Modernizing Authentication — What It Takes to Transform Secure Access
SAN FRANCISCO — The RSA Conference is perhaps the world's largest security event, but that doesn't mean that it's necessarily a secure event. Security testing vendor Pwnie Express has been passively scanning the airwaves on the RSA Conference show floor and has found multiple instances of EvilAP attacks.
In an EvilAP attack, a rogue access point uses a Karma attack to trick users into thinking they are connecting to a known access point. Among the access point beacons sent out in the EvilAP attacks at the RSA Conference are common locations like Starbucks and McDonald's.
The Pwnie Express analysis found that multiple users actually connected to the rogue access point and at least two remained connected over the course of more than a day.
Adding insult to injury, Pwnie Express found that there were multiple Wi-Fi access points running on the RSA Conference show floor that used WEP encryption. WEP is an older standard that has long since been proven to be insecure.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Watch the full video below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.