Notebook Users Under Attack at Security Conference

By David Needle

February 09, 2007

AirDefense cites numerous incidents of wireless vulnerabilities at RSA show.

You might think attendees at a security conference would take extra precautions to ensure their notebooks' safety. Think again.

According to mobile security vendor AirDefense, some 56 percent of 623 wireless devices at the RSA conference in San Francisco were susceptible to attacks, based on its study of wireless traffic at the show Tuesday.

But AirDefense puts the blames on users, not on conference organizer RSA.

"RSA does a good job of providing a secure network as good as any standard corporate network," Richard Rushing, chief security officer at AirDefense, told

The problem, Rushing said, is that among the thousands of attendees with notebook computers, PDAs and other wireless devices, most are vulnerable to attack because they use or maintain an open access wireless account separate from the conference network.

"People are using wireless, which is a good thing," said Rushing, "but they're connecting at hotels and hotspots in an insecure manner." Even if the user intends to use a secure network as a main point of access, these open accounts, if not deleted from a user's preferred list of network access points, can be exploited.

Specifically, Rushing said AirDefense identified 70 devices onsite at the conference participating in ad-hoc, peer-to-peer networks using common SSID's (Service Set Identifiers) such as "Free Public WiFi," "Free Internet Access" and "Linksys." Use of these networks typically means no firewall is present on the wireless interface, or it is an un-patched Windows system that can be readily exploited.

"It's low-hanging fruit for attackers," said Rushing.

And have there in fact been any attacks? That's hard to say. Rushing said he'd seen at least one fake "soft access point" set up to look like the RSA conference's network access.

"We didn't see anyone connected to it, but it was a close mirror of the conference log on." He said there were so many computers in the area it was impossible to know where the signal was emanating from. Someone trying to connect to a fake access point might get an "Unable to Connect" or other error message but by then the damage is done because the user's log on information has already been captured.

"It's almost like social engineering, it's hard to prevent because you don't know you've been compromised," said Rushing. AirDefense said it identified five other phony or "Evil Twin" access points with names such as "tmobile," "IBANN," "STSN" and several hotel names.

Story courtesy of InternetNews.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.