Forget Heartbleed, Is This The Next Cyber Scare?

As security experts are fumbling to fix Heartbleed, they’re already figuring out how to weather the next security storm.

There’s a new threat to cyber security. But unlike the Heartbleed virus, which may have gone undetected since Gangnam Style first went viral, it seems this time the good guys found the security flaw before the bad guys had the chance to exploit it.

obama

Scientists at the University of Liverpool in the U.K. have demonstrated that it’s possible for a computer virus to be airborne and transmitted via the radio waves of Wi-Fi. They showed that it could spread from one network to another via Access Points (APs) by avoiding detection. They recently reported their creation in the journal EURASIP Journal on Information Security.

“it’s a ripe area to explore what the bad guys could do with it — we wanted to get there first”

Such a virus would have the potential to transmit rapidly in urban areas, where APs and WiFi networks overlap more frequently. The virus would be able to propagate and infect new WiFi hotspots as efficiently as the common cold, say its creators.

So why did they make it? “Wi-Fi is ubiquitous now, so it’s a ripe area to explore what the bad guys could do with it — we wanted to get there first,” said Alan Marshall. You may be surprised to learn that until now it was thought to be impossible for a computer virus to spread in such a manner, and as a consequence most security measures only look on the device itself or to the Internet for a potential breach in security, “but there’s actually a third place: the interplay between the computer and the Internet — that’s the Wi-Fi,” said Marshall.

“I would think of this more like the ‘reinvention’ of the USB as a method of infection”

“This is an interesting idea because LAN security is much worse than Internet security,” said Benjamin Caudill from Rhino Security Labs, a consultancy firm that helps defend businesses from expert hackers. “I would think of this more like the ‘reinvention’ of the USB as a method of infection,” he said. In 2014 networks are everything and it would make sense that “attacks are aimed at the infrastructure that’s connecting it all,” he added.

This new strain of virus offers a rare opportunity for cyber security experts like Caudill to be proactive instead of reactive to threats. They could have effective measures in place before a hacker manages to recreate Marshall’s Wi-Fi virus.

Marshall is quick to reassure, pointing out that he is optimistic the Wi-Fi virus can be contained and quarantined. “Large corporations and ISPs will check their access points and MacAfee will likely implement a detection method,” he said, pointing out that public Wi-Fi hotspots will remain secure.

“If it was happening now, you’d hear about it — servers would go down.” In the time being, ISPs and access point manufacturers can now start incorporating security measures.

Comments