Skip to comments.First contagious WiFi computer virus goes airborne...
Posted on 02/25/2014 4:20:00 PM PST by overdog2
Computer science researchers have demonstrated for the first time how a digital virus can go airborne and spread via WiFi networks in populated areas at the same pace as a human diseases.
The Chameleon virus, designed by a University of Liverpool team, showed a remarkable amount of intelligence by avoiding detection and breaking into personal and business WiFi networks at their weakest points spreading at an alarming rate.
Network Security Professor Alan Marshall said the virus doesnt try to damage or disrupt established networks instead, the virus slips in unnoticed to collect the data and log-in information of all users connected to the network via WiFi, and seeks other WiFi networks through them a much more subtle, sinister and dangerous objective.
WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus, Marshall said in a ScienceBlog report. It was assumed, however, that it wasnt possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly.
The secret to Chameleon is the method by which it avoids detection. Traditional computer antivirus programs look for viruses present on computers and the Internet itself. Chameleon sticks strictly to WiFi networks, bypassing secured, more heavily encrypted networks to enter and spread through weaker ones especially free public access points like those found in cafes, on trains and in airports.
A lab experiment by the Universitys School of Computer Science and Electrical Engineering and Electronics simulated what researchers likened to an airborne contagion attack against Belfast and London, entering WiFi access points that connect public and private networks to the Internet.
The virus traveled fastest across access points within a 160 feet or less of each other, following similar rates of human infection by viruses among more densely populated areas.
We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely, Marshall said.
Read more: http://dailycaller.com/2014/02/25/first-contagious-wifi-computer-virus-goes-airborne-spreads-like-the-common-cold/#ixzz2uNlgLr2c
30 percent of IT professionals and 46 percent of employees do not change the default administrator password on their wireless routers. With access to the configuration interface, attackers can easily compromise the device.
55 percent of IT professionals and 85 percent of employees do not change the default Internet Protocol (IP) address on their wireless routers, making Cross-Site Request Forgery (CSRF) attacks much easier for cyberattackers.
43 percent of IT professionals and 54 percent of employees use Wi-Fi Protected Setup (WPS) an insecure standard that makes it simple for attackers to discover a routers encryption passphrase, regardless of its complexity or strength.
52 percent of IT professionals and 59 percent of employees have not updated the firmware on their routers to the latest version, so even when security updates from router vendors are available, most users do not receive the additional protection
So, how well do MAC address restricted WiFi routers do on security?
They'll do this to off load traffic from their cell networks onto free WiFi.
Saves them a buncho bucks.
Liverpool? Can we call it the Beatles Virus?
Today many phones auto switch off the wifi and put you back on the pay network without you suspecting. $$
Am saying this in jest everyone ... Once more am saying this in jest ... Should a mutation occur and the computer virus manifests itself into being transmitted between humans, look for human brains to short circuit. Since the virus looks for the weak points of entry, the low information voters are at most risk of brain short circuits and infestations.
MAC addresses can very easily be spoofed. It is not a preferred method to proper hardening, but then when it comes to wireless, nothing is.
Your best level of security is to not have wireless at all. If that’s not an option, using RADIUS for authentication and preferably using 2FA (2-factor authentication) where the machine has to have a certificate AND a password is required is the best security for a wireless network. Since that’s incredibly complex for a home user, just changing the router password, changing the IP address (preferably to a class A or B), turning off WPS (it’s a shortcut, of course it’s susceptible), and using WPA2 with AES encryption is your best bet.
Again, nothing is foolproof, but this will stop over 95% of attack attempts. If someone really wants to get into a home user’s network, even my own, they could do it. It’s a level-of-effort thing.
If the congress had any sense, they would make IT Security one of their top priorities.
It was instantly covered up by Them, of course...
Can’t be true Bill. That lady is too pretty to be a liberal.
> MAC addresses can very easily be spoofed. It is not a preferred method to proper hardening, but then when it comes to wireless, nothing is.
I don’t ordinarily use wifi. I just have a pc, and a Nook Simple Touch (ebook reader) rooted to do some tablet things (which I ordinarily keep with the wifi turned off, and don’t use to purchase books on the net). My router allows wifi access only to those two MAC addresses. How would anyone else get in? Wouldn’t they have to produce a large number of MAC addresses until one matched one of the two my router allows, and then have to do the same thing to match the password — all while still within range of my router? I doubt that any of the few neighbors within range of my router is doing that.
I don’t use my pseudo-tablet at public sites, but I’m curious to know if that can that be done there with hacking software in just a matter of minutes? It seems to me that router protection software ought to spot systematic attempts to produce a wide range of MAC addresses or wide range of passwords within a short time, and be able to stop access temporarily and give a warning.
[I have almost no knowledge in this area, though, and am just speculating.]
Thanks. I’ll have a look.
When your tablet or any other wireless device first connects to your router, there’s a good deal of handshaking that occurs before access is granted. Any competent network hacker could sniff a few of the packets that transmit between your device and your router and extract the MAC address from the headers. If that’s the the ONLY protection you have, they can now spoof your MAC address and gain access to your device. MAC address spoofing is really not difficult, and there are publicly-available tools to do it on the Internet.
What you’re describing is what my network engineer buddy calls “MAC splat” where a device just spams an AP with MAC traffic if that’s the only thing keeping the device off the network. MOST APs, even consumer-grade, have DDOS protections that would log these attempts and block the originator for minutes or hours, depending on the setting.
If you have other safeguards in place such as WPA2 AES encryption, hidden SSID, and you’ve turned off things such as WPS, then you’re as safe as you will ever be without configuring additional authentication infrastructure. Just remember that all of the negotiation process happens in clear text, so if you’re connecting to a wireless device for the first time, know that information such as your MAC address is being distributed in the handshaking packets, and there’s really little you can do about it.
Thanks for the further information.
> ...could sniff a few of the packets that transmit between your device and your router and extract the MAC address from the headers.
I didn’t think about that address too being transmitted through the air. Obviously it would have to be.
> If you have other safeguards in place such as WPA2 AES encryption, hidden SSID, and youve turned off things such as WPS...
I do have that encryption, and had turned off WPS after reading about problems with that previously. I notice that I have SSID Broadcast enabled, but I’ll disable it. Thanks.
SSID broadcast is one of the simplest “safeguards” to implement. It keeps ne’er-do-wells from trying to even connect; however, bear in mind that even though the SSID is hidden, most operating systems will recognize that the AP exists but no other data will be shown. The SSID, too, is transmitted when making a wireless connection, so if someone really wanted to figure out your SSID, they could.
Also consider doing a “wireless survey” in your home. Take your favorite wireless device and walk around outside your home to see how far your wireless signal goes. I recommend to most people that if your wireless signal can be seen/accessed from the streets around your home, then someone could sit in a car/van and try to access it undetected. There are ways to “turn down” your wireless power but only if you install a firmware replacement such as DD-WRT.
Just food for thought. Feel free to FReep mail me if you have other questions.
Lots of good information. Thanks.