Researchers Design Clever Malware That Hops Across Wi-Fi Networks

Researchers from the University of Liverpool have successfully demonstrated how a specifically engineered strain of malware can infect Wi-Fi access points and move between them.

Dubbed ‘Chameleon’, this type of virus spreads over the air just like an infectious disease, threatening large cities with a lot of overlapping networks.

It works by replacing the firmware of an existing Access Point (AP), taking over the hardware, and using the original credentials to present itself as secure to other devices on the network. It can then proceed to collect data from all users connected to that particular access point.

Wi-Fi epidemiology

Chameleon can infect both Wi-Fi routers and PCs. Since it spreads through the wireless networks, the malware can remain undetected by traditional anti-virus solutions for long periods of time. Its success is directly linked to network density in a given area – Chameleon would thrive in a city centre with many overlapping networks, but wither in the countryside.

To test the malware, researchers simulated an attack on Belfast and London.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other Wi-Fi users who connected to it. The virus then sought out other Wi-Fi APs that it could connect to and infect,” Alan Marshall, professor of network security at the University of Liverpool, told Phys.org.

Once the rogue AP has discovered a new victim, the malware bypasses security, backs up the router’s system settings, overwrites the firmware with an alternate version, restores original system settings, and starts broadcasting itself across the network from a new location.

While serious encryption and passwords can protect a single Wi-Fi access point, they are unlikely to stop the advance of Chameleon –despite expert advice and campaigns like Cyber Streetwise, any street in a highly populated neighbourhood will have a few unsecured Wi-Fi networks, as anyone familiar with the practice of wardriving will confirm.

Work at the University of Liverpool was based on the paper by Jonny Milliken, Valerio Selis and Alan Marshall, published in October 2013. However, the idea of a malicious program that would spread from a router to a router is much older, dating to at least 2008.

At the moment, Chameleon is an experiment, and no malware with such capabilities has been spotted outside of a lab. But the test proves that malicious actions could create similar code, and now the researchers are working to find ways to prevent such a Wi-Fi epidemic from ever happening.

Do you know the secrets of Wi-Fi? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

3 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

4 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

20 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

22 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

23 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

1 day ago