A virus designed to infect Wi-Fi networks can spread through cities “as efficiently as the common cold spreads between humans”, invisibly infecting thousands of access points in weeks, researchers at the University of Liverpool have found.
A simulated attack by the virus, known as Chameleon, showed that it could seek out weakly protected Wi-Fi access points, and avoid detection as it spread between homes and businesses. As the attack spread across simulated versions of London and Belfast, Chameleon collected data from every machine connected to the Wi-Fi networks it infected.
Alan Marshall, Professor of Network Security at the University, said in a statement: “When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.”
“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely.”
PC World reports that even using a low infection rate of 5%-10%, the simulation showed that Chameleon could infect thousands of access points across a city over a period of months, completely undetected.
“Although this sounds like a small number and a long timescale, in a large city each one of these access points could be serving anything from a handful to many thousands of people, so attackers would have gained access to potentially large amounts of valuable data,” PC World commented.
Chameleon remained undetected, the researchers say, because most common AV measures depend on looking for viruses on networks or computers, but Chameleon is only ever present in the Wi-Fi network.
Smart Planet’s report pointed out that scale and speed of the virus’s spread depended on the level of encrypted protection used by access points – AP’s that used up-to-date encryption and strong passwords were ‘immune’, but there were enough weaker specimens for the infection to thrive.
The reserachers found that the virus spread rapidly in densely populated areas, where there would be several networks within a 10-50m radius. It also adapted to areas where strong encryption was used.
“Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected,” the researchers write. “These included open access WiFi points common in locations such as coffee shops and airports.”
The research was carried out by the University’s School of Electrical Engineering, Electronics and Computer Science.
Author Rob Waugh, We Live Security