We all know to look out for viruses that can be spread over the internet, or by sharing files between computers. Now, however, scientists at the University of Liverpool have shown for the first time that special viruses could move between wireless access points using existing Wi-Fi networks – as efficiently as the common cold virus spreads between people through the air.
The team computer-simulated an attack by a virus known as Chameleon, which they created. Although the virus didn't affect the functions of the access points (APs) or users' computers, it was able to access and report the credentials of all the people who were using those APs at the time. Some APs were impregnable due to encryption or password protection, but in those cases Chameleon would just move on to other more vulnerable access points.
Due to the fact that existing anti-virus software is only designed to look for viruses in computers or on the internet, the virus itself remained undetected.
The simulated attack was set in London and Belfast. Just like the cold virus spreads quicker in crowded cities, Chameleon spread faster in situations where multiple APs were located in close proximity to one another.
"Wi-Fi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus," said Prof. Alan Marshall, who took part in the study. "It was assumed, however, that it wasn’t possible to develop a virus that could attack Wi-Fi networks, but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely."
Source: University of Liverpool
I use internet banking, but it scares me rigid and I spend as little time as possible logged on to my bank.
It is surprising to find computer experts being said to have thought that such and such a thing was impossible. If the computer age has taught us anything at all it is that the so-called 'impossible' is more often than not likely to prove to be the exact opposite.
I can fully understand the pleasure hackers get from the intellectual challenge of breaking into supposedly secure systems and clearly, if given a better direction, they would make a very valuable contribution to society. Simply throwing them into jail when caught is self-defeating because it removes that talent from the labour pool. How we provide that new direction is probably the highest intellectual challenge of all. Until then, all we can do is stop deluding ourselves that anything in the world of computing is impossible.
Hacking has the real potential to destroy economies, create wars, cause serious safety problems, and ruin people's lives.