RSA: Attendees fail on security

More than half of the wireless LAN devices being used at this week’s RSA Conference on information security are themselves unsecured.

That means that the network security experts charged with protecting enterprise data aren’t even protecting their own.

The rather startling finding is the result of two days of WLAN traffic scanning by wireless security vendor AirDefense. On the first two days of the conference, AirDefense monitors found that more than half of the wireless devices on the conference network were vulnerable to two classes of attacks.

One is the “Evil Twin” attack, in which the attacker tricks a victim into wirelessly connecting to a laptop or PDA posing as a legitimate access point or hotspot. The second class was various “Zero Day” attacks, which exploit newly found software flaws, in applications like Internet Explorer, that haven’t yet been fixed by the vendor, or patched by the user.

On Day One, Tuesday, 347 of 623, or 56 percent, laptops and PDAs were vulnerable. On the second day, almost the same percentage, 57 percent, were vulnerable, but the numbers were higher: 481 of 847 devices.

In a statement, AirDefense CSO Richard Rushing said the vulnerabilities were not the fault of the conference network, which he praised as being secured “as well or better than most standard corporate networks.”

On Day One of the monitoring, AirDefense found 70 devices using peer-to-peer connections by means of common SSIDs, or network names, such as “Free Internet Access” and “Linksys.” On Day Two, the number rose to 87.

The monitoring found 30 devices pretending to be access points, and two of these pretending to be access points on the conference network. One of the two even had a self-sign certificate to mimic the conference authentication server. Five others were masquerading as common hotspots, with names such as “tmobile,” “IBAHN” and several local hotels.

On Day One, there were 57 denial-of-service attacks, including de-authenticating clients and jamming transmissions. That jumped to 85 on Day Two.

The airwaves were being regularly and repeatedly scanned for access points by attendees. Forty-five devices on the network had altered media access control addresses, apparently in an effort to hide the identity of the device. On Day Two, AirDefense reported, the tools used in the attacks were more sophisticated.

QuickLink: 079141

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now