SAN JOSE, Calif., December 17, 2003. A trade show for wireless LAN vendors turned into a battlefield for wireless hackers to show off their advancing tools that threaten the numerous wireless users who remain naive to the known security issues.
AirDefense monitored all wireless LAN activity at this month's Wi-Fi Planet Expo in San Jose, Calif., and discovered the increasing accuracy and sophistication of the latest wireless hacking tools. In a single day at the conference, AirDefense observed 21 attempted Man-in-the-Middle attacks that break the secure connection of a VPN to inject an intruder between a wireless station and the access point.
Of the 21 attempted Man-in-the-Middle attacks, 16 were successful, which compares to just three successful attacks out of 32 attempted attacks in three days at the June Wi-Fi Planet conference.
"Wireless LAN hacking tools have always been widely available, but they required knowledgeable techies to use them correctly," said Richard Rushing, AirDefense vice president of technical services. "As wireless LANs have grown in popularity, these tools have become easier to use and reap more harmful results."
AirDefense recorded another 33 advanced attacks that exploited the Extensible Authentication Protocol (EAP), which also includes attacks against Lightweight Extensible Authentication Protocol (LEAP). These EAP attacks break a wireless LAN's authentication by attacking the authentication server or brute forcing an authorized user's password.
75 Denial-of-Service attacks targeted at specific access points or stations
12 DoS-Cloud attacks that de-authenticate everyone on a specific channel
125 attempted identity thefts by spoofing an station's MAC address -- 25 FakeAP attacks that broadcast hundreds of non-existing SSIDs -- 89 network scans from tools such as Netstumbler and Wellenreiter.
Despite the malicious activity in the air, wireless LAN users disregarded the security concerns in alarming numbers with poor laptop configurations and insecure use of email across unencrypted public wireless LANs. On this one day of the conference, only 6 percent of corporate email downloads were conducted through the secure tunnel of a VPN.
"Without a secure connection to an enterprise email account, a wireless station exposes the email account name and password to anyone passively sniffing the WLAN traffic," Rushing said. "Public wireless LANs cannot be trusted with such sensitive information. Anyone who downloaded email at the conference should change their password immediately."
Other vulnerabilities included 89 user stations that were configured to allow ad hoc networking. These direct connections between devices allow for easy file sharing but offer little security or authentication. An executive's laptop in ad hoc mode opens the door to allow a hacker to connect to the laptop without the owner's knowledge, access all shared files and launch direct attacks.
In fact, an ad hoc network was detected using the SSID of "wifiplanet" which tricked as many as 10 stations to connect to this ad hoc network when they were probably looking to connect to the conference's public access points.
Other concerns among the stations and devices included 130 user stations with insecure default settings of Windows XP that broadcasted probes looking for networks that were not at the conference.
AirDefense utilized its wireless LAN intrusion detection and monitoring system to stealthily observe the conference's wireless LAN airspace and detect these attacks and threats.
For more information, go to www.airdefense.net
Military & Aerospace Electronics