AirDefense Discovers More Than Half of 623 Wireless Devices on Show Floor at RSA Conference Vulnerable to Attacks
RSA Conference―San Francisco―February 7, 2007 – AirDefense, the innovator and market leader in anywhere, anytime wireless security, today unveiled results from its wireless airwave monitoring on Tuesday, February 6 at the RSA Conference, the world’s leading information security conference. AirDefense studied the wireless LAN traffic throughout the day Tuesday and found more than half of the 623 or 347 wireless devices, such as laptops, PDAs, phones and vendor PCs susceptible to “Evil Twin” types of attacks, combined with some of the latest zero-day attacks. In total, 56 percent of the 623 devices in use could have easily been compromised.
To speak to AirDefense regarding their findings stop by the AirDefense booth # 2146, or to schedule an interview with Richard Rushing, CSO, AirDefense, call Bill Keeler or Mark Cautela at Schwartz Communications at (781) 684-0770.
“Evil Twins” are the wireless version of email phishing scams, a technique whereby an attacker tricks victims into connecting to a laptop or PDA by posing as a legitimate hotspot. Zero-day attacks take advantage of new flaws in software programs, such as Internet Explorer that can compromise devices that have yet to be fixed by the vendor.
“There is a massive increase in the insecurity of laptops and wireless devices at this year’s RSA Conference and the irony is that at the world’s leading security conference many are not taking the security issue seriously at all,” said Richard Rushing, chief security officer, AirDefense. “Connecting wireless devices to insecure wireless networks greatly increases the chances of a breach due to insecure settings for other networks such as hot spots, hotels, airports and homes. No matter how strong the network is, today’s hacker is patient and doesn’t attack the device but waits for their victims to come to visit them.”
Other Interesting Findings:
- AirDefense discovered 70 devices participating in Ad-Hoc networks (Peer-to-Peer) using common SSID’s (Service Set Identifiers) such as “Free Public WiFi,” “Free Internet Access” and “Linksys.” Not only is this a security issue, typically this means that no firewall is present on the wireless interface or it is an un-patched Windows system. In other words, low hanging fruit for an attacker.
- Overall, there was a lack of pre-802.11n equipment, such as consumer access points, which can be purchased in many electronics stores. Only 12 of those devices were discovered and this might be due to limited or lack of built in pre 802.11n support on Laptops.
- From the Halls connecting the exposition areas to the exposition floor, AirDefense discovered 30 devices pretending to be Access Points (Soft-AP) and 2 of them were pretending to be the Conference Network. One device was setup with a self-sign certificate, to mimic the conference authentication server. Five others were mimicking common hotspots, such as “tmobile,” “IBANN,” “STSN” and several local hotels.
- Denial of service attacks were seen across the airwaves, from CTS flooding of the airwaves to de-authentication types of attacks against devices. These were limited in the durations and location of these attacks. AirDefense noticed and alerted 57 different attacks trying to disrupt the network.
- Scanning of the wireless network was seen on a regular basis using tools like NetStumbler, among others, to discover the access points.
- From all of the laptops and other devices in the airwaves, AirDefense discovered 45 of these had altered their MAC addresses. This is done to either blend into the environment or hide the true identity of the device.
- The security performance of the exposition floor was extremely poor as one out of three packets had to be retransmitted due to the congestion in the airwaves.
AirDefense is the market leader in anywhere, anytime wireless security. The company is trusted by more Fortune 500 companies, healthcare organizations and high-security government agencies for enterprise wireless protection than any other company. AirDefense products provide the most advanced solutions for rogue wireless detection, policy enforcement and intrusion prevention, both inside and outside an organization’s physical locations and wired networks. Common Criteria-certified, AirDefense enterprise-class products scale to support single offices as well as organizations with hundreds of locations around the globe. Founded in 2001, AirDefense is based in Atlanta, GA, and serves more than 600 government agencies and blue chip corporations. For more information, please visit http://www.airdefense.net or call 770.663.8115.
Bill Keeler/Liz Serotte
Schwartz Communications for AirDefense