Computer science researchers have demonstrated for the first time how a digital virus can go airborne and spread via WiFi networks in populated areas at the same pace as a human diseases.
The “Chameleon” virus, designed by a University of Liverpool team, showed a remarkable amount of intelligence by avoiding detection and breaking into personal and business WiFi networks at their weakest points — spreading at an alarming rate.
Network Security Professor Alan Marshall said the virus doesn’t try to damage or disrupt established networks — instead, the virus slips in unnoticed to collect the data and log-in information of all users connected to the network via WiFi, and seeks other WiFi networks through them — a much more subtle, sinister and dangerous objective.
“WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus,” Marshall said in a ScienceBlog report. “It was assumed, however, that it wasn’t possible to develop a virus that could attack WiFi networks — but we demonstrated that this is possible and that it can spread quickly.”
The secret to Chameleon is the method by which it avoids detection. Traditional computer antivirus programs look for viruses present on computers and the Internet itself. Chameleon sticks strictly to WiFi networks, bypassing secured, more heavily encrypted networks to enter and spread through weaker ones — especially free public access points like those found in cafes, on trains and in airports.
A lab experiment by the University’s School of Computer Science and Electrical Engineering and Electronics simulated what researchers likened to an airborne contagion attack against Belfast and London, entering WiFi access points that connect public and private networks to the Internet.
The virus traveled fastest across access points within a 160 feet or less of each other, following similar rates of human infection by viruses among more densely populated areas.
“We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely,” Marshall said.