Over half of the wireless LAN devices at the RSA Conference were found to be prone to security attacks – particularly “Evil Twin” and “zero day” – during two days of WLAN traffic scanning by wireless security vendor AirDefense. The first type happens when a victim wirelessly connects to a laptop or handheld device masquerading as a legitimate access point or hot spot. The other involves preying on newly discovered software flaws in applications like Internet Explorer, which have neither been repaired nor provided with a patch.
On Day 1, AirDefense saw vulnerabilities in 347, or 56 percent, of 623 devices. Day 2 testing had a similar result, with 481 devices of 847, or 57 percent, having been found to be vulnerable. AirDefense Chief Security Officer Richard Rushing clarified that the conference network was not the cause of the vulnerabilities, and even commended it for being as secured if not “better than most standard corporate networks.”