(As I've said many times, security breaches reported at
conferences full of security people don't count as a
predictor of what's out in the real world as a threat.
But, it makes for interesting reading and establishes
some metric on the ease of the attack. iang)
http://www.mobilepipeline.com/showArticle.jhtml?articleID=60401970
February 18, 2005
Many Wireless Security Breaches Reported At Security Conference
By Mobile Pipeline Staff
There were 32 "Evil Twin" attacks and many other types of security
breaches aimed at Wi-Fi users of the recently-concluded RSA security
conference, wireless security vendor AirDefense claimed Thursday.
In an Evil Twin attack, hackers set up bogus access points and try to
get nearby wireless users to log on either. Then, they can steal
information that the user transmits The use of this method of attack
marks a significant shift in how eavesdroppers and hackers are trying to
steal information from wireless LAN users, according to the company.
"Rather than simply scanning for and identifying access points, people
are now imitating access points," Richard Rushing, AirDefense's chief
security officer, said in a statement. "The same holds true for identity
theft -- hackers have realized the value is in trying to become the
access point or station, not merely finding one."
AirDefense regularly monitors the airwaves at industry conferences and
reports the results afterwards. The company noted that the conference
organizers made extraordinary efforts to provide secure wireless access,
including as issuing digital credentials for accessing the wireless
network used at the conference.
AirDefense acknowledged that the efforts made the conference's wireless
network secure, but that didn't mean individual users were secure.
That's because hackers were probing individual users' wireless profiles
on their laptops, which list previously-used wireless networks. The
hackers could then use the names of those networks to launch Evil Twin
attacks.
"We cannot stress how important it is for wireless users to clear their
profile of access points on a regular basis," Rushing said. "Wireless,
by design, will always connect with the strongest signal, even if that
means abandoning a secure connection."
The Evil Twin attacks mimicked networks such as T-Mobile's and Wayport's
networks of public Wi-Fi hotspots. That meant that some users who
previously had accessed those networks were automatically logged on to
the bogus versions of those networks.
In addition, AirDefense noted that it detected other types of attacks at
the conference. Specifically, it sand it found 116 attempts to spoof MAC
addresses and 45 denial-of-service attacks against access points. It
also found 28 unauthorized access points connected to the conference's
wireless LAN. The unauthorized access points drew a lot of traffic, the
company said.
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]