Any trade show is an opportunity for security specialists to demonstrate their skills, and last month's WiFi Planet event was no exception. AirDefense monitored all WiFi traffic at the show and found hackers skills are advancing, while many users are still ignorant of known security issues.
In a single day at the conference, AirDefense observed 21 attempted man-in-the-middle attacks (these attempt to hijack a VPN users' WiFi connection). Frighteningly, 16 of these were successful — a massive increase on a day at the previous WiFi Planet conference in June, when only three attempts out of 32 succeeded.
"Wireless LAN hacking tools have always been widely available, but they required knowledgeable techies to use them correctly," said AirDefense vice president Richard Rushing. "As wireless LANs have grown in popularity, these tools have become easier to use and reap more harmful results."
Part of the problem is that standards for WiFi security are still complex.
As well as man-in-the-middle attacks, the company recorded 33 other hacks including attempts to break the Extensible Authentication Protocol (EAP), and Cisco Systems 's version, the Lightweight Extensible Authentication Protocol (LEAP), some of which got users' passwords by brute force.
There were 75 denial-of-service attacks on access points, and there were twelve occasions when hackers attempted a DoS-cloud attack that can de-authenticate everyone on a specific channel. MAC spoofing was picked up 125 times.
Despite all this, the users were seriously unprepared. Only 6% of corporate email downloads were conducted through a virtual private network (VPN)."Without a secure connection to an enterprise email account, a wireless station exposes the email account name and password to anyone passively sniffing the WLAN traffic," Rushing said. "Anyone who downloaded email at the conference should change their password immediately."
There were plenty of ad hoc networks — 89 laptops had ad hoc networking switched on, which could potentially allow hackers to access them. One hacker tricked at least ten delegates with an ad hoc network using the SSID "wifiplanet" so it looked like the official conference network.
If trade shows are a measure of where technology can go next, then there is plenty of evidence that even technically aware users are not doing all they could — and also what can be done with enough resources. At the IT Forum event for IT managers, held by Microsoft earlier in November in Copenhagen, the show network included free WiFi access.
Microsoft ran a team of enforcers, who tracked down and forcibly upgraded any user who had a laptop that was insecure and pumping viruses onto the network. "We found one Typhoid Mary with seven viruses," said Andrew Cheeseman, technical Manager for the EMEA events team at Microsoft.