RSA Attendees Responsible for Wireless Vulnerability
Air Defense Inc., the firm providing wireless security examined the wireless LAN traffic at the RSA Conference from its show floor. The conference at San Francisco is a leading information security conference in the world. The company released its results after monitoring the wireless airwave at the Conference.
It indicated that of 623 wireless devices at the RSA Conference, nearly 56% were vulnerable to attacks. But according to the company, the responsibility of this potential risk lies with the users, not the organizer of the conference.
There were seven bogus networks, as per the study. Two of them masqueraded as the authorized network of the conference and one carried a forged security certificate. The certificate implies a server-side certificate that provides 802.1X authentication.
On the second day of the conference, the study found 847 networks, 481 of which exposed themselves to evil twins. "Evil Twins" are phishing scams in wireless form where an attacker pretending to be an authentic hotspot applies the technique to entice victims to connect to a laptop or PDA.
On the same day, AirDefense found DoS (denial of service) attacks to shoot up. There were about 85 such attacks. They involved CTS (clear to send), which compels other stations to withhold transmissions; de-authenticate, which compels clients to reconnect causing jamming of traffic. Out of 2,017 wireless devices, 1,137 were susceptible to compromise during the three-day period.
On Tuesday 347 devices and on Wednesday 481 devices were found to be vulnerable, but this was not due to the conference organizers, said Richard Rushing, CSO of AirDefense in a company press release. He assured that the conference network was more secure than many of the standard corporate networks. Rushing explained the wireless became vulnerable when conference attendees connected to wireless networks through insecure hotels and hotspots. As it is, today's hackers act patiently and don't attack the device but wait for their victims to come to them. So, even a strong network fails.
With the massive number of insecure laptops and wireless devices at the conference, Rushing points at the irony of how the security conference did not take the security issue seriously.
Related article: RSA: New Phishing Kit Can Create Phishing Websites in Seconds
» SPAMfighter News - 20-02-2007