Can you please tell me more about the Chameleon malware, including how to detect it and how to keep Wi-Fi access...
points safe from it?
Researchers from the University of Liverpool developed a new proof-of-concept malware called Chameleon to demonstrate malware that spreads via wireless access points (WAPs). Chameleon reportedly spreads over the air by attacking insecurely configured WAPs. Once an access point is compromised, Chameleon captures unencrypted network traffic to gather usernames and passwords and scans other wireless networks for insecure configurations.
Chameleon was designed to highlight some of the vulnerabilities of wireless networks in high-density cities where biological viruses spread faster because of their close proximity to other vulnerable hosts. The basic functionality of the Chameleon malware could be extended in a modular way to add other functionality or exploits, such as other modern malware features.
Chameleon exploits some of the same insecure configurations as Firesheep, and many of the same protections against Firesheep can work against Chameleon. Using an encrypted wireless network and an encrypted IP network connection will protect users against Chameleon. Securely configuring wireless access points will also help boost an enterprise's wireless network safety. Additionally, scanning and removing insecure wireless access points will prevent these types of attacks.
Most enterprises are at minimal risk of being hit by the Chameleon malware or something like it, due to the fact that they largely have deployed wireless networks using encryption. Nevertheless, a new version of Chameleon could be released with support for attacking encrypted networks or against common enterprise wireless access point products, putting seemingly safe enterprises at higher risk.
The standard advice -- improving wireless access point security by not allowing enterprise employees to use insecure wireless networks -- will prove to hold true in this scenario.
Ask the Expert!
Perplexed about enterprise security? Send Nick Lewis your questions today! (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading
Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these ... Continue Reading