If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(ScienceBlog)   Airborne Wi-Fi virus spreads like common cold. Thank goodness I practice safe sext   (scienceblog.com) divider line 24
    More: Interesting, Wi-Fi, virus, chameleons, University of Liverpool, access points, School of Computer Science  
•       •       •

3133 clicks; posted to Geek » on 26 Feb 2014 at 4:53 PM (31 weeks ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



24 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2014-02-26 05:02:54 PM
Article basically devoid of any useful information. Where does this software even reside? it says it's "only ever present in the WiFi network", meaning...the APs themselves? Does it require installing tainted firmware on the access point to get the ball rolling, or can a user infect an AP with a client? Does a simple WEP key prevent propagation, or does it require something stronger?

This sounds like it was written so to be understood by my mother.
 
2014-02-26 05:03:17 PM
It's a router virus infecting the firmware of the routers. We can't have a virus live in the WiFi. Yet.
 
2014-02-26 05:06:59 PM
Everybody just QAM down.
 
2014-02-26 05:09:49 PM

aelat: Article basically devoid of any useful information. Where does this software even reside? it says it's "only ever present in the WiFi network", meaning...the APs themselves? Does it require installing tainted firmware on the access point to get the ball rolling, or can a user infect an AP with a client? Does a simple WEP key prevent propagation, or does it require something stronger?

This sounds like it was written so to be understood by my mother.


Given that it's a shiatty blog, it probably was.

If you want details, read the original paper. The Forbes article has a link.
 
2014-02-26 05:14:44 PM
And here I thought it was going to be about the mass hysteria some experience regarding wifi making them sick.
 
2014-02-26 05:25:24 PM
Prolly in the web gui thingy.
 
2014-02-26 05:27:19 PM
I thought it was going to be about those fizzy orange tablets you use when you are about to go out into crowded areas, so you can fight off whatever Andromeda Strain you might get breathe'd on you from some dumb sap.
 
2014-02-26 05:45:30 PM
If the virus ever did happen to hit on a WiFi spot that was properly protected, it just moved on to one that wasn't

Move along, nothing to see here!
 
2014-02-26 05:53:43 PM
neat read, but i only seeing this being actually effective against consumer grade networks.
Be it to a cloud based  provisioning system in a VC model or to a dedicated controller, even WAN style branded networks such as McDs of Starbucks are monitored per AP based on MAC/serial. If one goes down, it is investigated until it goes back up. The chameleon node would be identified PDQ , especially if attached on the internal network, and WIDS turned on the legitimate AP could be used to drown it out.
 
2014-02-26 06:11:23 PM
static1.wikia.nocookie.net
 
2014-02-26 06:27:25 PM

AgentPothead: It's a router virus infecting the firmware of the routers. We can't have a virus live in the WiFi. Yet.


This.

I'm surprised the didn't even mention the word router in the article.

This is most likely how it all goes down.
http://www.youtube.com/watch?v=stnJiPBIM6o
 
2014-02-26 06:37:57 PM

aelat: Does a simple WEP key prevent propagation, or does it require something stronger?


WEP is so weak, it'd be like securing your house by flipping that toggle on the screen door latch.

Now maybe the researchers didn't add WEP breaking to their PoC code, but WEP is so poor a protection it's not a big leap to expect it it developed in short order if it became malware.

WEP APs are not much more than motive test.  Like using a credit card to slip a latch.  There was something blocking you, but you needed to take positive although trivial actions to get through it.  So if you do it, you are breaking and entering.  Likewise if you hack WEP, you a breaking and entering into that network.

I was kind of shocked when AT&T rented out a WEP only AP to my work when they got a DSL line.  Yes.  That AP only supported WEP.   That's OK, it gave me something I could ethically try out Aircrack on.

It took less than a few seconds.
 
2014-02-26 06:56:06 PM

meat0918: And here I thought it was going to be about the mass hysteria some experience regarding wifi making them sick.


Just wait until it gets picked up by Fox News.
 
