An experiment has been performed with the Chameleon virus

Feb 26, 2014 13:52 GMT  ·  By

Researchers from the University of Liverpool have demonstrated that a computer virus can spread through Wi-Fi access points between homes and businesses just like the common cold spreads from one human to another.

The researchers have performed an experiment in a laboratory setting with the aid of the Chameleon virus, which uses a WLAN attack technique to infect access points and collect the credentials of all Wi-Fi users who connect to it. Then, it seeks out other access points, connects to them and infects them.

The main issue highlighted by the researchers is the fact that many Wi-Fi access points are unprotected, allowing viruses like Chameleon to spread without difficulty.

In their experiment, researchers simulated an attack on the cities of Belfast and London. While the virus can’t spread via access points protected by encryption and passwords, it relies on ones that are not protected, like the ones in airports and coffee shops.

“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” said Alan Marshall, professor of Network Security at the University of Liverpool and one of the authors of the research paper.

“It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely,” Marshall added.

Rogues access point attacks such as the one described by the researchers can be mitigated with the aid of intrusion detection systems (IDS). These systems usually rely on receiving signal strength indicator (RSSI) values to track the location of the device.

However, IDS can be bypassed by copying the expected RSSI values. This can be accomplished by placing the rogue access point within a similar radius as the target, or by editing the RSSI output to make sure it matches the victim’s values.

The research paper proposes a more efficient detection strategy for such viruses. The method proposed by experts relies on layer 2 management frame information and it’s capable of detecting such attacks while maintaining user privacy and confidentiality.

The complete research paper, “Detection and analysis of the Chameleon WiFi access point virus,” is available on the website of the EURASIP Journal on Information Security.