Feeds

Study: Wi-Fi users still don't encrypt

Silly Billies

  • alert
  • submit to reddit

Boost IT visibility and business value

Think you've heard more than enough about war driving and Wi-Fi insecurity? Two days of electronic eavesdropping at the 802.11 Planet Expo in Boston last week sniffed out more evidence that most Wi-Fi users still aren't getting the message -- or are comfortable broadcasting their e-mail into the ether.

Security vendor AirDefense set up two of its commercial "AirDefense Guard" sensors at opposite corners of the exhibit hall at the Boston World Trade Center, the site of the conference, and for two days analyzed the traffic flowing between conference-goers and 141 unencrypted access points set up by the conference for public use, and by vendors on the floor.

What they found was that users checking their e-mail through unencrypted POP connections vastly outnumbered those using a VPN or another encrypted tunnel. Only three percent of e-mail downloads were encrypted on the first day of the conference, 12 percent on the second day. (The company says it counted all VPN or tunneled traffic as e-mail).

That means the other 88% could easily be intercepted by eavesdroppers using commonly-available tools, compromising both the e-mail and the user's passwords.

Additionally, 84 out of the 523 users monitored were configured to allow ad hoc networking, and 74 were configured to automatically connect to the access point with the strongest signal strength -- a default mode that could leave a laptop prey to a rogue access point.

And then there was the hacking. Passive eavesdropping is undetectable, but AirDefense picked-up 149 active scans from war driving tools like Netstumbler, 105 denial-of-service attacks, eight probes for known exploits against access points, and thirty-two attempted man-in-the-middle attacks -- three of the successful.

"People were probably having a little fun, but I'm not sure it was all malicious," says AirDefense's Brian Moran. "The real shocking part was how many people attached to their corporate e-mails without any kind of encryption."

Wi-Fi eavesdropping for any purpose is usually frowned upon in legal circles, but AirDefense was a sponsor and the "official security provider" at the conference, and Moran say the company provided attendees with ample notice of the study. "There were huge signs throughout the place saying AirDefense is monitoring all conference traffic."

© SecurityFocus

Secure remote control for conventional and virtual desktops

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
What's the nature of your emergency, Vodafone?
Oh, you've dialled the wrong number for ad fibs, rules ASA
EE network whacked by 'PDP authentication failure' blunder
Carrier is 'aware' of cockup, working on a fix NOW
ROAD TRIP! An FCC road trip – Leahy demands net neutrality debate across US
You crashed watchdog's site, now time to crash its ears
Google's so smart it's discovered SHARKS HAVE TEETH
Congratulations, world media, for rediscovering submarine cable armour
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?