Researchers from the University's School of Electrical Engineering, Electronics and Computer Science have designed an attack and simulated it in a laboratory setting. They say that it behaved like an airborne virus, "travelling across the Wi-Fi network via Access Points (APs) that connect households and businesses to WiFi networks".
The virus was able to avoid detection, apparently, as current detection systems look for viruses that are present on the Internet or computers, says the university. But "Chameleon" was only ever present in the Wi-Fi network itself.
Where access points (AP) were sufficiently encrypted and password protected, the virus simply moved on to find those which weren't strongly protected, including open access Wi-Fi points commonly found in locations such as coffee shops and airports.
"When Chameleon attacked an AP it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it," said Alan Marshall, Professor of Network Security at the University.
"The virus then sought out other Wi-Fi APs that it could connect to and infect."
The research is published in EURASIP Journal on Information Security.