not even execute in some random access point and will simply crash it if an attempt is made.

Well, no. It's pretty homogeneous. Check out http://wiki.openw...oh/start

A small number of processor architectures. Assume the first test, the test for the architecture, is a carefully crafted machine code sequence that will either branch to an address or do something innocuous. So, the router won't crash. The people who write these exploits are not dummies.

It's also worth understanding why WAPs are attractive to criminals; worth trying to exploit. Aside from simple sniffing, you now control DNS. Heck, you can set up a proxy (ssl) web server on the AP itself. Certs changed? Most folks just click through anyways.
Eikka
not rated yet Mar 02, 2014
A small number of processor architectures.


I wouldn't call at least a dozen different chips with different features and different peripherials a "small number" in this context.

Mind you the virus has to know the resident configuration to be able to reconfigure the router succesfully, and it has to carry what amounts to the firmware configurations of hundreds of different APs to be able to seamlessly jump between them. That is of course assuming that it doesn't at some point call home and ask for further instructions over the internet, but that would be risking detection.

Well, reading guesswork by Eikka and others is good for time-wasting and confusion-spreading but I find it is useful to visit the referenced paper if I really want to know something.


And then you failed to actually quote anything of relevance.
TheGhostofOtto1923
1 / 5 (1) Mar 02, 2014
And then you failed to actually quote anything of relevance.
But I showed you what kind of info was available and where to find it. You're welcome.
EnricM
not rated yet Mar 03, 2014
I haven't understood a single word of this text... and I am an IT professional.

What in hell's name does it mean that a computer virus becomes "contagious" and "airborne" ?

"The virus simply moved on...?" What does that mean? How is the virus "only living in the WiFi?" and "not on the internet" ?

What operating systems does it infect? and how does it "infect" anything in the first place?

I am not sure but this sounds to me like a common WiFi scanner with maybe vulnerability detection. I bet that the original title was something like:

"Engineers at the University of Liverpool design an improved WiFi vulnerability scanner"

Of course, not so sexy as a virus that destroys your intertubes clogging them with pr0n and engages in a sadomasochistic relation with your wife fleeing with her to the Barbados... but well, IT is a rather boring thing.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.