Wi-Fi Planet Expo Attracts Latest Hacking Tools

SAN JOSE, Calif., December 17, 2003. A trade show for wireless LAN vendors turned into a battlefield for wireless hackers to show off their advancing tools that threaten the numerous wireless users who remain naive to the known security issues.

AirDefense monitored all wireless LAN activity at this month's Wi-Fi Planet Expo in San Jose, Calif., and discovered the increasing accuracy and sophistication of the latest wireless hacking tools. In a single day at the conference, AirDefense observed 21 attempted Man-in-the-Middle attacks that break the secure connection of a VPN to inject an intruder between a wireless station and the access point.

Of the 21 attempted Man-in-the-Middle attacks, 16 were successful, which compares to just three successful attacks out of 32 attempted attacks in three days at the June Wi-Fi Planet conference.

"Wireless LAN hacking tools have always been widely available, but they required knowledgeable techies to use them correctly," said Richard Rushing, AirDefense vice president of technical services. "As wireless LANs have grown in popularity, these tools have become easier to use and reap more harmful results."

AirDefense recorded another 33 advanced attacks that exploited the Extensible Authentication Protocol (EAP), which also includes attacks against Lightweight Extensible Authentication Protocol (LEAP). These EAP attacks break a wireless LAN's authentication by attacking the authentication server or brute forcing an authorized user's password.

75 Denial-of-Service attacks targeted at specific access points or stations
12 DoS-Cloud attacks that de-authenticate everyone on a specific channel
125 attempted identity thefts by spoofing an station's MAC address -- 25 FakeAP attacks that broadcast hundreds of non-existing SSIDs -- 89 network scans from tools such as Netstumbler and Wellenreiter.

Despite the malicious activity in the air, wireless LAN users disregarded the security concerns in alarming numbers with poor laptop configurations and insecure use of email across unencrypted public wireless LANs. On this one day of the conference, only 6 percent of corporate email downloads were conducted through the secure tunnel of a VPN.

"Without a secure connection to an enterprise email account, a wireless station exposes the email account name and password to anyone passively sniffing the WLAN traffic," Rushing said. "Public wireless LANs cannot be trusted with such sensitive information. Anyone who downloaded email at the conference should change their password immediately."

Other vulnerabilities included 89 user stations that were configured to allow ad hoc networking. These direct connections between devices allow for easy file sharing but offer little security or authentication. An executive's laptop in ad hoc mode opens the door to allow a hacker to connect to the laptop without the owner's knowledge, access all shared files and launch direct attacks.

In fact, an ad hoc network was detected using the SSID of "wifiplanet" which tricked as many as 10 stations to connect to this ad hoc network when they were probably looking to connect to the conference's public access points.

Other concerns among the stations and devices included 130 user stations with insecure default settings of Windows XP that broadcasted probes looking for networks that were not at the conference.

AirDefense utilized its wireless LAN intrusion detection and monitoring system to stealthily observe the conference's wireless LAN airspace and detect these attacks and threats.

For more information, go to www.airdefense.net

Military & Aerospace Electronics

Easily post a comment below using your Linkedin, Twitter, Google or Facebook account.


The Innovation That Matters™ Quiz

Innovation is one of the key drivers in the Defense industry. View this short video of Leon Woo, VP of Engineering at Mercury Systems, on the role of innovation. Then, answer 3 simple questions correctly to be entered into a drawing to win an Eddie Bauer fleece jacket!

CONGRATULATIONS TO OUR TWO MOST RECENT WINNERS. "Nick from SPARWAR" and "Bridget from AOC."


Military & Aerospace Photos

Wire News provided by   

Most Popular Articles

Webcasts

Meeting the Gen3 backplane challenge with OpenVPX and COTS

Tight Pentagon budgets mean military systems must stay in the field for longer than ever before. This doesn't mean obsolete technology, however. Today's military electronics are being upgraded constantly, an...
Sponsored by:

Digital signal processing for signals intelligence and electronic warfare

Military & Aerospace Electronics presents an expert Webcast on the design considerations for blending general-purposes processors (GPUs), general-purpose graphics processors (GPGPUs), field-programmable ...
Sponsored by:

Advantages of Intel Architecture Products and Wind River Solutions in Military & Aerospace Applications

This webinar explains the individual advantages of the Intel Architecture hardware, available for long-life supply, and the WRS software portfolio.  There are extraordinary advantages of combining such ...
Sponsored by:

social activity

All Access Sponsors


Mil & Aero Magazine

February 2014
Volume 25, Issue 2
file

Download Our Apps



iPhone

iPad

Android

Follow Us On...



Newsletters

Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information
SUBSCRIBE

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers
SUBSCRIBE

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications
SUBSCRIBE

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles
SUBSCRIBE