Don't get burned by dual function rogue APs
Author/Blog Contributor - Greg Rayburn, AirMagnet Wireless Security Expert
Date: November 17, 2010
By now, most in the wireless security space understand the threat posed by rogue APs (any access point connected to a wired network without consent of the IT department). The situation is all to familiar — an employee brings in their AP from home and plugs it into the corporate network, or a hacker places an AP somewhere in the building and tries to connect internally to the network. It's probably the biggest security risk facing most networked companies today (but obviously not the only risk).
While rogue APs by themselves justify the need for greater WLAN security, today's hackers are always looking for new ways into the corporate network. In today's blog, we'd like to outline one such scenario we like to call Dual Function Rogue APs.
In a Dual Function rogue AP situation, a hacker uses a rogue AP as a launch pad for a wireless attack. There are a number of embedded systems manufacturers that supply motherboards with multiple mini-pci slots, as well as USB ports. With the right cards and firmware, any hacker can turn a rogue AP into a powerful wireless attack tool (an example might be the Ubiquity Routerstation and Routerstation Pro, but really any device that has extra mini-pci slots or support Atheros adapters — here is a supported hardware list, http://wiki.openwrt.org/toh/start).
For instance, a hacker could setup an embedded system in a rogue AP with two Atheros mini-pci cards — one card to act as the rogue AP and the other to act as the injecting card. Using OpenWRT as firmware, the hacker has the ability to easily install the aircrack-ng suite, as well as the MDK3 tool. This provides the hacker with a much more mobile footprint. He/she does not need to be in front of the device generating the traffic (injection attacks, DeAuth attacks); he/she could be outside in the parking lot or the other side of the building connected to a second wireless card.
Using rogue APs to hack networks is not something new to the wireless space, but when it's coupled with OpenWRT firmware, it turns an ordinary AP into a new powerful tool with advanced capabilities that can send an IT department on a wild goose chase.
The moral to this story (err, blog post) is that tracking down rogue APs is pretty straightforward. But, new techniques and software advances (such as the dual function rogue APs) are allowing hackers to better disguise and build rogue APs. Expect the unexpected and don't get caught in a cycle of just looking for laptops and smart devices.
Post a Comment: