Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Wi-Fi 'virus' could be used to attack wireless access points, researchers discover

Malware could spread silently from AP to AP

Article comments

Dense concentrations of Wi-Fi access points and routers in large cities could be attacked by malware able to spread silently from node to node, researchers at the University of Liverpool have shown for the first time.

In the experiment conducted by Jonny Milliken, Valerio Selis and Professor Alan Marshall, a specially-crafted virus called ‘Chameleon’ was pitted against a range of common access points with poorly-secured management interfaces (i.e. using default passwords). Once access had been achieved, Chameleon then attempted to take control of the device by re-flashing its firmware with a replacement, open source OpenWrt.

Attackers gaining control in this way would be able to monitor traffic for credentials or other data but the team’s real discovery was that Chameleon would also be able to spread and infect other routers in its neighbourhood in a manner similar to an “airborne virus.”

Having proved the concept in the lab, the team modelled the attack against the sort of Wi-Fi density found in two cities, Belfast and London, finding that even using an infection rate of five to ten percent, Chameleon would be able to infect several thousand access points within a few months.

Although this sounds like a small number and a long timescale, in a large city each one of these access points could be serving anything from a handful to many thousands of people, so attackers would have gained access to potentially large amounts of valuable data.

Most striking of all, because many access points are left untouched and unmanaged, the attack would be hard to detect. Access points using encryption would offer a small challenge to the extent that re-flashing them would destroy the embedded key. This would need to be captured first.

The team doesn’t reveal which brands or classes of access point or router were vulnerable to Chameleon but were in no doubt that the re-flashing attack would work in the real world.

“In some cases it will work, in some cases it will fail; some are resilient against it, some are not,” Professor Alan Marshall told Techworld. 

“It was assumed that it wasn’t possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely,” said Marshall.

"Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren’t strongly protected including open access WiFi points common in locations such as coffee shops and airports."

According to Marshall, the solution is to embed intrusion prevention technology into access points, something he was pursuing through Queen’s University Belfast spin-out , Traffic Observation and Management.

The research highlights the unprotected state of router/access point technology, which rely on correctly-configured encryption and management to keep out attackers. But there is growing evidence that even without direct wireless attacks, these devices are riddled with vulnerabilities.

Only days ago, a study by security firm Tripwire found most of the top 50 best-selling home routers had software flaws that would allow a remote attacker to gain control of the device even if it was secured.  


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *