It started in the laboratory of a university in England. An airborne virus was cultivated. One that could spread like the common cold in densely populated areas, infecting all it came into contact with. It was called Chameleon – and it was a computer virus.
Chameleon is the product of the University of Liverpool’s School of Computer Science and Electrical Engineering and Electronics and shows for the first time that WiFi networks can be infected with a virus that moves through the air, jumping from access point to access point.
WiFi access points have long been known to be potentially weak spots onto networks, often left unprotected by passwords or encryption, or still using the manufacturer’s or telecoms operator’s default security codes. But up until now, there hasn’t been a virus that could attack a WiFi network.
Chameleon behaves just as a disease would in a viral outbreak, moving faster through cities with dense populations, where access points (and humans) are closer together. The computer scientists simulated its outbreak in Belfast and London and found that in the higher density of London, the connectivity between devices was a more important factor than how susceptible the access points were.
The malware was also able to avoid detection and find the other visible WiFi access points from its current location that were least protected by encryption and passwords.
“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it,” Profesor Alan Marshall explained. “The virus then sought out other WiFi APs that it could connect to and infect.”
Most virus protection is sitting on endpoint devices like laptops, tablets and PCs and it’s looking for viruses on the internet or within the device, not on the network. The team designed Chameleon to sit only on the network, effectively invisible to security programs.
If the virus ever did happen to hit on a WiFi spot that was properly protected, it just moved on to one that wasn’t, like an open hotspot in a cafe or airport.
“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” Marshall said.
“It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks, but we demonstrated that this is possible and that it can spread quickly.”
The team is now using the data from the research to figure out new techniques for security programs to use to identify when an attack is likely.
The full study on the detection and analysis of the virus was published in the EURASIP Journal on Information Security.