Many Wireless Security Breaches Reported At Security Conference

A wireless security firm claims there were 32 Evil Twin attacks and many other attempted intrusions at the just-completed RSA Security conference.

InformationWeek Staff, Contributor

February 18, 2005

2 Min Read

There were 32 "Evil Twin" attacks and many other types of security breaches aimed at Wi-Fi users of the recently-concluded RSA security conference, wireless security vendor AirDefense claimed Thursday.

In an Evil Twin attack, hackers set up bogus access points and try to get nearby wireless users to log on either. Then, they can steal information that the user transmits The use of this method of attack marks a significant shift in how eavesdroppers and hackers are trying to steal information from wireless LAN users, according to the company.

"Rather than simply scanning for and identifying access points, people are now imitating access points," Richard Rushing, AirDefense's chief security officer, said in a statement. "The same holds true for identity theft -- hackers have realized the value is in trying to become the access point or station, not merely finding one."

AirDefense regularly monitors the airwaves at industry conferences and reports the results afterwards. The company noted that the conference organizers made extraordinary efforts to provide secure wireless access, including as issuing digital credentials for accessing the wireless network used at the conference.

AirDefense acknowledged that the efforts made the conference's wireless network secure, but that didn't mean individual users were secure. That's because hackers were probing individual users' wireless profiles on their laptops, which list previously-used wireless networks. The hackers could then use the names of those networks to launch Evil Twin attacks.

"We cannot stress how important it is for wireless users to clear their profile of access points on a regular basis," Rushing said. "Wireless, by design, will always connect with the strongest signal, even if that means abandoning a secure connection."

The Evil Twin attacks mimicked networks such as T-Mobile's and Wayport's networks of public Wi-Fi hotspots. That meant that some users who previously had accessed those networks were automatically logged on to the bogus versions of those networks.

In addition, AirDefense noted that it detected other types of attacks at the conference. Specifically, it sand it found 116 attempts to spoof MAC addresses and 45 denial-of-service attacks against access points. It also found 28 unauthorized access points connected to the conference's wireless LAN. The unauthorized access points drew a lot of traffic, the company said.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights