CeBIT lets itself down over wireless security

Posted on 16 Mar 2006 at 16:02

CeBIT 2006. It may be the biggest tech show in the world. But it's a poor show when it comes to wireless security, according to security companies that conducted tests during the week long trade fair.

Moscow-based Kaspersky tried a series of 'war-driving' experiments on two days during the show. The results proved that security levels were woeful by any standard, let alone when those responsible are supposed to be at the bleeding edge of technology.

Kaspersky located some 300 wireless access points at the show, nearly half (47.08 per cent) of which operated at the 11Mbps speeds of the 802.11b standard which came into being at the turn of the century, already suggesting ageing equipment.

Next, 55.67 per cent of networks were operating without encryption, so anyone listening in could cream off passwords and other sensitive data sent through them. Although the figure presents an improvement over the 70 per cent unencrypted wireless networks as used by the great unwashed, Kaspersky describes that level of unprotected access points as 'unacceptably high'.

'It should again be stressed that these points provide access to the local networks of companies participating in CeBIT - a prime target for hackers,' write Kaspersky's Alexander Gostev and Roel Schouwenberg.

Another means of protecting a wireless access point from unauthorised connections is simply to switch off the SSID broadcast so that anyone scanning the area with a wireless laptop for example won't automatically see it. The idea was adopted in just 8 per cent of the access points examined.

Kaspersky takes heart that at least most access points did not use the default SSID names, indicating that the access point had also not been left with the default username and password of the admin account in situ. The company says this shows that 'administrators were aware of security issues'. However, the decision to change the SSID may simply be an attempt to avoid confusion. CeBIT is one place you can be fairly sure is awash with wireless networks, so it makes sense to name the access points of your network to ensure you hook up to the right one: that decision is not necessarily made as a security precaution.

While Kaspersky was checking out the WiFi, Finnish company F-Secure had placed a prototype Bluetooth honeypot to scan the area. The device has range of 100m but identifies itself as a Bluetooth phone in discoverable mode.

It quickly found plenty of friends. Just scanning that area, the honeypot identified 12,500 unique devices that passed within range; all of which had Bluetooth enable and had been made 'discoverable'. F-Secure described the figure as 'unbelievable'. The honeypot device even caught 10 viruses.

It's not just that the CeBIT fair is packed with IT professionals that makes the levels of security exhibited so lamentable, it's that hackers are already well aware of this.

Kaspersky's report reads: 'Almost all firms which participate in such events set up their own local networks, which often connect to the company's main server. These local networks usually have low security settings, and are set up quickly; these factors increase the risk of hacker attacks.'

Visitors too are equally attractive targets - and this year there were 450,000 of them at the show. The report adds: 'One notorious example took place at InfoSecurity London last year, when a group of scammers installed several fake access points, which provided a fake interface to connect to the public network. Unsuspecting users connected, and entered their passwords and other confidential data, and this information was sent directly to the hackers themselves.'

Author: Matt Whipp