Slashdot Mirror

← Back to Stories (view on slashdot.org)

RSA Conference Attendees Get Hacked (esecurityplanet.com)

Posted by EditorDavid on from the but-at-least-there-were-no-booth-babes dept.

The RSA Conference "is perhaps the world's largest security event, but that doesn't mean that it's necessarily a secure event," reports eSecurityPlanet. Scanning the conference floor revealed rogue access points posing as known and trusted networks, according to security testing vendor Pwnie Express. storagedude writes: What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...
At least two people stayed connected to a rogue network for more than a day, according to the article, and Pownie Express is reminding these security pros that connecting to a rogue network means "the attacker has full control of all information going into and out of the device, and can deploy various tools to modify or monitor the victim's communication."

54 comments

  1. So what? by thegarbz · · Score: 5, Insightful

    So a few people ran WEP encryption on their networks, and a few others used rogue access points.

    You want to talk about getting "hacked" let's talk about what was found. Did anyone give up credentials or sensitive details? Did anyone have something important revealed in a MITM attack? Did someone find something on those WEP networks? Just because we connect to something doesn't mean we trust it or aren't taking precautions. If you're rogue and providing me internet access, and all I'm doing is routing through your access via VPN that doesn't mean I got hacked.

    The devil is in the details, at least it would be if we had any.

    1. Re: So what? by niftydude · · Score: 1

      Exactly. No ssl/https or other keys seemed to have been compromised by this 'hack' so it was basically as safe as connecting to any other public WiFi.

      --
      You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
    2. Re:So what? by Minupla · · Score: 1

      If you're interested, most people would agree that when you connect to a defcon wifi network you should probably be... cautious. Let's face it, Defcon is to RSA from an info-risk pov as walking in downtown NY at 1am is to walking around the North/South Korean DMZ at 1am. Both are hazardous, but one of them is just plain insane.

      Now watch this: https://www.youtube.com/watch?...

      That's the 'so what'.

      And keep in mind that most ppl are still using the same passwords on multiple sites.

      Oops.

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    3. Re: So what? by Anonymous Coward · · Score: 0

      Spot on!

    4. Re:So what? by thegarbz · · Score: 1

      If you're interested, most people would agree that when you connect to a defcon wifi network you should probably be... cautious.

      Well if you have any evidence that they weren't I'm all ears. But right now we're criticising them for practising unsafe sex without every asking or checking if they used a condom and we've based this all on "those other people had unsafe sex here years ago".

      Until there's any actual details about what went on on these networks it is sensational hyperbole.

    5. Re: So what? by Anonymous Coward · · Score: 0

      browsers (and other processes) load a lot of non-ssl resources. If I am in control of the path that traffic takes, there's no end to the ways in which to attack your dsktop and browser.

    6. Re: So what? by Anonymous Coward · · Score: 0

      of course there is an end. the end is on the "completely useless stuff" side. there is literally Zero you can do to a machine. the stuff that needs to be secure and can be attacked uses encryption. the stuff that doesn't - you are free to it. being able to access stuff I am not restricting access to is a "hack" now?

      Alright - I've hooked up to your wifi point. I logged in to my bank account. What's my bank info champ? oh, you don't have that. because you didn't hack anyone.

    7. Re:So what? by sumdumass · · Score: 1

      Well, not really. The first mistake is in assuming that everyone attending the conference is actually a master at security verses someone who is trying to network for whatever reasons or trying to just get more information about it to see if it is a direction he wants his career to go.

      So to be more accurate, your statement should read a little more like this. "But right now we're criticizing them for practicing unsafe sex without ever asking or checking if they used a condom or even finding out if they have had sex before and we've based this all on "those other people had unsafe sex here years ago" in which case the "having sex" part may be the only reason some showed up.

    8. Re:So what? by thegarbz · · Score: 1

      Yeah I agree. Let's just go with making assumptions with no evidence so we can get outraged at a clickbait headline. It was silly to give people benefit of being innocent until there's evidence against them.

      Now where were we. Oh right. OUTRAGEOUS. THIS IS A SECURITY EVENT. HOW COULD THEY!!!!!1111

  2. Slashfaux Fake News for Nerds? by MikeDataLink · · Score: 0

    Seriously? Hacked is hardly what happened here. There's quite a large gap between hacked and *possible* eavesdropping. Did they get into their computer? Compromise their bank account? Did they get anything at all? Where exactly is the news in this again?

