Researchers in Liverpool have developed a computer virus that spreads via Wi-Fi like the “common cold.” Now, when nearly every home has wireless Internet, it means that the virus can go from network to network exploiting weaknesses.
The virus, once it’s in control of a Wi-Fi access point, will leave computers connected to that network severely vulnerable to an attack. However, the lead researcher said that the team was working on software to prevent those attacks and render them impossible.
“Rather than rely on people to use strong passwords, you want to integrate intrusion detection systems to the access points,” said Alan Marshall. Marshall is professor of communication networks at Liverpool University.
Mr. Marshall did not go into detail about methods to prevent attacks being used on real victims. He only said that proof-of-concept attacks had been developed at the university.
Virus called ‘Chameleon’
The virus being developed is dubbed Chameleon and it seeks out Wi-Fi access points. Any device that transmits Wi-Fi signal, and nearly every home has one, is in danger of attack if the administrator password has not been changed.
The password that is vulnerable is not the one used to access the Internet but the one preinstalled on the router. This is a password that most Internet users neglect to change or update. It is important to remember that the password, pre-coded into a router, is a generic one and it is often the same for every router of a specific make.
Loss of control
If a hacker gains control of a Wi-Fi access point, new firmware can’t be installed.
“So it’s now under our control. Once you do that you can then do other things with it. You can recover passwords, steal data – anything you want,” explained Prof. Marshall.
It is what the virus does next that is most unusual. Once the virus is installed on one access point, it can then automatically find other vulnerable access points. It then takes these over at the point that the virus finds a weakness.
Not a threat to business networks
Prof. Marshall said that this type of virus was probably not a threat to corporate networks as those networks are likely to have enhanced security in place. However, it is home networks that are less impervious, and even smaller networks like those belonging to local coffee shops could be vulnerable. This is due to these networks having weak defenses and less stringent protection measures in place.
Marshall feels that now his team have identified and shown the threat, consumer attention will be turned to safeguarding home devices. He also felt that by highlighting this threat software may be written that comes preinstalled on routers to prevent this kind of vulnerability.
Ideally, there will be software designed that automatically prevents this kind of attack removing the emphasis from the individual to protect their home network. This would remove the worry of a virus like this infecting a local community and would allow a greater feeling of security when using accessing wireless networks.