Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scientists Demonstrate Virus That Spreads Across Wi-Fi Access Points

Posted by Soulskill on from the proof-of-concept dept.

An anonymous reader writes "Researchers at the University of Liverpool have shown for the first time that WiFi networks can be infected with a virus that can move through densely populated areas as efficiently as the common cold spreads between humans. The team designed and simulated an attack by a virus, called 'Chameleon,' that not only could spread quickly between homes and businesses, but avoided detection and identified the points at which WiFi access is least protected by encryption and passwords. The research appears in EURASIP Journal on Information Security." The technical details are explained in the journal article.

22 of 68 comments (clear)

  1. Keyword; simulated by complete+loony · · Score: 3, Insightful

    Sure it's easy to model the spread of a virus. It's another thing entirely to write one that can run on every commodity access point, with sufficient CPU power to crack all nearby passwords / keys.

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    1. Re:Keyword; simulated by khasim · · Score: 3, Informative

      My problems with TFA are:

      1. Are they being paid by the word because they're throwing massive amounts of bullshit into it.

      2.

      A new form of compromised AP attack has been demonstrated and analysed in [4], called the 'Chameleon' attack, perpetrated by the Chameleon virus.

      That would be a "worm". Not a "virus". And a worm that attacks WiFi routers is NOT new.

    2. Re:Keyword; simulated by khasim · · Score: 5, Informative

      Worms hop from system to system without the need for any human interaction. They exploit vulnerabilities in services listening on ports. Worms need a network.

      A virus infects other files with copies of itself. But an uninfected machine still needs someone to run one of those files on the uninfected machine to infect the uninfected machine.

      Viruses are a lot less common now. Mostly you see trojans and worms and "blended" threats that are a mix of trojans and worms.

    3. Re:Keyword; simulated by FireFury03 · · Score: 2

      Sure it's easy to model the spread of a virus. It's another thing entirely to write one that can run on every commodity access point, with sufficient CPU power to crack all nearby passwords / keys.

      Doesn't need to do that: crack the wifi key and you now have access to the whole network. From there you can install on *any* insecure device on the network - be it the AP itself, a Windows workstation, a NAS, smart TV, printer, whatever. If the device in question has its own wireless NIC (which is frequently the case if you've infected something like a laptop or smartphone) then you can find another wifi network, crack that, install on any device you find therein, rinse and repeat. Especially good for devices like laptops and phones which physically move around so can probably infect geographically separated networks (think: home user bringing their infected phone into work - the phone doesn't need to already be authorised to log into the office wifi network for it to sit there all day, every day, cracking the damned thing!).

      --
      http://blog.nexusuk.org
    4. Re:Keyword; simulated by doas777 · · Score: 2

      Good distinctions, but a point of clarification. Worms are self contained and target Systems (OSs, embedded devices of particular make, etc). They contain all the code necessary to spread from system to system using whatever media they are designed for. Viruses target applications with communciations capabilities. A spam virus for instance generally targets an email client for instance. the virus requires the vulnerable application to transmit itself from vulnerable system to vulnerable system however; that code is not contained in the virus. Viruses do not require human interaction as a rule (some do, some don't). Automatic application updates and hardened code on the few types of applications capable of supporting a virus, have largely made them extinct. Trojans DO require human intervention, but are the most flexible. Worms and Viruses are peer-to-peer only, whereas Trojans are client-server. For instance Drive By Download attacks from malicious web sites are now the infection-vector of choice these days, because it requires as little human interaction as possible. The malware described here, would be a worm, because it is spreading of its own accord, and does not target a specific communications application.

    5. Re:Keyword; simulated by Zero__Kelvin · · Score: 3, Insightful

      "You're using your own personal definition of virus unlike the rest of the world."

      Oh, the irony. You just randomly made up your own definitions after accusing the (much more correct) OP of the same.

      "A worm generally causes no damage and just likes to spread."

      There is no stipulation regarding payload or lack therof for a worm. What makes it a worm rather than a virus is that it is an independant, stand alone program or file that doesn't attach itself to a host program or other file.

      " Virii generally cause damage and spread."

      Again, no payload stipulation is appropriate. What makes it a virus is that it attaches to a host program or other file and spreads by attaching to other host programs or files.

      "Still a worm though, because that overload was a bug, not a feature."

      Again, no. The RTM Worm was a worm because it did not attach to other programs; it was an independant program. Payload has absolutely nothing to do with it. The trouble it caused could have been quite intentional and that wouldn't change a thing. It was a worm regardless of the payload or lack therof.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  2. A Wifi Virus?! by Anonymous Coward · · Score: 3, Funny

    We shall call it...the Flappy Bird Flu.

    You're welcome.

