According to mobile security vendor AirDefense, some 56 percent of 623 wireless devices at the RSA conference in San Francisco were susceptible to attacks based on its study of wireless traffic at the show Tuesday.
But AirDefense puts the blames on users, not conference organizer RSA.
"RSA does a good job of providing a secure network as good as any standard corporate network," Richard Rushing, chief security officer at AirDefense, told internetnews.com.
The problem, Rushing said, is that among the thousands of attendees with notebook computers, PDAs and other wireless devices, most are vulnerable to attack because they use or maintain an open access wireless account separate from the conference network.
"People are using wireless, which is a good thing," said Rushing, "but they're connecting at hotels and hotspots in an insecure manner." Even if the user intends to use a secure network as a main point of access, these open accounts, if not deleted from a user's preferred list of network access points, can be exploited.
Specifically, Rushing said AirDefense identified 70 devices onsite at the conference participating in ad-hoc, peer-to-peer (define) networks using common SSID's (Service Set Identifiers) (define) such as "Free Public WiFi," "Free Internet Access" and "Linksys." Use of these networks typically means no firewall is present on the wireless interface, or it is an un-patched Windows system that can be readily exploited.
"It's low-hanging fruit for attackers," said Rushing.