They have created a proof-of-concept which can infect the entire wireless network instead of a single computer at a time, that replaces the firmware of the vulnerable Access Point (AP) with a virus-loaded version, and then propagates itself to the next victim on the WiFi network.
The WiFi based virus named as 'Chameleon', that can self-propagate over WiFi networks from access point to access point, but doesn't affect the working of the Wireless Access Point.
This Virus is able to identify WiFi access points that are not protected by encryption and passwords, according to the research paper. It can badly hit less-protected open access WiFi networks available in coffee shops or airports.
It propagates in the following sequence:
- It Establish a list of susceptible APs within the range
- Bypass any encryption Security on the targeted AP
- Bypass the administrative interface on the targeted AP
- Identify and Store AP System Settings
- Replace the AP firmware on with the virus-loaded firmware.
- Import the victim original AP System Settings on newly loaded firmware
- Let's Propagate! Back to Step one to next Target.
The experimental simulated demonstration was performed in two cities i.e. Belfast, NI and London, England.
 |
| Laboratory setup |
A random access point was made infected with the virus which act as a seed, the results were published in the paper.
The Chameleon attack is a serious threat for WiFi network security. The research shows that this kind of attack is undetectable to any Antivirus and Wireless Intrusion Detection System (IDS).
"Hence, this attack is considered advanced and difficult to detect, as IDS rogue AP detection methods typically rely on a change in credentials, location or traffic levels."
The Density of Access points in a certain geographical area increases the security issues for wireless networks, because it spreads very quickly at high speed in an area having denser Access Point availability.
"WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus," says Marshall, Co-author of the research paper.
However, the virus itself doesn't exist in the wild and created for the demo purpose in the research lab only, though it is very likely that a malicious version could be created and released into the wild by cyber criminals and malware writers.
