The diversity in malware and virus attributes is huge. New techniques are being invented all the time. Just a few months ago Hacking with Inaudible Sounds was demonstrated. Now there is Chameleon, a contagious virus that skips in between Wireless Access Points.
Researchers at the University of Liverpool in the UK conducted a unique research trying to infect Wireless Access Points. This revolutionary virus can potentially spread without the hacker’s intervention just like the common cold spreads between humans.
The proof-of-concept showed that the Chameleon can self-propagate over WiFi networks from AP to AP, without affecting the working of the stations or creating traffic overloading. The good news – the Chameleon is still in “beta stage” and needs more polishing.
Chameleon’s principal operation stages are as follows:
1 – Establish a list susceptible Access Points within the current location.
2 – Bypass any encryption security on the Access Point (AP).
3 – Bypass the administrative interface on the Access Point (AP).
4 – Identify and store the Access Point (AP) system settings.
5 – Install infected firmware onto the vulnerable Access Points.
6 – Reload the victim AP system settings.
7 – Propagate virus (return to Stage 1).
This kind of wireless virus has numerous advantages over the traditional wired ones due to easy propagation and ability to contaminate nodes that are not connected to the backbone internet. Also, detecting this kind of virus is more challenging, requiring the use of WiFi frames. But as mentioned earlier, Chameleon is still its infant stage.
In the meanwhile, CISOs and InfoSec executives must take appropriate steps to avoid WiFi related exploits and also be prepared for the future outbreak of the Chameleon virus:
- Strict Bring Your Own Device (BYOD) policies should be in place, including an effective and practical list of “dos and don’ts” all workers must follow.
- Implement an Enterprise App Store with a safe list of apps available for download. Keep in mind that Free Apps are usually less safe than Paid Ones.
- The WiFi access at the workplace must be encrypted and protected with a strong password that should not be given out to visitors/strangers.
The latest WiFi virus has already been implemented in laboratory environment and it’s only a matter of time before we see it contaminating devices and whole networks. Having strict BYOD policies along with strongly encrypted WiFi Access Points in all workplaces is highly recommended. InfoSec is an evolving challenge and must not be taken lightly.
Source – University of Liverpool Study