WiFi virus: airborne malware 'spreads like the common cold'

Wifi virus

Researchers design virus that hops between WiFi access points posing a 'significant' security threat

LAST UPDATED AT 16:10 ON Wed 26 Feb 2014

SCIENTISTS have demonstrated for the first time that WiFi networks in densely populated areas can be infected with a virus that spreads as "efficiently as the common cold".

The research team, from the University of Liverpool, designed the virus called Chameleon and simulated an attack in a laboratory setting. Not only did it behave like an airborne virus, hopping between access points that connect computers and mobile devices to WiFi networks, it was also able to avoid detection.

If an access point was sufficiently encrypted and password protected, the virus simply moved on to find a more vulnerable one – which in real life would include open-access WiFi points found in coffee shops and airports.

Alan Marshall, professor of network security at the university, said: "When Chameleon attacked an access point it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi access points that it could connect to and infect."

It was able to avoid detection as current anti-virus systems look for malware that is present on the internet or computers, while Chameleon is only ever present on the WiFi network.

Publishing their findings in the Eurasip Journal on Information Security, the researchers said the attack was a "significant" threat to WiFi security with implications including data theft and device malfunction.

"It was assumed that it wasn't possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly," they wrote.

The ability for Chameleon to spread on its own currently relies on access points being located close together. But researchers warned that if the virus found a way to hop from access points to computers or mobile devices – rather than from access points to access points – the attack would become "much more dangerous". It would give the virus "true mobility", they said, as a computer or mobile carrying the virus could spread it among any access points it came into contact with.

The scientists are now using the data from the study to develop a new technique to identify a potential attack. · 

For further concise, balanced comment and analysis on the week's news, try The Week magazine. Subscribe today and get 6 issues completely free.

Read more about