It isn’t sci-fi anymore. For the first time ever, researchers at the UK’s University of Liverpool have been able to demonstrate that “WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans:”
In effect, it means that with the ubiquitous WiFi connectivity at offices, cafés, homes – virtually everywhere – if my tablet sneezes, your laptop will catch a cold. And densely populated areas mean more access points in a relatively small area. This means that if you were to go to a café where a lot of people were accessing the internet over WiFi in close proximity to each other, the virus will stand a better chance to infect your device.
The virus that the research team designed was called Chameleon, and once an attack was simulated, the virus was able to “spread quickly between homes and businesses,” the team noted. And not just that, true to its name, the Chameleon was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords.
The reason why Chameleon was able to avoid detection is that current virus detection systems look for viruses that are present on the internet or computers, but Chameleon is only ever present in the WiFi network.
Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected including open access WiFi points common in locations such as coffee shops and airports.
During the simulation of the attack on Belfast and London in a laboratory setting, the team said “Chameleon behaved like an airborne virus, travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks.”
Alan Marshall, Professor of Network Security at the University, said: “When Chameleon attacked an AP, it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.”
“The increased availability of WiFi has occurred in spite of well-documented security vulnerabilities, such as denial of service (DoS) and rogue access point (rogue AP) attacks,” notes the research paper published in EURASIP Journal on Information Security.
“The consequence of this is that as demand drives up the availability and use of WiFi, the geographical area that an attack can exploit increases exponentially. It is pertinent to note however that currently the largest barrier to eradicating the threats to users and owners of WiFi networks is system and device misconfiguration, rather than inherent technology flaws. This is revealed in the continued use of open and wired equivalent privacy (WEP) encryption in home and enterprise environments,” it says.
The Chameleon virus employs a WLAN attack technique which independently infects and propagates amongst WiFi AP embedded systems, the research notes. The propagation of the virus effectively constitutes an advanced rogue AP attack which is unique in that it occupies the exact location of the victim device, it adds.
This is different form the better known ‘evil twin attack’, where an additional device appears which masquerades the credentials and broadcast information of the victim. In the evil twin attack, the traffic volume significantly increases and conflicting RSSI (received signal strength indicator) measurements are observed for packets, which can be observed by an intrusion detection system. As the Chameleon attack commandeers the existing hardware, it does not impact on either of these metrics.
This makes the Chameleon more dangerous in that current detection systems are not sophisticated enough to detect it soon enough to contain damage. The University undertook this exercise to expose security vulnerabilities that are present in the networks. “WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” said Professor Marshall.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely,” he noted.
[Image via Shutterstock]