Most of us have some kind of anti-virus and intrusion detection system on our home and business computers. (If you don’t, you should!) These systems work to prevent intrusions on our systems. We run them on workstations and servers and trust them to protect our networks against certain types of threats. But our embedded systems are seldom – if ever – protected.
One of the most critical “embedded” systems in our organizations is the Wi-Fi router. That router/access point connects a wireless network to a wired network. Many, or perhaps most, of these access points are now susceptible to a virus named Chameleon. The virus lives in the firmware (embedded software) of the access point. The virus uses the wireless feature of the access points to propagate itself to other access points. The threat is particularly serious in public Wi-Fi environments. However, in many organizations users have installed “rogue” access points – APs not provided by the organization. If these APs are infected, the infection can spread to other APs in the organization.
The goal of the Chameleon virus is to masquerade login credentials. Perhaps a variant could steal other information sent over the Wi-Fi network. Many Wi-Fi routers can filter content in various ways so if that part of the firmware could be accessed, all sorts of information could conceivably be captured. What if free wireless access in an entire metro area could be compromised? Or what if the network could be shut down at will?
Fortunately, readers of this blog and those who have taken Learning Tree Course 468, System and Network Security Introduction understand the importance of encrypting important communications. This may be as simple as accessing all web pages using https or using a VPN (virtual private network) to tunnel all traffic. But few of us suspect that an integral component of our networks may indeed be a point of compromise and so we often feel safer when on a corporate network or other private Wi-Fi net.
If this sounds a bit scary, it is. Fortunately, the Chameleon virus is only really a technology demonstration, a proof-of-concept. Its goal is to study the action of such viruses and to help find ways to protect against them. The paper from the University of Liverpool describes a lot more about the virus and how it works. This is important research and it will be interesting to see what changes in protecting access points and other imbedded systems it leads to. If you have any thoughts on this, let us know in the comments below.