Think you've heard more than enough about war driving and Wi-Fi insecurity? Two days of electronic
eavesdropping at the 802.11 Planet Expo in Boston last week sniffed out more evidence that most Wi-Fi
users still aren't getting the message -- or are comfortable broadcasting their e-mail into the ether.
Security vendor AirDefense set up two of its commercial "AirDefense Guard" sensors at opposite corners
of the exhibit hall at the Boston World Trade Center, the site of the conference, and for two days
analyzed the traffic flowing between conference-goers and 141 unencrypted access points set up by the
conference for public use, and by vendors on the floor.
What they found was that users checking their e-mail through unencrypted POP connections vastly
outnumbered those using a VPN or another encrypted tunnel. Only three percent of e-mail downloads
were encrypted on the first day of the conference, 12 percent on the second day. (The company says it
counted all VPN or tunneled traffic as e-mail).
That means the other 88% could easily be intercepted by eavesdroppers using commonly-available tools,
compromising both the e-mail and the user's passwords.
Additionally, 84 out of the 523 users monitored were configured to allow ad hoc networking, and 74 were
configured to automatically connect to the access point with the strongest signal strength -- a default
mode that could leave a laptop prey to a rogue access point.
And then there was the hacking. Passive eavesdropping is undetectable, but AirDefense picked-up 149
active scans from war driving tools like Netstumbler, 105 denial-of-service attacks, eight probes for known
exploits against access points, and thirty-two attempted man-in-the-middle attacks -- three of them
successful.
"People were probably having a little fun, but I'm not sure it was all malicious," says AirDefense's Brian
Moran. "The real shocking part was how many people attached to their corporate e-mails without any
kind of encryption."
Wi-Fi eavesdropping for any purpose is usually frowned upon in legal circles, but AirDefense was a
sponsor and the "official security provider" at the conference, and Moran say the company provided
attendees with ample notice of the study. "There were huge signs throughout the place saying
AirDefense is monitoring all conference traffic."
---
* Origin: [adminz] tech, security, support (192.168.0.2)
generated by msg2page 0.06 on Jul 21, 2006 at 19:04:26
search: