Study Examines Wireless Network Security At RSA

Motorola AirDefense performed wireless security monitoring at the RSA 2010 conference. Leveraging its Wireless Intrusion Prevention System platform and wireless security expertise, Motorola AirDefense collected and analyzed the security of the wireless networks present at the show.

The monitoring was conducted from Day 1 through Day 2 of the conference (March 2-3.) The following is a summary of the findings from the two days. No attempts were made to interrupt or decrypt traffic at the show.

In terms of the infrastructure, 293 Access Points were identified, while an alarming number of Ad-hoc networks (315) were also discovered.

Ad-hoc networking is a mode of operation that allows two stations to communicate directly with each other, without the use of an access point. This could allow an attacker to impersonate a common SSID and potentially gain connectivity to the wireless station. 116 wireless clients were found to be associated to these ad-hoc networks using common SSID’s (Service Set Identifiers) such as “Free Public WiFi,” “Free Internet Access”, “UCSB wireless web”, “Hotel WIFI”, and “lounge”.

This year, a higher average number of access points (86 percent) were found to be using encryption.

This is an improvement over last year’s show where a significant number of conference access points were found to be open with no encryption.

The majority (63 percent) of the networks using encryption were found to be using encryption types known to be vulnerable to attack. WEP has been cracked for years, and TKIP is becoming increasingly vulnerable due to ongoing proof of concept research over the last 2 years. The recommended encryption is AES/CCMP.

The survey also revealed that a good percentage of the wireless networks were using WPA-PSK (pre-shared key) authentication. WPA-PSK is known to be vulnerable to dictionary attacks.

Use of 802.11n enabled access points still appears to be low, but 802.11a appears to be more common this year, perhaps due to wider availability, and is advantageous for people looking to use a less congested spectrum (5GHz).

More than half of the 2,444 wireless clients were found to be probing for multiple Service Set Identifiers (SSIDs), or the name of the wireless LAN. 

This makes these stations could be vulnerable to evil twin, hotspotter, and MITM (Man in the Middle) attacks). These included laptops, PDAs, and phones with Wi-Fi support. In fact, 1034 of the devices were Apple and 206 were RIM devices.

For those devices using Microsoft Windows, it’s recommended that administrators push out policies to desktop/laptops that disable Ad-Hoc support and disable “Automatically connect to non-preferred networks.”

Similar settings can be found in other operating systems.

On the open networks, web-based email conversations were discovered, amongst other infrastructure data. Many web-based email sites provide for a secure login, but once logged in the email application is clear text. Numerous web-based emails from hotmail, gmail, and Yahoo! were discovered. These vulnerabilities expose web applications, web-based email, and critical infrastructure devices. Encryption should be used whenever possible.

Identity theft by Media Access Control (MAC) spoofing was observed from some wireless clients. This can sometimes be an indication of malicious users impersonating a legitimate access point or station with the goal of performing Man in the Middle (MITM) attacks or bypassing access point security mechanisms. This was evidenced by the number of Ad-Hoc networks and Soft APs discovered at the show.

One of the more recent wireless attack vectors was also discovered.  SSID SQL Injection attacks were identified coming from four different sources at the show. By injecting this into the SSID portion of a frame, one can potentially exploit vulnerable access points. This can then allow a backdoor into the access point and allow the attacker to change the access point configuration, thus allowing them open access to the network.

A variety of wired traffic was found to be leaking from the wireless networks as well, including: NetBIOS, STP, IPX, and IGMP. The unencrypted routing protocols reveal the inner workings of the network and are visible to anyone sniffing the traffic, also known as a form of Extrusion.

This is a clear indication that firewall or filtering mechanisms are inappropriately configured and allowing undesirable traffic to leak from the wired networks. This information could be used by a hacker to enumerate the wired network and read information clear-text. Numerous Windows system names and usernames were enumerated during the analysis. All of this traffic should be properly blocked by a firewall by blocking not only incoming traffic (wireless to wired), but also outgoing traffic (wired to wireless).

Motorola AirDefense’s wireless security survey at the RSA 2010 Conference revealed that common vulnerabilities continue to exist within wireless infrastructures. Clearly the best approach to these ongoing problems involves continued user awareness, leveraging stronger encryption and authentication options available in access points, improving the security posture in layers of defense such as firewalls, and a wireless intrusion prevention system to detect and block intrusion attempts.

 

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.