Computer viruses now live up to
their name: thanks to British
researchers wi-fi networks can
now infect each other just like a
common cold works.
It is the stuff of cyber
nightmares: an undetectable
virus that moves through the
airwaves. But researchers at the
University of Liverpool have
made it a reality. They have
shown, for the first time, that wi-
fi networks can be infected via
their access points, rather than
computers – living not in the
internet, but in the wi-fi space.
In densely populated areas where
wi-fi hotspots were prevalent,
the "Chameleon" virus – which
was designed by researchers at
the university's school of
computer science and electrical
engineering and electronics –
could spread as quickly as the
common cold.
They proved this by simulating –
in a laboratory environment –
attacks on London and Belfast.
Densely populated areas had
more access points in close
proximity, and so the virus
spread more quickly. Their
research was published in the
European Association for Signal
Processing's Journal on
Information Security.
"When 'Chameleon' attacked an
access point, it didn't affect how
it worked, but was able to collect
and report the credentials of all
other wi-fi users who connected
to it," said Alan Marshall,
professor of network security at
the university. "The virus then
sought out other wi-fi access
points that it could connect to and
infect."
Professor Basie von Solms,
director of the Centre for Cyber
Security at the University of
Johannesburg, said that what
makes "Chameleon" novel is that
it "lives" in the wi-fi cyberspace,
and attacks via access points.
"They have proved now, in a
controlled environment, that such
a virus can spread very quickly
via wi-fi, which was not so clear
before.
"Also, because it 'lives' in the 'wi-
fi cyber space', it is not detected
because it never really infects a
computer directly."
Open access
"While many access points are
sufficiently encrypted and
password protected, the virus
simply moved on to find those
which weren't strongly
protected, including open access
wi-fi points common in locations
such as coffee shops and
airports," the University of
Liverpool said.
Current virus detection
programmes look for viruses
present on computers or the
internet, not on the wi-fi
network itself.
However, Von Solms said it
remains theoretical because "if
such a virus is used for malicious
purposes … it will have some
kind of payload which will infect
computers and other devices,
because that is where the desired
data and information reside".
Von Solms said this research
showed that cyberspace is
constantly evolving and urged
caution for all users.