    --
    Mike @ The Geek Pub. Let's Make Stuff!
    1. Re: Slashfaux Fake News for Nerds? by Anonymous Coward · · Score: 0

      Who cares about a fake network? That's what TLS is for

    2. Re:Slashfaux Fake News for Nerds? by MikeDataLink · · Score: 1

      That's exactly what I am saying happened. This article is false. Nothing was hacked. Connecting to a fake network does not mean any hacking actually occurred!

      --
      Mike @ The Geek Pub. Let's Make Stuff!
  3. how "rogue"? by KiloByte · · Score: 5, Insightful

    Why would a "rogue" access point that actually delivers your packets be bad? A non-moron already treats all networks more exposed than your cluster's interconnects as untrusted, this goes for granted for any public network you connect to -- especially at a security conference where there will be some attacks (even if not malicious).

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:how "rogue"? by sheetsda · · Score: 1

      Why would a "rogue" access point that actually delivers your packets be bad?

      Because unfortunately not everything is hardened against MitM attacks yet. Everything should be, but not everything is.

    2. Re:how "rogue"? by ixidor · · Score: 2

      if you connected to the rouge AP, and have VPN to corp office turned on, what traffic/data would not be protected?

    3. Re:how "rogue"? by sheetsda · · Score: 1

      VPN protects against MitM. Are we assuming everyone was using that for some reason?

    4. Re:how "rogue"? by AHuxley · · Score: 1

      The origin device and big brand destination would be interesting.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:how "rogue"? by thegarbz · · Score: 1

      What we are assuming is that:

      a) people who attend the RSA conference are professionals who we can shame for poor security.
      b) that purely based on the fact that they connected to an access point they are idiots and thus deserving of a shaming.

      If this were Comicon we would have a point. The odds of good security practices would be lower, but then it's hardly fun to try and shame a bunch of Comicon nerds. Extraordinary claims require extraordinary proof, and so far we have none.

  4. Researchers by darkain · · Score: 4, Interesting

    And how many of those people who connected to these access points were doing the same type of monitoring, in reverse. Such as testing to see how exploitable these fake APs are!?

  5. Admiral Ackbar by ISoldat53 · · Score: 1, Funny

    It's A Trap!

  6. Why use untrusted wi-fi? by 140Mandak262Jamuna · · Score: 4, Informative

    The data plans have become very affordable. I don't find the need to ever use "free" wi-fi. I use wi-fi at home, and then it is the standard data plan from t-mobile. I don't even use the free wi-fi provided by my employer at work. ( No, no, I am not Visvesvaraya, the legendary minister of Maharajah of Mysore who kept two sets of candles and made sure he did not use the government issued candles while attending to personal work. Just simply privacy concerns, why even let the employer know my browsing habits? )

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:Why use untrusted wi-fi? by antdude · · Score: 1

      Cellular is usually expensive, slow, capped, and uses a lot of power compared to wifi. I don't do private stuff on unknown wifis.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    2. Re:Why use untrusted wi-fi? by Anonymous Coward · · Score: 1

      Cellular is usually expensive, slow, capped, and uses a lot of power compared to wifi.

      Yeah, no.

      Get a better service provider/plan/device. I have unlimited 4g/LTE -which has better throughput than a shared wi-fi resource, and I have not had battery issues on my mobile devices in the past year or so. That used to be the case, but it really is not a valid excuse anymore. Welcome to the modern age!

    3. Re:Why use untrusted wi-fi? by 140Mandak262Jamuna · · Score: 1

      For 120$ a month, I get four lines with unlimited text, voice, and 2GB of "high speed" data. Then it gets throttled to 128 kbps. That speed is good enough to provide turn-by-turn driving instructions. I don't stream videos. So I don't even use this much of data. Anyway if I am a security professional, the company issued phone would come with some decent wireless data plan provided by the employer.

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    4. Re:Why use untrusted wi-fi? by antdude · · Score: 1

      Ah. I would use all that easily for personal usage. ;)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    5. Re:Why use untrusted wi-fi? by Karlt1 · · Score: 4, Informative

      As of this week, all of the four major carriers are offering unlimited data that is not "deprioritized"* until you go over 22GB - 28GB.

      When we were living in an apartment where wifi interference was horrible. We typically just turned off wifi and used cellular from our phones. (We also had 100 foot cords running to all three bedrooms from the router but that's a different story....)

      I pay $200 on T-Mobile for 5 lines unlimited data with 14GB of tethering on each line.

      Depriorotized -- your data is slowed down temporarily in congested areas to allow others to go at full speed when you go over the cap.

