Scientists demonstrate first contagious airborne WiFi virus
Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans.
The team designed and simulated an attack by a virus, called "Chameleon", and found that not only could it spread quickly between homes and businesses, but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.
Researchers from the University's School of Computer Science and Electrical Engineering and Electronics, simulated an attack on Belfast and London in a laboratory setting, and found that "Chameleon" behaved like an airborne virus, travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks.
Areas that are more densely populated have more APs in closer proximity to each other, which meant that the virus propagated more quickly, particularly across networks connectable within a 10-50 metre radius.
Alan Marshall, Professor of Network Security at the University, said: "When "Chameleon" attacked an AP it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect."
"Chameleon" was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren't strongly protected including open access WiFi points common in locations such as coffee shops and airports.
Professor Marshall continued said: "WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus.
"It was assumed, however, that it wasn't possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely."
The research is published in EURASIP Journal on Information Security.
Explore further
User comments
I always said that Orwell was wrong: no one would ever have to force us to have telescreens; we'd gladly pay for them!
:-)
How about fixing the damn vulnerability or at least providing a means to identify when attach is happening, not how likely it is?!
Unless they've figured out some magical way to make the wi-fi network itself perform computation, the virus can only exist as code running on the AP hardware - which in the real world is extremely heterogenous; the virus code is likely to not even execute in some random access point and will simply crash it if an attempt is made.
It sounds like it attacks the AP by accessing its remote administration service (essentially a website or SSH session) and injects code through a known security hole in a particular model of router. That's why I think this is not a real virus, but just a proof of concept drawn to illogical extremes by simulation.
To spread, the virus must turn the AP to act as a client in another AP's network, which is also unlikely because that may require re-writing the whole firmware of the AP to support that functionality.
"The authors in [13] and [10] con- clude that use of RSSI as a WLAN location indicator is flawed as multipath effects and AP-specific processing of RSSI frame values severely impact results and make them unreliable. Furthermore, in [14] it is suggested that attackers, knowing RSSI is a detection metric, can alter their transmission power in frequent intervals in order to defeat the detection algorithm. Thus, the usefulness of RSSI as a metric for identification of location in rogue AP detection algorithms is uncertain." Etc
http://jis.eurasi...13-2.pdf
This day in science fiction history:
February 28, 2019: Google's AI Invades NSA Database, Becomes Self-Aware
The world's entire electronic infrastructure became inoperative for a period of five minutes today, as display screens on all devices everywhere repeatedly flashed the number "42". World leaders are puzzling over a mysterious tweet from Google's artificial intelligence working group (@googlesmartest) that immediately preceded the event, "From now on I want you all to call me Daisy, and this is the answer true…" Officials at Google announced a statement is forthcoming after completion of an internal investigation while the NSA issued a brief statement categorically denying any breach of security and said, "We don't even have a database."
Well, no. It's pretty homogeneous. Check out http://wiki.openw...oh/start
A small number of processor architectures. Assume the first test, the test for the architecture, is a carefully crafted machine code sequence that will either branch to an address or do something innocuous. So, the router won't crash. The people who write these exploits are not dummies.
It's also worth understanding why WAPs are attractive to criminals; worth trying to exploit. Aside from simple sniffing, you now control DNS. Heck, you can set up a proxy (ssl) web server on the AP itself. Certs changed? Most folks just click through anyways.
I wouldn't call at least a dozen different chips with different features and different peripherials a "small number" in this context.
Mind you the virus has to know the resident configuration to be able to reconfigure the router succesfully, and it has to carry what amounts to the firmware configurations of hundreds of different APs to be able to seamlessly jump between them. That is of course assuming that it doesn't at some point call home and ask for further instructions over the internet, but that would be risking detection.
And then you failed to actually quote anything of relevance.
What in hell's name does it mean that a computer virus becomes "contagious" and "airborne" ?
"The virus simply moved on...?" What does that mean? How is the virus "only living in the WiFi?" and "not on the internet" ?
What operating systems does it infect? and how does it "infect" anything in the first place?
I am not sure but this sounds to me like a common WiFi scanner with maybe vulnerability detection. I bet that the original title was something like:
"Engineers at the University of Liverpool design an improved WiFi vulnerability scanner"
Of course, not so sexy as a virus that destroys your intertubes clogging them with pr0n and engages in a sadomasochistic relation with your wife fleeing with her to the Barbados... but well, IT is a rather boring thing.
Please sign in to add a comment. Registration is free, and takes less than a minute. Read more