Beware The Wardriver at Your Next Conference


Every tech conference put on today is swimming in Wi-Fi signals. Some are
meant to provide public Internet access to attendees, and some are meant to
be private for exhibitors connecting to corporate networks.

According to
research conducted by Russian security firm Kaspersky Lab, most of those
Wi-Fi signals are wide open.


Kaspersky conducted its “wardriving” research at the recent CeBIT show in Hanover, Germany, that bills itself as the world’s largest IT trade
fair.

Wardriving is the act of scanning Wi-Fi signals to access open bandwidth that isn’t necessarily supposed to be open.


Kaspersky Senior Virus Analyst Alexander Gostev and Senior Research Engineer
Roel Schouwenberg discovered at the show nearly 300 access points, which they
collected data on.

According to Kaspersky, “the researchers did not attempt
to intercept or decrypt any traffic.” They did, however, discover a number of interesting things about the nature of Wi-Fi networks.


More than half (approximately 56 percent) of the detected access points
offered no WEP protection. Alex Gostev, senior virus
analyst at Kaspersky wasn’t surprised by the finding.


“We expected that access points without traffic encryption will be less than
in global statistics,” Gostev told internetnews.com in a translated
e-mail. “And it was as expected, 56 percent against 70 percent in other
countries. Although we expected less unprotected networks, 20 to 30 percent.”


CeBIT access points for the most part were apparently not left in their
default modes, either.

SSIDs , which stands for Service Set
Identifier, were in most cases changed from their factory settings, which
typically are a combination of the manufacturer’s name and/or
device model number.

A factory default SSID is an indication that the
administrator has not changed the default setting and may well not have
changed the default username/password, either. The Kaspersky researchers detected only two access points out of their scan of 300 that still had
the factory default SSID configuration.


“The fact that there were only two access points with default SSIDs was very
good to see,” Schouwenberg told internetnews.com. “We expected that number to be quite a bit
higher.”


SSIDs are also typically set to broadcast their availability, which more
easily enables users, both legitimate and malicious, to locate the access
point.

By disabling SSID broadcasting, the idea is that it is harder for
malicious users to discover an access point and attempt to infiltrate it.
Kasperksy’s CeBIT research found that only 8 percent had disabled SSIDs and
of those, 89 percent had enabled WEP encryption.


Schouwenberg advised that for WLANs that need to be treated as private,
tradeshow participants should disable SSID and use the best encryption.

“If you want to be really secure, you should use authentication to prevent
unauthorized access to the access point,” Schouwenberg said. “And use a
tunnel (VPN for instance) to make sure others can’t intercept/decrypt
traffic.”


Gostev warns of another threat that could potentially affect conference
Goers: mobile viruses.


“Creation and implementation of automatic traps of the viruses combined
with Bluetooth scanners seems to me expedient,” Gostev said.


He suggests that the mobile equivalent of airport metal detectors is needed
to help prevent mobile virus transmission. That way, he said, it will be possible to discover infected phones the minute they enter the building.

News Around the Web