Newbury Networks Finds Unsecured Wireless Networks Around RNC site in New York
September 7, 2004
Newbury Networksg found large numbers of open, unsecured Wi-Fi networks and 802.11 client cards throughout New York City, including a large number around Madison Square Garden where the Republican National Convention was held last week. During a two hour "war drive" with its WiFi Watchdog throughout New York City on August 24, 2004, Newbury Networks uncovered a total of 7,039 unique Wi-Fi devices. Wireless access points accounted for 63 percent of the total, with the rest being network cards. An average of one card accidentally associated with Newbury Network's unsecured access point every 90 seconds. Sixty-seven percent of the 1,008 wireless networks found near Madison Square Garden had no encryption enabled.
Newbury Networks' press release identified Wi-Fi networks from Aetna, Coca Cola, DKNY, Olympus, Applebee's, Burger King, the New York State of Appeals, the New York Film Academy, Columbia University, New York University's Stern School of Business, and, of course, Starbucks. Newbury Networks warned that a conventioneer's wireless enabled laptop inside Madison Square Garden could automatically associate with wireless networks outside the building, allowing a hacker to use the connection to gain access to files on the computer.
Michael Maggio, president and CEO of Newbury Networks, explained, "Newbury undertook this experiment to illustrate the security challenges inherent with the rapid adoption of Wi-Fi technology. Four years ago, at the last set of national political conventions, Wi-Fi was still in its 'early-adopter' stage. The huge productivity gains provided by Wi-Fi have prompted many organizations to deploy wireless networks. These networks, however, place enormous demands on enterprises and government agencies to understand the security challenges and the solutions available to make these networks both secure and productive." "As was the case in Boston for the DNC, convention planners cannot effectively enforce these 'no Wi-Fi' policies. New York, in many respects, is even more vulnerable to security breaches because of the level of wireless traffic around Madison Square Garden. All the security policies in the world can't stop a wireless intruder from accessing an open network signal emanating from a Wi-Fi access point or network card."
I wonder what the reaction would have been if the IT team at the RNC had set up a Wall of Sheep display on one of the screens at Madison Square Garden. The "Wall of Sheep" at DEFCON 12 in Las Vegas in August displayed user names, passwords and occasionally other information gathered from unsecured WiFi connections at the convention. One attendee was discovered filing his tax return over an open connection!