Wi-Fi Planet Expo Attracts Latest Hacking Tools

SAN JOSE, Calif., December 17, 2003. A trade show for wireless LAN vendors turned into a battlefield for wireless hackers to show off their advancing tools that threaten the numerous wireless users who remain naive to the known security issues.

AirDefense monitored all wireless LAN activity at this month's Wi-Fi Planet Expo in San Jose, Calif., and discovered the increasing accuracy and sophistication of the latest wireless hacking tools. In a single day at the conference, AirDefense observed 21 attempted Man-in-the-Middle attacks that break the secure connection of a VPN to inject an intruder between a wireless station and the access point.

Of the 21 attempted Man-in-the-Middle attacks, 16 were successful, which compares to just three successful attacks out of 32 attempted attacks in three days at the June Wi-Fi Planet conference.

"Wireless LAN hacking tools have always been widely available, but they required knowledgeable techies to use them correctly," said Richard Rushing, AirDefense vice president of technical services. "As wireless LANs have grown in popularity, these tools have become easier to use and reap more harmful results."

AirDefense recorded another 33 advanced attacks that exploited the Extensible Authentication Protocol (EAP), which also includes attacks against Lightweight Extensible Authentication Protocol (LEAP). These EAP attacks break a wireless LAN's authentication by attacking the authentication server or brute forcing an authorized user's password.

75 Denial-of-Service attacks targeted at specific access points or stations
12 DoS-Cloud attacks that de-authenticate everyone on a specific channel
125 attempted identity thefts by spoofing an station's MAC address -- 25 FakeAP attacks that broadcast hundreds of non-existing SSIDs -- 89 network scans from tools such as Netstumbler and Wellenreiter.

Despite the malicious activity in the air, wireless LAN users disregarded the security concerns in alarming numbers with poor laptop configurations and insecure use of email across unencrypted public wireless LANs. On this one day of the conference, only 6 percent of corporate email downloads were conducted through the secure tunnel of a VPN.

"Without a secure connection to an enterprise email account, a wireless station exposes the email account name and password to anyone passively sniffing the WLAN traffic," Rushing said. "Public wireless LANs cannot be trusted with such sensitive information. Anyone who downloaded email at the conference should change their password immediately."

Other vulnerabilities included 89 user stations that were configured to allow ad hoc networking. These direct connections between devices allow for easy file sharing but offer little security or authentication. An executive's laptop in ad hoc mode opens the door to allow a hacker to connect to the laptop without the owner's knowledge, access all shared files and launch direct attacks.

In fact, an ad hoc network was detected using the SSID of "wifiplanet" which tricked as many as 10 stations to connect to this ad hoc network when they were probably looking to connect to the conference's public access points.

Other concerns among the stations and devices included 130 user stations with insecure default settings of Windows XP that broadcasted probes looking for networks that were not at the conference.

AirDefense utilized its wireless LAN intrusion detection and monitoring system to stealthily observe the conference's wireless LAN airspace and detect these attacks and threats.

For more information, go to www.airdefense.net

Military & Aerospace Electronics


Military & Aerospace Photos

Most Popular Articles

Wire News provided by   

Press Releases

One Part Epoxy Resists up to 500°F and Meets NASA Low Outgassing Specifications

Master Bond Supreme 12AOHT-LO is a one component epoxy for a variety of bonding and sealing applications in...

Low Viscosity, One Part Cyanoacrylate Is Non-Toxic and Meets ISO 10993-5 Specifications

Master Bond MB250NT is widely used for a variety of applications ranging from repair to high speed producti...

Thermally Conductive, Two Component Epoxy Passes USP Class VI Tests and ISO 10993-5 Specifications

With biocompatibility and cytotoxicity certifications, Master Bond EP21AOLV-2Med is often selected for bond...

One Component, Snap Cure Epoxy Features High Strength Properties

Suitable for a variety of applications in the electronic, aerospace and OEM industries, Master Bond EP3SP5F...

Curtiss-Wright’s New Rugged Mobile IP Router Subsystem Features an Integrated Cisco® 5915 ESR Router

Curtiss-Wright Corporation today announced that its Defense Solutions division, a Cisco® Systems Solution T...

VICTORY Shared Processing, Fire Control Computer, and Switch for Ground Vehicles Introduced by Curtiss-Wright

Curtiss-Wright Corporation today announced that its Defense Solutions division has introduced a new fully i...

CURTISS-WRIGHT CONGRATULATES NORTHROP GRUMMAN ON SUCCESSFUL FIRST FLIGHT OF SECOND MQ-4C TRITON UAS

Curtiss-Wright Corporation’s Defense Solutions division applauds Northrop Grumman Corporation (NYSE: NOC) o...

GE Announces First Sub-Credit Card-Sized Multi-Function High Definition (HD) Video Tracker

HUNTSVILLE, AL.— OCTOBER 13, 2014—GE’s Intelligent Platforms business today announced at AUSA (October 13-...

Webcasts

Meeting the Gen3 backplane challenge with OpenVPX and COTS

Tight Pentagon budgets mean military systems must stay in the field for longer than ever before. This doesn't mean obsolete technology, however. Today's military electronics are being upgraded constantly, an...
Sponsored by:

Design Strategy Considerations for DO-178C Certified Multi-core Systems

Join Wind River to learn how system architecture and design choices can minimize your DO-178C certification challenges.

Sponsored by:

Flying, Sailing or Driving - The Rugged, Embedded Intel-based Server that goes where you need it!Flying Sailing or Driving

Leveraging the power of server-class processors is no longer relegated to the confines of data centers. Through several innovations, Mercury Systems has ruggedized Intel’s server-class chips for deployment. ...
Sponsored by:

All Access Sponsors


Mil & Aero Magazine

March 2015
Volume 26, Issue 3
file

Download Our Apps



iPhone

iPad

Android

Follow Us On...



Newsletters

Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information
SUBSCRIBE

Cyber Security

Monthly newsletter covering cyber warfare, cyber security, information warfare, and information security technologies, products, contracts, and procurement opportunities
SUBSCRIBE

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers
SUBSCRIBE

Electronic Warfare

Quarterly newsletter covering technologies and applications in electronic warfare, cyber warfare, optical warfare, and spectrum warfare.
SUBSCRIBE

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications
SUBSCRIBE

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles
SUBSCRIBE