Image: Ann Millspaugh/Flickr
Computer science researchers have discovered a new kind of virus that can spread through the air like the common cold. It jumps from wifi network to wifi network, allowing it to mine the credentials of all connected users. Unlike other computer viruses, this one can go airborne and find the least encrypted points in the wifi network it attacks.
It's the first instance of a virus that can move across and infect Wifi Access Points (APs) through the air. This alone makes it a significant development. Most virus protection exists on the end users' computer or mobile device. So, infecting a wifi network at its access points presents a new angle of attack for hackers, whether they be of the malicious or state variety.
Researchers from the University of Liverpool created the virus, called "Chameleon," in the lab, and simulated an attack on Belfast and London. They noted that Chameleon can spread more quickly in densely populated areas, where wifi access points are closer to one another.
"When Chameleon attacked an AP it didn’t affect how it worked, but was able to collect and report the credentials of all other wifi users who connected to it," said Alan Marshall, a network security professor at the university in a news release this week. "The virus then sought out other wifi APs that it could connect to and infect.
The researchers are now developing software to plug the security hole. But this kind of airborne wifi virus could present a real problem for wireless mesh networks, especially in regions of civil strife.
"There's no doubt Chameleon-like virus could expose protestors and activists using wireless mesh network."
Mesh networks, originally developed for military use, utilize wireless access points to create an ad hoc internet, allowing users to avoid sending communications through a centralized internet service provider or telephone company.
Though Chameleon wouldn't bring down a mesh network itself, it could expose mesh network users to hackers, who could then intercept communications. Monitoring mesh network traffic requires direct access, and Chameleon does just that. If Marshall and his fellow researchers could create an airborne wifi virus, then who is to say that state-supported hackers in Venezuela, Ukraine or anywhere else—even in the US—couldn't develop something similar, or haven't done so already?
I talked to security expert Anton Kapela of 5Nines, who said he wasn't surprised by the researchers' discovery, noting that access points have long been vulnerable. "Twelve years ago when ATT (then SBC/Ameritech) started giving away wifi access points inside the ADSL modems, preconfigured with WEP [an easily broken wireless security standard], and enabled by default, I had a very strong suspicion it wasn't for noble purposes," said Kapela. "Of course, people quickly realized that the WEP keys were generated weakly, and simple lists to brute force or re-create the proper key emerged quickly."
Kapela said that there are now cities full of wifi that only "miscreants" can really hop around. "Find a few exploits for the embedded OS of these WikFi/ADSL routers, and sure, you can create some ill shit on top of that," he added. "It's all open to exploitation, and I would wager the result set is unlimited. You realize hardly any of this shit gets thoroughly tested."
Mesh networks are similarly vulnerable, Kapela said, and Chameleon would be just one way of going about exploiting that.
Another potential way would be if an attacker compromised a personal laptop in someone's home and used that access to hack into the home's wifi router, and then the virus could compromise other wifi routers in the neighborhood. So explained Ron Gula, CEO of Tenable Network Security and a former NSA researcher.
"All the homes in a neighborhood may have their own wifi routers and you can see the SSIDs of those routers when you look at your wifi settings," said Gula. "The SSID password keeps you from choosing any router, but many routers have vulnerabilities that make them directly exploitable through the wifi signal and perhaps not from an attack over the IP portion of the Internet."
In a densely packed metropolitan area like Caracas, where internet blackouts might require mesh networks to communicate, the virus could spread like wildfire and protesters would be none the wiser, giving the advantage back to the surveillance state.
"There's no doubt that a Chameleon-like virus could expose protestors and activists using wireless mesh network," said Sina Khanifar of Taskforce.is and StopWatch.us. "In particular, if a virus were written that could use both user's computers and the access points themselves to spread, it could easily take over both mesh and static networks quickly." Khanifar also noted that even using different passwords for different access points would be rendered moot in such a case.
Granted, mesh networks couldn't fully prevent monitoring nor provide pure anonymity before the creation of Chameleon. But, the development of the virus should serve as motivation to develop new, improved, and highly encrypted mesh networks. This should be undertaken not just for poor, underdeveloped areas, or rebels in countries embroiled in civil war, but for anyone who wants an alternative to the centralized, ISP-dominated system that serves up bulk user data on a plate for the NSA and other spy agencies globally.