AirDefense today unveiled results from its wireless airwave monitoring on Tuesday, February 6 at the RSA Conference, the world’s leading information security conference. AirDefense studied the wireless LAN traffic throughout the day and found more than half of the 347 wireless devices, such as laptops, PDAs, phones and vendor PCs susceptible to “Evil Twin” types of attacks, combined with some of the latest zero-day attacks. In total, 56 percent of the 623 devices in use could have easily been compromised.
Other Interesting Findings:
” AirDefense discovered 70 devices participating in Ad-Hoc networks (Peer-to-Peer) using common SSID’s (Service Set Identifiers) such as “Free Public WiFi,” “Free Internet Access” and “Linksys.” Not only is this a security issue, typically this means that no firewall is present on the wireless interface or it is an un-patched Windows system. In other words, low hanging fruit for an attacker.
” Overall, there was a lack of pre-802.11n equipment, such as consumer access points, which can be purchased in many electronics stores. Only 12 of those devices were discovered and this might be due to limited or lack of built in pre 802.11n support on Laptops.
” From the Halls connecting the exposition areas to the exposition floor, AirDefense discovered 30 devices pretending to be Access Points (Soft-AP) and 2 of them were pretending to be the Conference Network. One device was setup with a self-sign certificate, to mimic the conference authentication server. Five others were mimicking common hotspots, such as “tmobile,” “IBANN,” “STSN” and several local hotels.
” Denial of service attacks were seen across the airwaves, from CTS flooding of the airwaves to de-authentication types of attacks against devices. These were limited in the durations and location of these attacks. AirDefense noticed and alerted 57 different attacks trying to disrupt the network.
” Scanning of the wireless network was seen on a regular basis using tools like NetStumbler, among others, to discover the access points.
” From all of the laptops and other devices in the airwaves, AirDefense discovered 45 of these had altered their MAC addresses. This is done to either blend into the environment or hide the true identity of the device.
” The security performance of the exposition floor was extremely poor as one out of three packets had to be retransmitted due to the congestion in the airwaves.