Study: Wi-Fi users still don't encrypt

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/69/31567.html

By Kevin Poulsen
SecurityFocus
Posted: 04/07/2003 

Think you've heard more than enough about war driving and Wi-Fi
insecurity? Two days of electronic eavesdropping at the 802.11 Planet
Expo in Boston last week sniffed out more evidence that most Wi-Fi
users still aren't getting the message -- or are comfortable
broadcasting their e-mail into the ether.

Security vendor AirDefense set up two of its commercial "AirDefense
Guard" sensors at opposite corners of the exhibit hall at the Boston
World Trade Center, the site of the conference, and for two days
analyzed the traffic flowing between conference-goers and 141
unencrypted access points set up by the conference for public use, and
by vendors on the floor.

What they found was that users checking their e-mail through
unencrypted POP connections vastly outnumbered those using a VPN or
another encrypted tunnel. Only three percent of e-mail downloads were
encrypted on the first day of the conference, 12 percent on the second
day. (The company says it counted all VPN or tunneled traffic as
e-mail).

That means the other 88% could easily be intercepted by eavesdroppers
using commonly-available tools, compromising both the e-mail and the
user's passwords.

Additionally, 84 out of the 523 users monitored were configured to
allow ad hoc networking, and 74 were configured to automatically
connect to the access point with the strongest signal strength -- a
default mode that could leave a laptop prey to a rogue access point.

And then there was the hacking. Passive eavesdropping is undetectable,
but AirDefense picked-up 149 active scans from war driving tools like
Netstumbler, 105 denial-of-service attacks, eight probes for known
exploits against access points, and thirty-two attempted
man-in-the-middle attacks -- three of the successful.

"People were probably having a little fun, but I'm not sure it was all
malicious," says AirDefense's Brian Moran. "The real shocking part was
how many people attached to their corporate e-mails without any kind
of encryption."

Wi-Fi eavesdropping for any purpose is usually frowned upon in legal
circles, but AirDefense was a sponsor and the "official security
provider" at the conference, and Moran say the company provided
attendees with ample notice of the study. "There were huge signs
throughout the place saying AirDefense is monitoring all conference
traffic."




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.