Hundreds log into a rogue wireless hotspot at Infosec conference

2011-04-21

Asavin Wattanajantra

http://www.theinquirer.net/inquirer/news/2045528/hundreds-log-rogue-wireless-hotspot-infosec-conference



HUNDREDS OF PEOPLE attending London's Infosec conference logged into a rogue wireless hotspot that could have left them open to attack by hackers.

For a couple of hours on days one and two of the conference, insecurity firm Cryptocard created a wireless hotspot called 'Infosecfreewifi'. It found that 143 people connected to the rogue network on Tuesday and 162 people on Wednesday. In the space of just two hours on each day.

Afterwards the firm did a live demonstration on stage, where it set up a new wireless hotspot, calling it 'BT Openzone'. These networks connect to Iphones automatically, so when it was switched on Apple devices throughout the conference joined.

"We identified one of these individuals, and asked permission for them to go off and search the web and do what they do with their Iphone," said Jason Hart, an ethical hacker working at Cryptocard. "There and then, every username, password, email, application appeared on the screen."

Hart said that he didn't expect quite so many people to connect up to the rogue Infosec network, expecting only around 20 or 30 people to log on from an audience that should be pretty security conscious.

But unsecured WiFi networks are pretty common, and even the hacks at Infosec were forced to use a connection without the need of a password. Without decent antivirus or malware protection on your computer, you would obviously be in trouble if a criminal was looking to take advantage of you.

The worst case scenario would be if a computer user offered up credit card details or other financial information using a network created by a cyber criminal. A typical sort of attack would see the creation of a fake website asking for credit card details to pay for the WiFi connection.

Hart said, "Somebody needs to take ownership. I think at the moment from the telcos point of view it's the individual's problem."

"For me personally, even security people don't realise the issue. People focus on zero-day exploits and other things that are happening, but every single successful attack is around the basics. People assume the basics are being taken care of. I can guarantee they're not."


main page ATTRITION feedback