Wi-Fi Planet Expo Attracts Latest Hacking Tools

SAN JOSE, Calif., December 17, 2003. A trade show for wireless LAN vendors turned into a battlefield for wireless hackers to show off their advancing tools that threaten the numerous wireless users who remain naive to the known security issues.

AirDefense monitored all wireless LAN activity at this month's Wi-Fi Planet Expo in San Jose, Calif., and discovered the increasing accuracy and sophistication of the latest wireless hacking tools. In a single day at the conference, AirDefense observed 21 attempted Man-in-the-Middle attacks that break the secure connection of a VPN to inject an intruder between a wireless station and the access point.

Of the 21 attempted Man-in-the-Middle attacks, 16 were successful, which compares to just three successful attacks out of 32 attempted attacks in three days at the June Wi-Fi Planet conference.

"Wireless LAN hacking tools have always been widely available, but they required knowledgeable techies to use them correctly," said Richard Rushing, AirDefense vice president of technical services. "As wireless LANs have grown in popularity, these tools have become easier to use and reap more harmful results."

AirDefense recorded another 33 advanced attacks that exploited the Extensible Authentication Protocol (EAP), which also includes attacks against Lightweight Extensible Authentication Protocol (LEAP). These EAP attacks break a wireless LAN's authentication by attacking the authentication server or brute forcing an authorized user's password.

75 Denial-of-Service attacks targeted at specific access points or stations
12 DoS-Cloud attacks that de-authenticate everyone on a specific channel
125 attempted identity thefts by spoofing an station's MAC address -- 25 FakeAP attacks that broadcast hundreds of non-existing SSIDs -- 89 network scans from tools such as Netstumbler and Wellenreiter.

Despite the malicious activity in the air, wireless LAN users disregarded the security concerns in alarming numbers with poor laptop configurations and insecure use of email across unencrypted public wireless LANs. On this one day of the conference, only 6 percent of corporate email downloads were conducted through the secure tunnel of a VPN.

"Without a secure connection to an enterprise email account, a wireless station exposes the email account name and password to anyone passively sniffing the WLAN traffic," Rushing said. "Public wireless LANs cannot be trusted with such sensitive information. Anyone who downloaded email at the conference should change their password immediately."

Other vulnerabilities included 89 user stations that were configured to allow ad hoc networking. These direct connections between devices allow for easy file sharing but offer little security or authentication. An executive's laptop in ad hoc mode opens the door to allow a hacker to connect to the laptop without the owner's knowledge, access all shared files and launch direct attacks.

In fact, an ad hoc network was detected using the SSID of "wifiplanet" which tricked as many as 10 stations to connect to this ad hoc network when they were probably looking to connect to the conference's public access points.

Other concerns among the stations and devices included 130 user stations with insecure default settings of Windows XP that broadcasted probes looking for networks that were not at the conference.

AirDefense utilized its wireless LAN intrusion detection and monitoring system to stealthily observe the conference's wireless LAN airspace and detect these attacks and threats.

For more information, go to www.airdefense.net

Military & Aerospace Electronics

Get All the Military Aerospace Electronics News Delivered to Your Inbox or Your Mailbox

Subscribe to Military Aerospace Electronics Magazine or email newsletter today at no cost and receive the latest information on:

  • C4ISR
  • Cyber Security
  • Embedded Computing
  • Unmanned Vehicles

Military & Aerospace Photos

Most Popular Articles


The Intel Xeon-D processor and its role in high-performance embedded computing (HPEC)

The rugged Intel Xeon-D server-class multicore microprocessor is set to revolutionize high-performance embedded computing. By itself, the processor will bring unprecedented power to embedded computing applic...

Harsh Environment Protection for Advanced Electronics and Components

This webinar will offer an opportunity to learn more about ultra-thin Parylene conformal coatings – how they are applied, applications they protect today, and the properties and benefits they offer, includin...

Press Releases


Curtiss-Wright Corporation today announced that its Defense Solutions division has received a contract from Sierra Nevada Corporation (SNC) to supply its small form factor ...

Innovative Integration Announces the FMC-Servo

Camarillo, CA June 19, 2015, Innovative Integration, a trusted supplier of signal processing and data acquisition hardware and software solutions, today announced the FMC-S...


Curtiss-Wright Corporation today announced that its Defense Solutions division has further enhanced its innovative VRD1 high definition (HD) video management system (VMS) w...

All Access Sponsors

Mil & Aero Magazine

August 2015
Volume 26, Issue 8

Download Our Apps




Follow Us On...


Military & Aerospace Electronics

Weekly newsletter covering technical content, breaking news and product information

Cyber Security

Monthly newsletter covering cyber warfare, cyber security, information warfare, and information security technologies, products, contracts, and procurement opportunities

Defense Executive

Monthly newsletter covering business news and strategic insights for executive managers

Electronic Warfare

Quarterly newsletter covering technologies and applications in electronic warfare, cyber warfare, optical warfare, and spectrum warfare.

Embedded Computing Report

Monthly newsletter covering news on embedded computing in aerospace, defense and industrial-rugged applications

Unmanned Vehicles

Monthly newsletter covering news updates for designers of unmanned vehicles