Jump to content
House Price Crash Forum

'contagious' Wi-Fi Virus Created By Liverpool Researchers

interestrateripoff

By interestrateripoff
in The off-topic forum

Recommended Posts

0
HOLA441
interestrateripoff

interestrateripoff

Posted
Posted

http://www.bbc.co.uk/news/technology-26352439

A computer virus that can spread via wi-fi like a "common cold" has been created by researchers in Liverpool.

In densely populated areas with lots of wi-fi networks, the virus can go from network to network finding weaknesses.

Once in control of a wi-fi access point, it leaves computers on the network extremely vulnerable.

The team's lead researcher told the BBC it was working on software to prevent such attacks being possible.

"Rather than rely on people to use strong passwords, you want to integrate intrusion detection systems to the access points," said Alan Marshall, professor of communication networks at the University of Liverpool.

He would not go into detail about the methods in order to prevent the attack being used on real victims but said a proof-of-concept attack had been developed at the university.

'Under control'

The virus, dubbed Chameleon, seeks out wi-fi access points - devices that transmit the wi-fi signal, found in many homes - that have not had their admin password changed.

This password is different from the one used to log on to the wi-fi network itself, and is often left unchanged from the default setting.

Once an access point is under a hacker's control, new firmware can be installed.

Interesting I'm surprise it's taken this long to create.

However how many HPC's have changed the default password for the wifi router which is admin / password. I change mine as soon as it's plugged in.

Link to comment
Share on other sites
1
HOLA442
2
HOLA443
3
HOLA444
4
HOLA445
5
HOLA446
6
HOLA447
7
HOLA448
8
HOLA449
9
HOLA4410
MrPin

MrPin

Posted
Posted

No, that's the wireless network login password. This article is talking about the router admin password, the defaults for which can be found at http://www.routerpasswords.com/

You naughty hacker! I don't think "joe public" are taught to change these! Esp as BT seem to give out routers with unencrypted wifi, but I'm not wicked enough, although,I am sure some are! :blink:

Link to comment
Share on other sites
10
HOLA4411
Monkey

Monkey

Posted
Posted

http://127.0.0.1 or whatever the IP is of the router? Sometimes written on it, or you can google what your provider typically puts as the IP

(im quite sure it's not 127.0.0.1 but it's the only IP number I remember from my geek days, it might be your own computer actually )

Most routers ip are 192.168.1.1 or 192.168.0.1 or if your a BT customer 192.168.1.254

Link to comment
Share on other sites
11
HOLA4412
The Ayatollah Buggeri

The Ayatollah Buggeri

Posted
Posted

No, that's the wireless network login password. This article is talking about the router admin password, the defaults for which can be found at http://www.routerpasswords.com/

However, you can't even get to the router admin login screen unless you're connected to that router in the first place, and to connect to the router you need to know the wireless network login credentials.

Therefore I can't see how this virus would work if the network login had been changed from the default, but the admin password had not, unless it is introduced via a machine that is already connected. Likewise, if you use MAC filtering on your router (i.e. you configure it so that it will only accept connections from devices with a list of specific MAC addressees), that should prevent the virus from getting into the router unless it is through a machine that is already connected, even if both passwords have been left on their defaults.

That having been said, router passwords left on their defaults can be a problem. A few years ago (probably in '07 or '08), a friend of mine, who lived in a block of flats, asked me to check out why her Internet connection was slow. When I checked the list of devices connected to her router, there were something like 50! Because she was probably the only household in the block who had broadband, pretty much everyone within signal range had helped themselves to her connection. She got some hostile glares in the corridors and lift after I changed the password and set up MAC control for her...

Link to comment
Share on other sites
12
HOLA4413
fluffy666

fluffy666

Posted
Posted

You naughty hacker! I don't think "joe public" are taught to change these! Esp as BT seem to give out routers with unencrypted wifi, but I'm not wicked enough, although,I am sure some are! :blink:

Yes.. One of my neighbours has that - once when I was installing windows, it managed to auto connect and start downloading stuff before I realised..

Link to comment
Share on other sites
13
HOLA4414
Monkey

Monkey

Posted
Posted

However, you can't even get to the router admin login screen unless you're connected to that router in the first place, and to connect to the router you need to know the wireless network login credentials.

Therefore I can't see how this virus would work if the network login had been changed from the default, but the admin password had not, unless it is introduced via a machine that is already connected. Likewise, if you use MAC filtering on your router (i.e. you configure it so that it will only accept connections from devices with a list of specific MAC addressees), that should prevent the virus from getting into the router unless it is through a machine that is already connected, even if both passwords have been left on their defaults.

That having been said, router passwords left on their defaults can be a problem. A few years ago (probably in '07 or '08), a friend of mine, who lived in a block of flats, asked me to check out why her Internet connection was slow. When I checked the list of devices connected to her router, there were something like 50! Because she was probably the only household in the block who had broadband, pretty much everyone within signal range had helped themselves to her connection. She got some hostile glares in the corridors and lift after I changed the password and set up MAC control for her...

Unsecurred routers ie no wifi password, can get you access to the network. Or a brute force attack on WEP securred access points is simple, you do this from your phone now with a downloaded app

Link to comment
Share on other sites
14
HOLA4415
The Ayatollah Buggeri

The Ayatollah Buggeri

Posted
Posted

Pretty much all new routers use WPA as the default now, don't they? If you want WEP, you have to choose to downgrade in the admin settings, which I'm guessing that no-one would do unless they have a specific reason. The last few routers I've set up all used WPA (or one of the later variants thereof) by default.

Link to comment
Share on other sites
15
HOLA4416
16
HOLA4417
17
HOLA4418
18
HOLA4419
Monkey

Monkey

Posted
Posted

Pretty much all new routers use WPA as the default now, don't they? If you want WEP, you have to choose to downgrade in the admin settings, which I'm guessing that no-one would do unless they have a specific reason. The last few routers I've set up all used WPA (or one of the later variants thereof) by default.

Yes alot do, but i can show you at least 2 wifi access pointd in every mile that is totally unsecure, ie the perzon has removed/turned off security. Also i can show you people who have old access points with WEP, and other people who have new access points, but they revert back to WEP and password of an old router so they dont need to re-setup all their wireless devices

Again. Its all well and good routers commibg with security, but if people change them or turn them off then its their fault

Link to comment
Share on other sites
19
HOLA4420

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.




×
×
  • Create New...

Important Information

  I accept