Wi-Fi Virus

Researchers have demonstrated the first airborne Wi-Fi computer virus. The paper, by Jonny Milliken, Valerio Selis, and Alan Marshall, is “Detection and analysis of the Chameleon WiFi access point virus,” EURASIP Journal on Information Security.

Abstract: This paper analyses and proposes a novel detection strategy for the ‘Chameleon’ WiFi AP-AP virus. Previous research has considered virus construction, likely virus behaviour and propagation methods. The research here describes development of an objective measure of virus success, the impact of product susceptibility, the acceleration of infection and the growth of the physical area covered by the virus. An important conclusion of this investigation is that the connectivity between devices in the victim population is a more significant influence on virus propagation than any other factor. The work then proposes and experimentally verifies the application of a detection method for the virus. This method utilises layer 2 management frame information which can detect the attack while maintaining user privacy and user confidentiality, a key requirement in many security solutions.

Tags: , , ,

Posted on March 6, 2014 at 5:44 AM14 Comments

Comments

TIM March 6, 2014 6:18 AM

Is it most likely, that there are backdoors (as discovered in AVM, Linksys, Cisco,…) in all public wifi-routers and such a virus could be used in cyberware (drones over the enemy territory to implant trojans/viruses in networks or just to take the infrastructure offline)?

43jknf3kjnf March 6, 2014 7:54 AM

TRANSLATION: Malicious FW ROM that likely uses browser or protocol exploits or patches downloaded binaries on the fly(which given how HTTP and FTP work I doubt is the case).

I’m assuming this isn’t just a logger firmware since it’s in the news. Else boring and ignore my translation..

TIM March 6, 2014 8:31 AM

@ uh, Mike

If you suggest to put the wifi-ap into a faraday cage, then have fun with trying to connect 🙂

Or was there another intention I am not aware of?

Rick Auricchio March 6, 2014 11:36 AM

@6535: “I wonder how quickly the NSA guys will be buying this virus kit.”

No, no, you’ve got it backwards. The NSA is selling the kit overseas. How else can the US government justify all of the so-called cyberwarfare expenditures?

Brandioch Conner March 6, 2014 12:37 PM

I saw this on Slashdot the other day. A few things from that article…

The virus has been designed and practically demonstrated in a laboratory setting.

Okay. A laboratory proof-of-concept then.

Except …

This information was then used to inform an infection model to test the application of the virus in two urban environments: Belfast, Northern Ireland and London, England, with data extracted from Wigle.net.

Real world? Or not? A bit ambiguous there.

APs are considered to be connectable if their separation lies within a certain radius, varied between 10 and 50 m in the model. The model initiates the virus by infecting an AP at random to act as a seed and then calculates how many days would be required to either infect or blacklist all APs in the area.

So it is a simulation of a “virus” attack that has never been seen outside of a laboratory.

And it seems that the method of attack used (admin access over WiFi) is not that common since it is disabled by default on most WiFi routers.

So I wouldn’t be too worried about this. I’d be more concerned about the regular WiFi attacks using backdoors or worms exploiting vulnerabilities in default services.

NobodySpecial March 6, 2014 4:51 PM

@Brandioch – they demonstrated the attack on kit in the laboratory. Hopefully Kit in the laboratory works the same as kit in the field – otherwise electrical safety testing is a bit of a waste of time.

They modelled the spread of a virus mathemtically – this is generally a better approach than infecting a bunch of machines then sending out questonaires to ask people if they are infected

Buck March 6, 2014 5:53 PM

@Milford

Hilarious! 😀

Both that bug/feature from Microsoft & this little gem at the bottom of the techdirt article:

“Eventually, it should die out as Windows XP machines finally go extinct, but for now, enjoy (but don’t bother connecting) the ‘Free Public WiFi’ found in so many airports…” (Emphasis Buck’s)

(Posted: October 11th, 2010 @ 9:49AM)

Must’ve missed that one a few years ago… Thanks for the reminder! 😉 Never ceases to amaze me – the potential for widespread consequences from simple computational errors; even without the addition of malicious intent!

Brandioch Conner March 6, 2014 5:57 PM

@NobodySpecial

Hopefully Kit in the laboratory works the same as kit in the field – otherwise electrical safety testing is a bit of a waste of time.

So if any experiment ever performed had an error then every experiment ever performed is invalid?

🙂

They modelled the spread of a virus mathemtically – this is generally a better approach than infecting a bunch of machines then sending out questonaires to ask people if they are infected

The problem is that it allows their assumptions to dictate the results.

I have 3 different WiFi routers on-hand here and every one of them have admin/root access disabled over WiFi by default. That’s real-world.

Thomas March 6, 2014 8:00 PM

@Brandioch Conner

I have 3 different WiFi routers on-hand here and every one of them have admin/root access disabled over WiFi by default. That’s real-world.

You must be using a better class of WiFi router…

I’ve dealt with a bunch here, supplied by the local Telcos, and none of them had the ability to disable admin over WiFi.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.