New Wireless Security Threats Revealed at Defcon 15

As a result of 3 days of monitoring, AirDefense develops new detection and protection methods.

by / August 14, 2007
AirDefense, Inc. today released updated detection and protection methods for new hacks identified at Defcon 15, the largest underground hacking conference in the United States. At the request of Defcon Wi-Fi Village organizers, AirDefense monitored the annual conference in Las Vegas, NV.

During the three days of monitoring, AirDefense Enterprise protected 22 access points (APs) provided by Defcon for Internet access and monitored 46 additional access points installed by conference attendees. With over 2100 wireless devices in use at the event, the network was overloaded yet usable with some taking advantage of the less congested 802.11a network for a more reliable Internet connection. As expected, many well-known wireless vulnerabilities in existence were exploited at the conference. Denial of service (DoS) attacks were by far the most numerous with 17 variations used in 428 attempts. Over 1100 attacks were run against wireless client devices. In six separate cases, hackers were able to completely compromise access points and change their settings.

Newly identified attacks at this year's Defcon involved the use of multiple APs to form a phishing trap, otherwise known as a multi-pot. This attack has existed for quite some time, so hackers focused on easier to implement variations which are difficult to detect, more damaging and especially effective. In one example, the attack entitled "Bad Karma" included functions that enable the attacker to phish clients without causing them to re-authenticate to the attacker's AP.

AirDefense also spotted several new variations of wireless denial of service (DoS) attacks both at the driver level and RF level. Fuzzing attacks, revealed at last year's Defcon 14, advanced using a wider variety of frame modifications to impact additional types of wireless devices. In fuzzing attacks, frames are specifically crafted to cause a wireless device to crash and sometimes deliver a payload that can compromise the device. The new variations introduced at Defcon 15 appear to target radios in newer embedded platforms. Additionally, AirDefense observed 12 instances of a new RF Jamming technique that uses standard 802.11 radios to block the entire 2.4 GHz spectrum. Although jamming will always be a problem, this attack is particularly problematic as it uses standard 802.11 radios instead of requiring specialized hardware.

As a result of AirDefense's monitoring efforts at Defcon 15, along with the company's commitment to ensuring customers have the most up-to-date protection, AirDefense quickly released updated software that detects each of the new attacks and enhances the protection methods implemented throughout the system. AirDefense's patented WEP Cloaking solution, which increases the security of WEP networks, already includes protection for each of the attacks proposed by hackers at Defcon.

"Security leaders have always been in a race with hackers," said Amit Sinha, CTO of AirDefense. "The largest enterprises and most secure government organizations choose AirDefense because of the expertise that goes into the early identification of threats and the speed at which we are able to react after new threats are released. Customers can rest assured that AirDefense is working around the clock to protect their networks and data."