AirDefense Monitors Wireless Airwaves at RSA Conference for Second Day, Wireless Usage Increases;
More Than Half of 847 Wireless Devices Vulnerable to Attacks
RSA Conference―San Francisco―February 8, 2007 – AirDefense, the innovator and market leader in anywhere, anytime wireless security, today unveiled results from its wireless airwave monitoring on Wednesday, February 7 at the RSA Conference, the world’s leading information security conference. This is the second consecutive day AirDefense studied the wireless LAN traffic from the show floor. On Wednesday, AirDefense discovered 481 out of 847 wireless devices, such as laptops, PDAs, phones and vendor PCs susceptible to “Evil Twin” types of attacks, combined with some of the latest zero-day attacks. In total, 57 percent of the 847 devices in use could have easily been compromised. Tuesday’s monitoring discovered 347 of 623 wireless devices vulnerable to attacks.
To speak to AirDefense regarding their findings stop by the AirDefense booth # 2146, or to schedule an interview with Richard Rushing, CSO, AirDefense, call Bill Keeler or Mark Cautela at Schwartz Communications at (781) 684-0770. To review wireless airwave monitoring results from Tuesday, February 8, log onto: http://www.airdefense.net/newsandpress/02_07_07.php.
“The vulnerability of 481 devices on Wednesday and 347 devices on Tuesday is not the problem of RSA Conference organizers. In fact, they secure the conference network as well or better than most standard corporate networks,” said Richard Rushing, CSO, AirDefense. “The wireless vulnerabilities increase dramatically when conference attendees have joined a wireless network through hotels and hotspots that are insecure.”
AirDefense’s wireless airwave monitoring on Wednesday discovered 847 devices in use versus 623 on Tuesday, an increase of 25 percent. Denial of service attacks spiked as well, with AirDefense noticing 85 different attacks trying to disrupt the wireless network, from CTS flooding the airwaves, to de-authentication types of attacks, to jamming attacks. These were limited in duration and the location of these attacks continued to move about the exposition floor. The types of tools used to attack the network were more sophisticated in an attempt to take advantage of the probing laptops that were discovered on Tuesday. Some attack tools were versions of Karma that mimic the Access Point that the station it is probing for. In fact, AirDefense found a single attacker had grabbed 8 different machines and launched attacks simultaneously.
Other Interesting Findings:
- AirDefense noticed that many clients, when connected to an unencrypted network, would disclose information about the organization’s networks such as Domain, Authentication Server, Active Directory, User Name, and Computer Name. Leaking out NetBIOS and IPX traffic information was common on these devices. An attacker could and might have captured the corporate username and authentication hash (password), that the unsuspecting user would have sent over the airwaves. As the laptop is not aware of its location, it does not know if it is at the office, home, or hotspot.
- AirDefense discovered 87 devices participating in Ad-Hoc networks (Peer-to-Peer) using common SSID’s (Service Set Identifiers) such as “Free Public WiFi,” “Free Internet Access” and “Linksys.” Not only is this a security issue, typically this means that no firewall is present in the wireless interface or this is an un-patched Windows system. In other words, low hanging fruit for an attacker.
“Evil Twins” are the wireless version of email phishing scams, a technique whereby an attacker tricks victims into connecting to a laptop or PDA by posing as a legitimate hotspot. Zero-day attacks take advantage of new flaws in software programs, such as Internet Explorer, that can compromise devices that have yet to be fixed by the vendor.
AirDefense is the market leader in anywhere, anytime wireless security. The company is trusted by more Fortune 500 companies, healthcare organizations and high-security government agencies for enterprise wireless protection than any other company. AirDefense products provide the most advanced solutions for rogue wireless detection, policy enforcement and intrusion prevention, both inside and outside an organization’s physical locations and wired networks. Common Criteria-certified, AirDefense enterprise-class products scale to support single offices as well as organizations with hundreds of locations around the globe. Founded in 2001, AirDefense is based in Atlanta, GA, and serves more than 600 government agencies and blue chip corporations. For more information, please visit http://www.airdefense.net or call 770.663.8115.
Bill Keeler/Liz Serotte
Schwartz Communications for AirDefense