By Tim Wilson
March 05, 2010
SAN FRANCISCO -- RSA Conference 2010 -- You'd think the behavior of
wireless users at one of the industry's biggest security conferences
would be -- well, secure.
Not so, says a quick study from wireless security company Motorola
In a study during the first two days of the show, AirDefense identified
293 wireless access points -- but an alarming 315 ad-hoc networks were
Ad-hoc networking is a mode of operation that allows two stations to
communicate directly with each other, without the use of an access
point. This could allow an attacker to impersonate a common service set
identifier (SSID) and potentially gain connectivity to the wireless
station, AirDefense observes.
Some 116 wireless clients were found to be associated to these ad-hoc
networks, many offering security-risky SSIDs, such as "Free Public
WiFi," "Free Internet Access," "Hotel WiFi," and "lounge."
While there was more encryption at this year's conference than last
year, the majority of the networks using encryption were found to be
using technologies known to be vulnerable to attack. Sixty-two percent
were using WEP -- which was cracked years ago -- or TKIP, for which
researchers have rolled out several proofs of concept research during
the past two years. The recommended encryption is AES/CCMP.
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!