  3. PostScript Virus by Greyfox · · Score: 5, Funny

    I wanted to do something like that on network-attached postscript printers a few years back, but didn't have an easy way to open a network socket in PostScript. My virus would have moved from printer to printer and done nothing else except replace every instance of the word "Strategic" with the word "Satanic" on printed documents.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    1. Re:PostScript Virus by NapalmV · · Score: 2

      Muahahaha you have to see it in action on the Wikipedia "Cloud computing" page. Just a sample: In common usage, the term "my butt" is essentially a metaphor for the Internet.

    2. Re:PostScript Virus by AmiMoJo · · Score: 2

      At college the admins used to spy on us regularly. We trolled them by creating files in DOS that had spaces in the name (alt-255) which they couldn't figure out how to open. Later we found that if you created a text file with a name like "hack.bat" that contained a few thousand 0x07 (bell) characters they would open it up and then immediately start hammering the keys as their editor tried to beep the speaker repeatedly for the next few days. Being DOS the only solution was to hit the hard reset button.

      You could have all sorts of fun with Netware too, like creating fake log-in screens in QuickBasic to capture admin passwords. Since the filesystem had no protection it was easy to insert such a fake screen into autoexec.bat, followed by a call to the real login screen so they would just assume they typed something wrong.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. From mapping to .... by AHuxley · · Score: 2

    In the past the news was just about listening, tracking and mapping
    "aircraft are all fitted with sophisticated surveillance equipment. " ...The aircraft are able to identify suspects using 'voice-prints' ...
    http://www.dailymail.co.uk/new...
    Then the wifi mapping news e.g. "mapped the Wi-Fi fingerprint of nearly every major town in Yemen".
    https://firstlook.org/theinter... (10 Feb 2014)
    Expect more interest in any wifi network at a home, suburb and country based network level.

    --
    Domestic spying is now "Benign Information Gathering"
  5. Re:It hides from detection? by AHuxley · · Score: 3, Insightful

    Would your average well coded antivirus behavioural detection software care a lot if your wifi rebooted a few times?
    No new data into the 'protected' OS, no OS changes, packets flowing in, out, network seems the same ...

    --
    Domestic spying is now "Benign Information Gathering"
  6. Re: Attack replaces firmware .. by Anonymous Coward · · Score: 4, Informative

    The article states chameleon attacks weakly protected acess points. If it finds a hardened one, like WAP, it moves on. It is a worm, not a virus, but the authors couldn't compare it to human contageon that way. I count myself lucky I never cought a worm. Virus, yes.

  7. Back in 1990.. by swb · · Score: 2

    ..when I worked at a large University, we had a massive AppleTalk/EtherTalk network with a ton of zones, most of which had LaserJet printers.

    A cow-orker in another department and I wanted to come up with software that would let us dump files to these printers and somehow masquerade our source info so nobody would know it was us.

    Too bad this probably pre-dated Goatse.

    1. Re:Back in 1990.. by Ol+Olsoc · · Score: 3, Funny

      A cow-orker in another department and I wanted to come up with software

      How exactly does one ork a cow?

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    2. Re:Back in 1990.. by EvilIdler · · Score: 3, Funny

      One orker on each side.

    3. Re:Back in 1990.. by antifoidulus · · Score: 2

      Like you've never been drunk and desperate enough to do it.

      --
      Monstar L
    4. Re:Back in 1990.. by baKanale · · Score: 3, Funny

      Very carefully.

  8. Re:seriously by AHuxley · · Score: 2

    A simulation to help understand that from one site e.g. an embassy you could create a private redundant 24/7 wifi network deep into a city to an area of interest.
    Counter surveillance efforts would see everyday random wifi use... missing the bust of a key logger days, weeks, months later.

    --
    Domestic spying is now "Benign Information Gathering"
  9. Wondering how it really works by wvmarle · · Score: 2

    Yes I read TFA, not the technical report though. Too technical for me.

    It says the virus works by replacing the firmware of wifi routers. That sounds to me like they're tricking the router into accepting an over-the-air update. Which I suppose is limited to 1) a specific make and type of router and 2) knowing the OTA password for that router (or using a default that's not changed). So that sounds plausible for certain specific networks, not where there is a large number of different routers with different firmware and different passwords (or other security vulnerabilities).

    What is not explained at all though is how the thing jumps from router to router, and I can't really think of a way this may happen. These things normally do not communicate wiht one another, and devices normally communicate to only one router at the time. Can anyone with deeper understanding explain this?

  10. Pure BS. Nothing to see here by markgamache · · Score: 5, Funny

    This is not science or IT security, it is pure PR crackpot FUD conjecture. The "Chameleon" virus doesn't exist. Please read my paper on my fake bluetooth virus. Bluetooth is MUCH more pervasive than Wifi. More cell phones than Wifi, more cars, and about the same number of computers. In my model, they all get infected and your wireless speakers, phones and computers play "It's a Small World" 24/7 until we all go crazy. It ends a lot like 28 Days later.

  11. Re:seriously by markgamache · · Score: 2

    No, they proved they can invent made up scary data. I think this is actually stolen straight from Schneier's site. It's pure movie plot silliness. https://www.schneier.com/blog/...