Wi-Fi Show Was Security Battleground, Vendor Claims

Most attendees and exhibitors didn't know they were the subjects of the often-successful attacks, according to AirDefense, Inc. The company monitored the airwaves at the Wi-Fi Planet Expo held earlier in December in San Jose.

One likely reason for the attacks was to gather competitive intelligence, according to Fred Tanzella, AirDefense's chief security officer.

"You can go around to your competitors' booths to get competitive information, but this type of attack is more aggressive," Tanzella said in an interview Monday. After a successful attack, hackers can get into their victims' corporate LANs, he noted. Tanzella acknowledged, though, that he had no first-hand information about why the attacks were launched or who launched them.

AirDefense maintained that, in a single day at the show, it detected 21 attempted man-in-the-middle attacks, 16 of which succeeded. These attacks can steal user names and passwords from improperly protected Wi-Fi clients logging on to a virtual private network, Tanzella said.

id
unit-1659132512259
type
Sponsored post

"We saw the same thing at their spring show, but this time the attacks were much more successful," Tanzella said in an interview Monday. "That tells me that the tools are getting much more sophisticated."

In addition, the company said it monitored 33 attacks against Extensible Authentication Protocol (EAP), 75 denial-of-service (DoS) attacks aimed at access points and 12 DoS-cloud attacks that attack every user on a specific wireless channel.

The company also reported 25 attacks that broadcast fake access point SSIDs. In fact, the fake SSIDs were for ad hoc wireless connections. Windows XP users are particularly vulnerable to that type of attack because the fake network shows up as an available WLAN and some users try to log on. When that happens, they are simply sending clear-text information directly to the hacker, Tanzella said.

He stressed that he didn't blame the show organizers. The norm for public access to wireless LANs is to have no security, he noted, and there's not much public access providers can do.

"You can set up WEP with a key but everybody would know the key," Tanzella said. "What you'd expect is that corporate users would have VPNs."

He suggested using VPNs, which, while vulnerable, are still safer than not using VPNs. And personal firewalls will protect against false SSID attacks, he said. The company also suggested that anybody who logged on the show change their password.

Tanzella said these types of attacks are likely to grow.

"If you look on the internet, there are so many tools that were open source developed for this sort of thing," he said. "You don't even have to be a hacker to use some of them."

This story courtesy of TechWeb .