Computer scientists at the University of Liverpool designed and simulated an attack by a virus they dubbed "Chameleon" and found not only could it spread quickly between homes and businesses but it was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords, the university reported Tuesday.
It behaved like an airborne virus, they said, moving across a WiFi network via Access Points that connect households and businesses to WiFi networks.
Densely populated areas have more Access Points in close proximity, allowing the virus to propagate more quickly, the researchers said.
"When 'Chameleon' attacked an AP it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it," network security Professor Alan Marshall said. "The virus then sought out other WiFi APs that it could connect to and infect."
While many APs are sufficiently encrypted and password protected, the virus simply moved on to find less-protected ones, including open access WiFi points common in locations such as coffee shops and airports, the researchers said.
"WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities," Marshall said, "which make it difficult to detect and defend against a virus."