Chameleon virus spreads between wireless access points like the common cold
The latest breed of virus is airborne. We're not talking about a 24 hour bug that does the rounds at the office, but a computer virus. A team of researchers at the University of Liverpool, UK, demonstrated how a virus known as Chameleon was able to spread undetected over Wi-Fi by exploiting vulnerabilities in access points.
For town and cities where there are large numbers of routers and access points in close proximity, this represents a serious security risk as there is potential for a terrifying number of infections to be made in very little time.
The spread of the virus has been likened to the spread of the common cold, and it takes advantage of known weaknesses. What is particularly worrying about the spread is that it is very difficult to detect. "When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other Wi-Fi users who connected to it," says Alan Marshall, Professor of Network Security at the University. "The virus then sought out other Wi-Fi APs that it could connect to and infect".
Tackling the spread of such viruses is far more complex than those that take a more traditional form. Antivirus tools are only effective against viruses that can be detected on hard drives, in memory, or in network traffic, but in the case of Chameleon it is the Wi-Fi network itself that is infected. Just as the common cold can be carried by someone without them exhibiting any symptoms, so Chameleon can move from host to host until it finds one that can be fully infected.
It is not just fixed access points that pose a risk. Routers and other networking equipment are in plentiful supply in urban areas, but factor in mobile devices and there is then potential for the infection to spread even further afield. Professor Marshall explained that many businesses are likely to have advanced security measures in place that could thwart the spread of such a virus, but this is less likely to be the case for smaller businesses and individuals.
Full details of the research have been published online and are available for anyone to read, and the next move is to create firmware for access points that will be resistant to this type of attack.