'Contagious' wi-fi virus created by Liverpool researchers

Wi-fi users in a cafe Networks most at threat are small businesses and home users, researchers said

Related Stories

A computer virus that can spread via wi-fi like a "common cold" has been created by researchers in Liverpool.

In densely populated areas with lots of wi-fi networks, the virus can go from network to network finding weaknesses.

Once in control of a wi-fi access point, it leaves computers on the network extremely vulnerable.

The team's lead researcher told the BBC it was working on software to prevent such attacks being possible.

"Rather than rely on people to use strong passwords, you want to integrate intrusion detection systems to the access points," said Alan Marshall, professor of communication networks at the University of Liverpool.

He would not go into detail about the methods in order to prevent the attack being used on real victims but said a proof-of-concept attack had been developed at the university.

'Under control'

The virus, dubbed Chameleon, seeks out wi-fi access points - devices that transmit the wi-fi signal, found in many homes - that have not had their admin password changed.

Girl surfing on a laptop Many people do not change their wi-fi admin password

This password is different from the one used to log on to the wi-fi network itself, and is often left unchanged from the default setting.

Once an access point is under a hacker's control, new firmware can be installed.

"So it's now under our control," explained Prof Marshall.

"Once you do that you can then do other things with it. You can recover passwords, steal data - anything you want."

Spreading out

But it is the next step of the virus that is most unusual.

Once installed on one access point, the virus can - without being controlled by a human - automatically seek out other vulnerable access points, taking them over as and when they are found.

Prof Marshall told the BBC that this was unlikely to be a threat to big business wi-fi networks, which should have enhanced security in place.

However, networks in homes, or at small premises like coffee shops, are typically found with less stringent protection measures in place.

Now that his team has demonstrated the threat, Prof Marshall said attention would turn to creating a product that could be installed in wi-fi access points to prevent this kind of hijacking - without requiring the user to take responsibility.

Follow Dave Lee on Twitter @DaveLeeBBC

More on This Story

Related Stories

More Technology stories


Features & Analysis

BBC Future

(US Navy)

The world’s noisiest spy plane

The Soviet giant that still soldiers on


  • BatteriesClick Watch

    More power to your phone - the lithium-ion batteries that could last twice as long

Try our new site and tell us what you think. Learn more
Take me there

Copyright © 2015 BBC. The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.