WiFi networks can suffer infection via a virus that can move through densely populated areas, researchers said.
After designing and simulating an attack by a virus, called “Chameleon,” researchers at the University of Liverpool in England found it could infiltrate homes and businesses, but it could also avoid detection and identify the points at which WiFi access is least protected.
Researchers from the University’s School of Computer Science and Electrical Engineering and Electronics, simulated an attack on Belfast and London in a laboratory setting, and found “Chameleon” behaved like an airborne virus, travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks.
More densely populated areas have more APs in closer proximity to each other, which meant the virus propagated more quickly, particularly across networks connectable within a 10-50 meter radius.
“When ‘Chameleon’ attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” said Alan Marshall, professor of network security at the University. “The virus then sought out other WiFi APs that it could connect to and infect.”
“Chameleon” was able to avoid detection as current virus detection systems look for viruses that are present on the Internet or computers, but Chameleon is only ever present in the WiFi network. When APs have encryption and end up password protected, the virus moves on to find those that do not have strong protection including open access WiFi points common in locations such as coffee shops and airports.
“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” Marshall said.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely.”