Many Wireless Security Breaches Reported At (RSA) Security Conference

Ian G iang at systemics.com
Fri Feb 18 13:23:51 EST 2005 

(As I've said many times, security breaches reported at
conferences full of security people don't count as a
predictor of what's out in the real world as a threat.
But, it makes for interesting reading and establishes
some metric on the ease of the attack.  iang)



http://www.mobilepipeline.com/showArticle.jhtml?articleID=60401970

February 18, 2005

 Many Wireless Security Breaches Reported At Security Conference 

By Mobile Pipeline Staff

There were 32 "Evil Twin" attacks and many other types of security 
breaches aimed at Wi-Fi users of the recently-concluded RSA security 
conference, wireless security vendor AirDefense claimed Thursday.

In an Evil Twin attack, hackers set up bogus access points and try to 
get nearby wireless users to log on either. Then, they can steal 
information that the user transmits The use of this method of attack 
marks a significant shift in how eavesdroppers and hackers are trying to 
steal information from wireless LAN users, according to the company.


"Rather than simply scanning for and identifying access points, people 
are now imitating access points," Richard Rushing, AirDefense's chief 
security officer, said in a statement. "The same holds true for identity 
theft -- hackers have realized the value is in trying to become the 
access point or station, not merely finding one."


AirDefense regularly monitors the airwaves at industry conferences and 
reports the results afterwards. The company noted that the conference 
organizers made extraordinary efforts to provide secure wireless access, 
including as issuing digital credentials for accessing the wireless 
network used at the conference.


AirDefense acknowledged that the efforts made the conference's wireless 
network secure, but that didn't mean individual users were secure. 
That's because hackers were probing individual users' wireless profiles 
on their laptops, which list previously-used wireless networks. The 
hackers could then use the names of those networks to launch Evil Twin 
attacks.


"We cannot stress how important it is for wireless users to clear their 
profile of access points on a regular basis," Rushing said. "Wireless, 
by design, will always connect with the strongest signal, even if that 
means abandoning a secure connection."


The Evil Twin attacks mimicked networks such as T-Mobile's and Wayport's 
networks of public Wi-Fi hotspots. That meant that some users who 
previously had accessed those networks were automatically logged on to 
the bogus versions of those networks.


In addition, AirDefense noted that it detected other types of attacks at 
the conference. Specifically, it sand it found 116 attempts to spoof MAC 
addresses and 45 denial-of-service attacks against access points. It 
also found 28 unauthorized access points connected to the conference's 
wireless LAN. The unauthorized access points drew a lot of traffic, the 
company said.

-- 
News and views on what matters in finance+crypto:
        http://financialcryptography.com/


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list