RESEARCHERS at the University of Liverpool have demonstrated a computer virus that can be transmitted through WiFi networks.
The virus can move like a human infection through WiFi access points (APs), with its spread through populated areas likened to that of a common cold.
The Chameleon virus was tested in a controlled environment and is capable of avoiding detection and finding weak points in WiFi encryption.
Alan Marshall, professor of Network Security at the University of Liverpool, said, "When Chameleon attacked an AP it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect."
This means that even a protected computer can be compromised if it innocently connects to an infected WiFi network AP. Because the virus only exists on the network, rather than the computer itself, open hotspots are particularly vulnerable.
In heavily populated areas with APs in close proximity, the virus could propagate extremely quickly, with the optimum range being among APs in a 10m to 50m radius.
Marshall continued, "It was assumed, however, that it wasn't possible to develop a virus that could attack WiFi networks, but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely."
In Hollywood terms, it works like the release of a vial of infectious virus that looks for people who are not wearing gas masks and turns them into zombies. This gives us an idea for a summer blockbuster movie.
Malware spread by conventional means has been a never-ending battle. Nokia this week claimed that nine percent of Android apps it tested for its Nokia X device contained one or more viruses, while institutions including the NHS have been recent victims of computer malware attacks. Now, malware can be airborne and the game could change. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted