The Risk of Open WiFi on Display at RSA
VIDEO: Once again the RSA Conference decided to use unencrypted WiFi, and once again it's time to (re)learn why that's a bad idea.
SAN FRANCISCO--Security experts from around the globe descended on the Moscone Center here this week for the annual RSA Conference, which provided free WiFi throughout the sessions and exhibit halls. While the WiFi has been generally available, there has been one key problem with it--it's unencrypted.
The use of open, unencrypted WiFi is often employed because it's easier to get users on the network that way. That said, there are significant and nontrivial risks of having an open network, risks that were laid bare in an exclusive video interview analysis of the RSA Conference WiFi network provided to eWEEK by security tools vendor Pwnie Express.
Pwnie Express has a number of devices that can "sniff" the air to analyze what's going on with WiFi. As well, the company has a service called Pwn Pulse that can then provide visibility into what the company's devices can see and what's actually running on network. At the RSA Conference, what Pwnie Express saw was risk and potentially malicious behavior, including what appeared to be a Karma attack. In a Karma attack, a rogue access point attempts to trick users into connecting by appearing to be an access point that the user has previously used.
Beyond potential rogue access points, there are other risks of being on an open WiFi network that the Pwn Pulse technology helped to expose.
"It's very stupid to have a completely unencrypted network," Yolanda Smith, product manager at Pwnie Express, explained to eWEEK. "Anyone can attach themselves to it and from there could run a man-in-the-middle attack ... they can execute mobile malware."