New York presents wireless security challenge for RNC

Transportation Security Administration security checkpoints, hundreds of Secret Service agents, thousands of police on foot, horses and motorcycles, city blocks barricaded by dump trucks filled with tons of sand and an invisible wireless back door that is virtually impossible to monitor and control. That was a snapshop of the security situation at this week's Republican National Convention (RNC) at New York's Madison Square Garden.

While physical security was tightened to unprecedented levels -- transforming the city into something unrecognizable to those who call it home -- IT security researchers uncovered an unsettling number of unencrypted wireless devices that they say create a potential information security nightmare for convention organizers and delegates.

During a two-hour "war drive" around the site of the RNC as well as Manhattan's financial district, security researchers from Boston-based Newbury Networks discovered more than 7,000 wireless devices, 1,123 of which were located within blocks of the convention, including a network named WirelessForKerry. More important, 67% of those devices were access points that did not have encryption protection.

During the war drive, to which Computerworld was granted exclusive access, Newbury technicians set up an unsecured wireless "honeypot" that masqueraded as a Linksys access point. According to log analysis of Newbury's Watchdog system, a wireless device attempted to automatically connect to the honeypot every 90 seconds.

The findings underscore that while New York continues to focus on physical security for the convention, the huge numbers of open, unsecured wireless networks represent a serious threat to the city's hard-wired infrastructure, said Newbury CEO Michael Maggio.

"A wireless-enabled notebook computer powered up inside Madison Square Garden by a conventioneer or media representative could automatically associate with wireless networks outside of the building," said Maggio, noting that such a security gap could allow an attacker to "hop onto" the wired network inside the facility. "All the security policies in the world can't stop a wireless intruder from accessing an open network signal emanating from a Wi-Fi access point or network card."

The two-hour drive around Manhattan also revealed as many as 2,161 access points and 821 client devices broadcasting unique service set identifiers (SSID). "The SSIDs beaconed by clients is really a valuable list for an attacker," said Brian Wangerien, senior product manager at Newbury. "Once the attacker knows that a client is beaconing for a particular SSID, he can change the SSID of his AP and trick the client into connecting to the attacker's access point."

Several network administrators in Manhattan's financial district also appeared to use the system's encryption key as the SSID.

These security gaps potentially open the entire hard-wired RNC network and other corporate networks to data sabotage, virus and worm infections, denial-of-service bots and spam engines, said Wangerien.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.