Researchers Design Clever Malware That Hops Across Wi-Fi Networks

Researchers from the University of Liverpool have successfully demonstrated how a specifically engineered strain of malware can infect Wi-Fi access points and move between them.

Dubbed ‘Chameleon’, this type of virus spreads over the air just like an infectious disease, threatening large cities with a lot of overlapping networks.

It works by replacing the firmware of an existing Access Point (AP), taking over the hardware, and using the original credentials to present itself as secure to other devices on the network. It can then proceed to collect data from all users connected to that particular access point.

Wi-Fi epidemiology

Chameleon can infect both Wi-Fi routers and PCs. Since it spreads through the wireless networks, the malware can remain undetected by traditional anti-virus solutions for long periods of time. Its success is directly linked to network density in a given area – Chameleon would thrive in a city centre with many overlapping networks, but wither in the countryside.

To test the malware, researchers simulated an attack on Belfast and London.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other Wi-Fi users who connected to it. The virus then sought out other Wi-Fi APs that it could connect to and infect,” Alan Marshall, professor of network security at the University of Liverpool, told Phys.org.

Once the rogue AP has discovered a new victim, the malware bypasses security, backs up the router’s system settings, overwrites the firmware with an alternate version, restores original system settings, and starts broadcasting itself across the network from a new location.

While serious encryption and passwords can protect a single Wi-Fi access point, they are unlikely to stop the advance of Chameleon –despite expert advice and campaigns like Cyber Streetwise, any street in a highly populated neighbourhood will have a few unsecured Wi-Fi networks, as anyone familiar with the practice of wardriving will confirm.

Work at the University of Liverpool was based on the paper by Jonny Milliken, Valerio Selis and Alan Marshall, published in October 2013. However, the idea of a malicious program that would spread from a router to a router is much older, dating to at least 2008.

At the moment, Chameleon is an experiment, and no malware with such capabilities has been spotted outside of a lab. But the test proves that malicious actions could create similar code, and now the researchers are working to find ways to prevent such a Wi-Fi epidemic from ever happening.

Do you know the secrets of Wi-Fi? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

3 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

3 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

4 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

4 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

5 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

5 hours ago