2014-02-26 07:09:56 PM
This isn't news. It is a bit of code that knows default admin logins which can stick itself into completely unprotected routers/APs. It also appears capable of jumping to other APs by bridging if that other AP is also completely unsecured.
 
2014-02-26 07:44:55 PM
HYPOTHETICAL virus. They just modeled the propagation of a virus with these properties. A real virus would have to be compatible with the many embedded systems used across the spectrum of wifi gear. The numerous systems in use are a type of protection, and a some level we need to keep them diverse.
 
2014-02-26 07:46:46 PM
 
NFA [TotalFark]
2014-02-26 07:57:38 PM

sinanju: Everybody just QAM down.


media.giphy.com
 
2014-02-26 09:07:08 PM
If D.A.R.Y.L. dies, we riot.
 
2014-02-26 09:11:17 PM
Need cell phone condom
 
2014-02-26 11:28:12 PM
Two weeks later a pair of morning talk shows host.....

img.fark.net
 
2014-02-27 06:11:04 AM

ArcadianRefugee: aelat: Article basically devoid of any useful information. Where does this software even reside? it says it's "only ever present in the WiFi network", meaning...the APs themselves? Does it require installing tainted firmware on the access point to get the ball rolling, or can a user infect an AP with a client? Does a simple WEP key prevent propagation, or does it require something stronger?

This sounds like it was written so to be understood by my mother.

Given that it's a shiatty blog, it probably was.

If you want details, read the original paper. The Forbes article has a link.


Interesting read.

"the 'Chameleon' attack, perpetrated by the Chameleon virus. This attack replaces the firmware of an existing AP and masquerades the outward facing credentials. Thus, all visible and physical attributes are copied and there is no significant change in traffic volume or location information.  "

It looks like it looks for a vulnerable AP, does a firmware upgrade on it to a compromised version, then sits in the background searching for other vulnerable AP's within range and trying to take them over as well.

I suspect that the AP's they used in their lab were something like DD-WRT or other such custom linux based replacement firmwares.

It's an interesting idea in theory,  it could be a pretty cloudy based virus.  Obviously different routers have different firmwares and will have different back doors, so having a static package for the virus would be inpractical.  As most of the AP's however will have internet access they could scan the local area, see whats out there, report back MACs and or versions, then get an update on how to attack each node.
 
2014-02-27 06:29:29 AM
My Wi-Fi gave me pinkeye.
 
2014-02-27 02:59:55 PM
Pinko_Commie : I suspect that the AP's they used in their lab were something like DD-WRT or other such custom linux based replacement firmwares.

They're not exploiting a security hole, they're going after routers that have no security on them at all.

If the virus ever did happen to hit on a WiFi spot that was properly protected, it just moved on to one that wasn't

Someone who takes the time to learn how to flash their router firmware and install alternate firmware ... is also going to secure it (in fact, better security is one of the reasons people get rid of the stock router firmware in the first place).

With an insecure router, someone can associate with it, then access the firmware update page. You can take over a router like this with your web browser

... the virus just does it automatically

In short, they left the car door unlocked with valuables clearly visible in the front seat.
 
2014-02-27 07:02:28 PM

lordargent: Pinko_Commie : I suspect that the AP's they used in their lab were something like DD-WRT or other such custom linux based replacement firmwares.

They're not exploiting a security hole, they're going after routers that have no security on them at all.

If the virus ever did happen to hit on a WiFi spot that was properly protected, it just moved on to one that wasn't

Someone who takes the time to learn how to flash their router firmware and install alternate firmware ... is also going to secure it (in fact, better security is one of the reasons people get rid of the stock router firmware in the first place).

With an insecure router, someone can associate with it, then access the firmware update page. You can take over a router like this with your web browser

... the virus just does it automatically

In short, they left the car door unlocked with valuables clearly visible in the front seat.


I mean because it's a PoC, so they've got to be able to easily produce the modified firmware. DD-WRT is ideal as they can prove the concept fairly easily, they can easily control which of their test hardware can be infected and which can't.
 
Displayed 24 of 24 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »






Report