      Throttled -- your speed is slowed down permanently to 2G speeds for the rest of the billing cycle when you go over the cap.

    6. Re:Why use untrusted wi-fi? by Anonymous Coward · · Score: 1

      I could write a long post hoping that you would realize that not everyone needs, can access, or can afford this kind of "solution", but hopefully the intent is sufficient for you to get a hint of a clue.

    7. Re:Why use untrusted wi-fi? by thegarbz · · Score: 1

      The data plans have become very affordable. I don't find the need to ever use "free" wi-fi.

      I have a better question for you. Why trust your data plan more than an untrusted WiFi point? There's only one thing that is certain, all your activity on your data plan is being monitored and logged for Uncle Sam. The same can not be said for the untrusted WiFi connection.

      I would approach either with the same caution.

  7. Remember kids... by __aaclcg7560 · · Score: 1

    Even the experts don't always practice safe computing when they're excited to get it on.

  8. that's why VPN or equivalent is needed in public by MarcAuslander · · Score: 3, Informative

    I use a homebrew equivalent of VPN whenever I'm in public. Started when I realized a hotel was messing with my HTTP traffic! Crucial of course is reliable access to DNS - if that's broken then even connecting HTTPS can get you in trouble if someone has gotten hold of a signing certificate and does man in the middle.

    This stuff is just to hard for the average user.

  9. Even more ironic... by Anonymous Coward · · Score: 1

    Hackers switched signs on some of the bathroom doors and attendees accidentally became transgender bathroom users. Guys, it is important to remember that if you don't see a urinal, you're in the wrong place.

  10. Looking for the booth babes? We got 'em! by Anonymous Coward · · Score: 0

    Click on this link for details.

    1. Re:Looking for the booth babes? We got 'em! by crashumbc · · Score: 1

      There's nothing here?

      *looks around*

      "YOUR COMPUTER HAS BEEN LOCKED by the FBI click the link below to avoid jail time"

  11. Next Year... by Anonymous Coward · · Score: 0

    >Pownie Express is reminding these security pros that connecting to a rogue network means "the attacker has full control of all information going into and out of the device, and can deploy various tools to modify or monitor the victim's communication."

    Next year they'll MITM the hotel's wired ethernet and warn people to think before you snap in.

    1. Re:Next Year... by gweihir · · Score: 1

      And if the actual security experts were just using secure VPN, then the wannabes from "Pownie Express" have about a bucket of egg on their faces....

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. BEAST, CRIME, BREACH, Sweet32 etc by raymorris · · Score: 1

    A large number of vulnerabilities require MITM as prerequisite. These are also the vulnerabilities most likely to go unpatched, as people think the requirement for mitm makes the attack much less likely.

    In the last few years, just against https alone, and only considering high-profile, named vulnerabilities, we have BEAST, CRIME, and BREACH off the top of my head. There are twice as many that don't have cool names, they're known as CVE-2016-xxxx.

    Perhaps you'll use a VPN. Some common VPN configurations are vulnerable to an attack called Sweet32.

    In theory, using encryption you can communicate securely across an untrusted network. In practice, a man-in-the-middle makes securing the communication quite difficult.

  13. Several vulnerabilities in corporate VPNs by raymorris · · Score: 1

    There are a number of common vulnerabilities in corporate VPNs. The newest major ones, which came out in the last few months, are Sweet32 and a certificate validation bug. Aggressive mode IKE is also still quite common, though it's long been known to be less secure than desired. Just thinking about my recent experience testing corporate VPNs, without actually querying my database for exact numbers, I'd say around 50% of corporate VPNs are insecure to varying degrees.

    The worst are the certificate validation issues - you can be using strong AES encryption, but talking to my spoofed endpoint and I don't even have to use a lot of CPU cracking the encryption.

  14. not to worry by Ol+Olsoc · · Score: 1, Insightful
    It doesn't matter if they were hacked, because sexy booth babes have been banned.

    Because that is what is most important in America today. Fugk that security stuff, someone saw a woman with a dress 4.00001 inches above the knee. To the safe room people, we are uncomfortable!

    But we have great wireless coverage there!

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  15. Re: that's why VPN or equivalent is needed in publ by niftydude · · Score: 1

    If you are running a homebrew VPN then you should be able to configure your VPN server to supply all DNS.

    --
    You can never know everything, and part of what you do know will always be wrong. Perhaps even the most important part.
  16. rogue = mobile hotspot by Anonymous Coward · · Score: 0

    They keep popping up!

