The team of reserchers at the University of Liverpool designed a virus called "Chameleon” and simulated an attack. Chameleon behaved like an airborne virus, travelling across the WiFi network via Access Points (APs) that connect households and businesses to WiFi networks. It was able to avoid detection and identify the points at which WiFi access is least protected by encryption and passwords. Whilst many APs are sufficiently encrypted and password protected, the virus simply moved on to find those which weren't strongly protected including open access WiFi points common in locations such as coffee shops and airports.
Alan Marshall, Professor of Network Security at the University: "When Chameleon attacked an AP it didn't affect how it worked, but was able to collect and report the credentials of all other WiFi users who connected to it. The virus then sought out other WiFi APs that it could connect to and infect.(...) WiFi connections are increasingly a target for computer hackers because of well-documented security vulnerabilities, which make it difficult to detect and defend against a virus. (…) It was assumed, however, that it wasn't possible to develop a virus that could attack WiFi networks but we demonstrated that this is possible and that it can spread quickly. We are now able to use the data generated from this study to develop a new technique to identify when an attack is likely."
Read the full paper: Detection and analysis of the Chameleon WiFi access point virus