Researchers Design Clever Malware That Hops Across Wi-Fi Networks

Researchers from the University of Liverpool have successfully demonstrated how a specifically engineered strain of malware can infect Wi-Fi access points and move between them.

Dubbed ‘Chameleon’, this type of virus spreads over the air just like an infectious disease, threatening large cities with a lot of overlapping networks.

It works by replacing the firmware of an existing Access Point (AP), taking over the hardware, and using the original credentials to present itself as secure to other devices on the network. It can then proceed to collect data from all users connected to that particular access point.

Wi-Fi epidemiology

Chameleon can infect both Wi-Fi routers and PCs. Since it spreads through the wireless networks, the malware can remain undetected by traditional anti-virus solutions for long periods of time. Its success is directly linked to network density in a given area – Chameleon would thrive in a city centre with many overlapping networks, but wither in the countryside.

To test the malware, researchers simulated an attack on Belfast and London.

“When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other Wi-Fi users who connected to it. The virus then sought out other Wi-Fi APs that it could connect to and infect,” Alan Marshall, professor of network security at the University of Liverpool, told Phys.org.

Once the rogue AP has discovered a new victim, the malware bypasses security, backs up the router’s system settings, overwrites the firmware with an alternate version, restores original system settings, and starts broadcasting itself across the network from a new location.

While serious encryption and passwords can protect a single Wi-Fi access point, they are unlikely to stop the advance of Chameleon –despite expert advice and campaigns like Cyber Streetwise, any street in a highly populated neighbourhood will have a few unsecured Wi-Fi networks, as anyone familiar with the practice of wardriving will confirm.

Work at the University of Liverpool was based on the paper by Jonny Milliken, Valerio Selis and Alan Marshall, published in October 2013. However, the idea of a malicious program that would spread from a router to a router is much older, dating to at least 2008.

At the moment, Chameleon is an experiment, and no malware with such capabilities has been spotted outside of a lab. But the test proves that malicious actions could create similar code, and now the researchers are working to find ways to prevent such a Wi-Fi epidemic from ever happening.

Do you know the secrets of Wi-Fi? Take our quiz!