  17. Bluecoat etc. by Anonymous Coward · · Score: 0

    Ha ha. Remember Bluecoat? Symantec granted them enough authority to make any number of fake certificates.
    Or any of the trusted certificate authorities around the world, already trusted by your browser can issue fake certs.

    Did you miss China's WoSign, issuing certs for fake GitHub sites,?

    And that's before the deceptive websites used in common attacks.

    These are supposed to be security professionals and yet they're sloppy.

    1. Re: Bluecoat etc. by Anonymous Coward · · Score: 0

      What are you? Sixteen?

  18. Re: DNC? by Anonymous Coward · · Score: 0

    You sweet, precious snowflake!

  19. Re: DNC? by itsphilip · · Score: 1

    There's a Russian puppet in the White House?

  20. These two may have been least at risk by gweihir · · Score: 2

    Use a VPN, use SSH for remote logins and you basically do not care about the security of the access-point. If it wants a browser-based sign-up, just do that from a VM. You would think that you can find people that know how to do that at the RSA conference....

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:These two may have been least at risk by plover · · Score: 1

      There are plenty of people I know who would fall for this, because they simply don't know. They were issued a laptop for work and were told it was secured through a VPN, but don't understand how networks or routing actually works. They think they're secure only because an expert told them that VPNs are secure.

      And not all VPNs are secure. Corporate VPN solutions are increasingly looking to split tunnelling to cut costs: internal corporate IP addresses are correctly routed to the VPN tunnel interface, so things like internal email and corporate web sites are all secured, but the external IP addresses (Google, Microsoft, Slashdot, etc.,) are left to route through the local gateway, reducing bandwidth through the corporate network. So if your wireless adapter connects to a WiFi Pineapple using one of those corporate laptops (thinking it's connecting to a conference AP or something), the rogue AP will faithfully route the still-secure VPN traffic to the proper corporate headquarters servers, but it will just as happily MiTM the rest of the regular unsecured traffic, scanning for credentials, cookies, API keys, or whatever other external sites the computer may happen to access. They could expose personal email account credentials, various web apps, DNS requests, discovery packets, or other loud network traffic. And this allows scenarios where the browser gets cache poisoned while browsing the unsecured web, then used to connect to an internal corporate web site where the malicious cached javascript echoes all the booty back to the attacker.

      Of course, you expect the tech folks at the RSA conference would know how it all works, but a significant fraction of the attendees are not tech employees. There are no doubt many finance people; executives with expense accounts and instructions to "come back with a security contract"; salespeople; politicians; and the press in attendance.

      I just hope the guys with the rogue access points are no worse than gray hats who are posting them on a Wall of Sheep somewhere at the conference, and not actually hacking the attendees.

      --
      John
  21. Re: DNC? by sumdumass · · Score: 1

    Yep, it is on the credenza next to the statue of MLK when it got moved.. I'm told it an old man with a bit nose and other exaggerated facial features but I have never seen it personally.

  22. Re:DNC? by eric_harris_76 · · Score: 3, Insightful

    So, the Russians manipulated US voters by discovering and revealing awful truths about a candidate for president?

    Suppose this dastardly deed has been done by -- and I'm being deliberately zany here -- the news media doing their damn job?

    Would it have been a bad thing then?

    How about if it had happened before that nominee had won the nomination? Would that have been a bad thing or a good thing?

    Let's hope next time, the Russians (or whoever does it next time) does it before the nomination.

    And they do it to all the despicable candidates of the statutory duopoly parties, rather than just the one.

    --
    There's no time like the present. Well, the past used to be.
  23. This stops THAT occurring... apk by Anonymous Coward · · Score: 0

    Prevention = best medicine (& what u can't touch can't hurt u) via NEW APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    Ads & malware rob speed/security/privacy

    Hosts add speed (via hardcodes/adblocks), security (vs. bad sites/malware/poisoned dns), reliability (vs. dns down), & anonymity (vs. dns requestlogs/trackers).

    Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus + less security bugs/complexity & faster vs. addons/routers/remote dns!

    Avoids DNSChangers in routers/IP settings & dns redirects (99.999% of ISP DNS != patched vs. it) + lightens DNS load & resolves faster from local system RAM!

    * Via what u NATIVELY have built in IP stack in FASTER kernelmode!

    APK

    P.S. - Safe https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/

  24. Re:DNC? by Anonymous Coward · · Score: 0

    Please, SHUT THE FUCK UP.

  25. Re:DNC? by DeVilla · · Score: 1

    Never fear. After the election you can be assured the press will relearn how to do investigative journalism. Had the election gone the other way, that might have never happened.