Hackers Say Wireless Is Weak
Lock down your wireless network -- that’s the message coming loud and clear now that the DefCon hacker convention has rolled through Las Vegas.
Jesse Krembs, president of The Hacker Foundation, who spoke at the show, warned that wireless is the weak under-belly of many businesses. “I think that the main thing that people will be looking at is more wireless hacking,” he says.
Krembs warns that this is as much about sloppiness as it is about technology. “A lot of the problems with wireless security revolve around bad practice and port cryptography issues."
He adds that planning is key when it comes to wireless deployments. “If you’re going to install mission-critical wireless, you need to do a site survey and think long term,” he explains. Bluetooth deployments, in particular, need some serious thought. "Bluetooth and 802.11 in the same room is an issue. They operate in the same airspace, and if you have a really powerful Bluetooth device it’s going to drastically affect the 802.11 network.”
Krembs also urged users to think twice about running Bluetooth all the time on their mobile phones. This, he notes, could open them up to "bluesnarfing," where hackers download information from the device.
Port cryptography is a way of encoding wireless data so that it cannot be hacked, and a number of firms, including Fortress Technologies Inc. and AirDefense Inc., offer products to tackle this issue.
If anyone is hip to hot new security markets, it should be the guys at DefCon. The conference, which is now in its 13th year, is Vegas's annual chance to put on its 1337 face and let hackers run amok. The confab is known for its parties and pranks, and the extracurricular activities potentially make it as unsafe for humans as it is for computers.
But with hackers eager to show off their prowess, precautions have to be taken. According to Krembs, the Alexis Park resort, where the conference is held, turns off its own wireless network for the duration of the show. This is replaced with a “giant” public wireless network run by DefCon itself. “At no point was the Alexis or their back-offices compromised,” explains Krembs.
But users accessing DefCon’s own network had to be very careful. Some unsuspecting folks found themselves listed on the “Wall of Sheep,” where hackers displayed portions of their passwords.
The Alexis was not the only hotel that prepared for the onslaught. The Westin Casuarina Hotel and Spa, one of the hotels that housed DefCon attendees, doesn't use wireless Internet access, precisely for security reasons. "We're anticipating things of that nature may come up regardless of whether DefCon is coming through," says John Sevilla, the hotel's director of operations.
Security expert Bruce Schneier, CTO of Counterpane Internet Security Inc., believes that many hotel wireless networks are not as secure as they could be. “Everything is just as bad,” he says. “[But] you don’t often get a convention like DefCon that will take advantage of it."
Schneier adds that over the years DefCon has left a trail of destruction behind (of sorts). “For a while DefCon had trouble getting the same hotel twice -- there were a string of hotels that were torn down after DefCon was there.” This, of course, is the merest coincidence.
The Alexis Park resort did not respond to requests for comment on this article.
— James Rogers, Site Editor, Next-Gen Data Center Forum, and Craig Matsumoto, Senior Editor, Light Reading