<img height="1" width="1" src="https://www.facebook.com/tr?id=3323484487762706&amp;ev=PageView&amp;noscript=1">
Blog Articles, Sonar

Detecting Vulnerabilities on Your Wireless Access Points

Sep 29, 2021
New call-to-action

Recent Content

The rapid advancement of computer technology brings many devices, appliances, and gadgets that people use to connect to the internet. A prime example of such an appliance is an access point (AP), which acts as a portal for connecting devices to a local area network (LAN). Principally, the AP extends the wireless coverage of an existing network, consequently increasing the number of end-users that can connect. The device has a high-speed ethernet cable running from a router, transforming the wired signal into a wireless one. The setup establishes a link with end-user devices using Wi-Fi.

Wireless networks have become increasingly popular in recent years to provide internet access and last-meter connectivity within offices and homes. AP devices, in this case, allow limited movement within a designated area such as a home or an office while maintaining connectivity. Other than home and office networks, commercial hotspots, otherwise known as Wi-Fi-enabled zones, have sprouted in various places. They include access points located in the ubiquitous bookstores, coffee shops, airports, and other public places to provide internet access.

In most cases, the router acts as an AP in home and small business networks. Apart from allowing you to connect your devices to Wi-Fi, the device checks all incoming and outgoing traffic to ensure that dangerous traffic is not passing through. 

Whether the AP connects devices in a home or business network, the risks on an unsecured wireless device are the same. In particular, firmware vulnerabilities in network devices put the sensitive customer and business data at risk, giving hackers easy entry to corporate and home networks. In effect, it is essential to identify firmware vulnerabilities and take corrective controls regularly.

This post discusses the risks of access points through outdated and vulnerable firmware. Do you know if the current version of firmware running on your wireless access point is vulnerable?


Firmware in AP

Firmware refers to the software running on the access point(s) physical hardware. Firmware consists of a set of features that control how routers and other access point devices run low-level software that sets the security standards of the network, defines rules about the device to connect, and so on.


Common Wireless Network Vulnerabilities

1. Authentication Bypass

An authentication bypass vulnerability allows attackers to perform different malicious tasks by bypassing the user login process. Mainly, the authentication bypass exploit is because of poor software development practices that rely on user input to authenticate, i.e. – a login screen. Other times, users face security vulnerabilities that allow attackers with physical access to bypass firmware authentication. Multiple wireless router chipsets were recently prone to an authentication bypass vulnerability, referred to as CVE-2019-18989 and CVE 2019-18990. Attackers can exploit this vulnerability by injecting packets into a WPA2-protected network without knowledge of the pre-shared key used during the authentication process.

As users we have been trained to always upgrade firmware when a new version has been released, but there is no guarantee that the newest version will be more secure than the previous version. With that said, we do strongly encourage end-users to upgrade their firmware immediately after the supporting vendor releases a new patch to prevent hackers from exploiting the firmware authentication bypass vulnerability identified.

2. Remote Code Execution

Remote code execution (RCE) vulnerabilities allow hackers to run commands on a remote machine. For instance, if a device has an RCE vulnerability, an attacker can install ransomware, steal proprietary information, or commandeer network resources for other malicious initiatives. They can also upload a backdoor to get access to the machine in the future, or turn the machine into a slave that is operated through a botnet that carries out a full distributed denial of service (DDoS) attack.  

Apart from keeping third-party software fully updated, it is vital to invest in a quality threat detection platform that can help with various tasks, such as alerting security teams when networks are vulnerable to remote code execution attacks.

3. Arbitrary File Uploads

An arbitrary file upload vulnerability is when an attacker has the ability to upload files to a network device’s file system, which can be then be used to gain access to the network. More commonly known as remote file inclusion (RFI) when an attacker does not previously have access to the target device, this is another flaw created through poor software development practices.


Detecting and Preventing AP Vulnerabilities

To identify the above types of vulnerabilities, you mainly need to reverse engineer the firmware code to spot programming errors or errors based on different libraries used within the codebase. AP vendors release firmware updates, alias patches to seal bugs detected through reverse engineering firmware code. Vulnerability fixes rely on ethical researchers to find the bug and then report that bug to the manufacturer, but there are plenty of unethical researchers that find bugs and don’t report them. These vulnerabilities are called zero days.

In the present digital age, you need to run optimal and secure Wi-Fi networks. For this reason, you should keep your network devices updated with the latest firmware version. AP vendors frequently roll out enhanced features into the network device’s operating systems to improve security and functionality. Users can only enjoy such new features only after updating their firmware with the latest versions available.

We cannot overemphasize the importance of keeping your AP device’s firmware updated. Some modern routers and APs update themselves in the background, but whatever model you have on your network, it is worth ensuring the firmware is up to date. This measure offers the latest bug fixes and security patches to protect your network from discovered exploits.


The Problem with Updating Firmware

As mentioned, router and other AP device manufacturers and vendors roll out firmware updates throughout the year to address discovered vulnerabilities. A CIO of a popular router company revealed they released nearly 200 fixes for its devices in one year alone. The number stands to increase with the rise in sophisticated attacks targeting networks.

The firmware updating process creates a major challenge. Typically, users have to find, download, and install router updates regularly, which is a potentially cumbersome task. In fact, even computer experts rarely remember to do that. On the other hand, few users know how to go about the process. These observations mean that most access points and routers may never get important security updates. A recent study shows that 86 percent of consumers never update their firmware.


Let Sonar and Pulsar Cyber Shield Do It for You

It is straightforward to implement security measures to protect wired network setups, but many organizations fail to apply the same security levels to improve Wi-Fi security. Characteristically, businesses lack an understanding of ways to enhance wireless access point security.

The Sonar Service included with Pulsar Cyber Shield can detect access points vulnerabilities effectively. The solution requires you to share the version of the firmware being run in the AP, and it will run an analysis to identify and consult on recommended changes if the current firmware version being run has vulnerabilities that put the company at risk of a ransomware attack.

Minimize your cyber risk with Pulsar Cyber Shield. Learn more.

Tim Connell

Tim Connell

As Head of Enterprise Products for Pulsar Security, he guides the team in creating solutions which satisfy the needs of real-world customers, specializing in the areas of data management, storage network visibility, and enterprise security. Tim holds technical certifications as an Offensive Security Certified Professional (OSCP), CompTIA Network+, CompTIA Security+, GIAC Penetration Tester (GPEN), GIAC Web App Penetration Tester (GWAPT), and GIAC Python Coder (GPYC).