WiFi Virus Spreads Like Airborne Disease

John Lister's picture

Computer researchers have created an 'airborne' computer virus that takes advantage of WiFi (wireless Internet) routers. The point of the study is to highlight the many ways in which wireless routers are open to abuse.

The research studied wireless access points, and was completed by the University of Liverpool. Access points are electronic devices that relay information from a local wireless network to another (typically the Internet). For example: a PC or laptop connected to a wireless router (which is then connected to the Internet) would be considered an access point.

The goal of the research was to test the theory that existing security software is limited. Instead, researchers believed they could create a virus that attacks access points (such as routers), which could therefore bypass security measures installed on most PCs and mobile devices. (Source: bbc.co.uk)

Virus Targets Routers and Access Points, Not PCs

To test their theory, researchers created a virus designed to look for routers that use the default administration (admin) password.

The default admin password isn't the same password used to encrypt the data on the network, but rather the password that's needed to change default settings on the router. (Having access to the router in this way could then change or disable the password which is used to encrypt data on a network.)

Many users have not changed their default admin password, which is typically set by manufacturers to be something very obvious, such as "admin" or "password."

The virus, dubbed "Chameleon" is designed to access such routers, then install new router software, which then puts the virus in control of the router. The router then looks for another wireless network in the same area and attempts to propagate much like it would on an infected network of PCs.

Test Limited to Demonstrate Proof of Concept

The researchers did not test the virus in the real world, where it could have easily gotten out of control. Instead, they used internal testing and scanned for real locations of networks, forming a "proof of concept" to show that their invention would work.

If used, the virus could spread quickly because routers tend to be clustered in residential areas or retail locations. In other words, the router virus would spread just like an airborne illness in humans.

Internet Cafes an Excellent Propagation Point

Though only a proportion of routers use default passwords, there would be enough of them to keep the virus spreading indefinitely. In particular, it's suggested that routers in busy locations such as coffee shops often have the default password turned on.

Had the researchers used the virus outside of the controlled environment, it's possible to have taken control of routers for malicious purposes. For example, the router could have been programmed to redirect a user to a malicious website (even if a valid address was entered), or programmed to secretly remove the encryption of the network (so data could be intercepted and stolen), or similar.

To avoid anyone taking advantage of their findings, only limited details of the research is available. The researchers now plan to work on security software that can be installed on routers, rather than on computers. (Source: telegraph.co.uk)

What's Your Opinion?

Have you changed the default administration password on your router (and do you know how)? Would you feel safe in using security software designed for routers, even if the market is still new and relatively unproven? Do you think that the research described in this story is just, or does it only help to give real hackers more ideas for getting through security defenses?

Rate this article: 
Average: 4.4 (8 votes)

Comments

caffeinman's picture

It is not a secret or something that using free wifi you are at a risk of catching something that you might not be too happy to find on your computer. If you want a secure network for Internet browsing - use your own wifi and always use protection like Hotspot Shield http://softwarepuppy.com/review/Hotspot-Shield.html or UltraSurf https://ultrasurf.us/ for example. It is also great that they have come up with such a discovery, but if the scientists have created such a virus, that means that after it appeared in the news, all the hackers will try to do the same to intentionally bring damage to other computers. Now I will double check the quality and security level of the wifi that I am using. Thanks John for the article, will keep that in mind constantly.