<img height="1" width="1" src="https://www.facebook.com/tr?id=3323484487762706&amp;ev=PageView&amp;noscript=1">
Blog Articles, Sonar

Detecting Vulnerabilities on Your Wireless Access Points

Sep 29, 2021
New call-to-action

Recent Content

The rapid advancement of computer technology brings many devices, appliances, and gadgets that people use to connect to the internet. A prime example of such an appliance is an access point (AP), which acts as a portal for connecting devices to a local area network (LAN). Principally, the AP extends the wireless coverage of an existing network, consequently increasing the number of end-users that can connect. The device has a high-speed ethernet cable running from a router, transforming the wired signal into a wireless one. The setup establishes a link with end-user devices using Wi-Fi.

Wireless networks have become increasingly popular in recent years to provide internet access and last-meter connectivity within offices and homes. AP devices, in this case, allow limited movement within a designated area such as a home or an office while maintaining connectivity. Other than home and office networks, commercial hotspots, otherwise known as Wi-Fi-enabled zones, have sprouted in various places. They include access points located in the ubiquitous bookstores, coffee shops, airports, and other public places to provide internet access.

In most cases, the router acts as an AP in home and small business networks. Apart from allowing you to connect your devices to Wi-Fi, the device checks all incoming and outgoing traffic to ensure that dangerous traffic is not passing through. 

Whether the AP connects devices in a home or business network, the risks on an unsecured wireless device are the same. In particular, firmware vulnerabilities in network devices put the sensitive customer and business data at risk, giving hackers easy entry to corporate and home networks. In effect, it is essential to identify firmware vulnerabilities and take corrective controls regularly.

This post discusses the risks of access points through outdated and vulnerable firmware. Do you know if the current version of firmware running on your wireless access point is vulnerable?

 

Firmware in AP

Firmware refers to the software running on the access point(s) physical hardware. Firmware consists of a set of features that control how routers and other access point devices run low-level software that sets the security standards of the network, defines rules about the device to connect, and so on.

 

Common Wireless Network Vulnerabilities

1. Authentication Bypass

An authentication bypass vulnerability allows attackers to perform different malicious tasks by bypassing the user login process. Mainly, the authentication bypass exploit is because of poor software development practices that rely on user input to authenticate, i.e. – a login screen. Other times, users face security vulnerabilities that allow attackers with physical access to bypass firmware authentication. Multiple wireless router chipsets were recently prone to an authentication bypass vulnerability, referred to as CVE-2019-18989 and CVE 2019-18990. Attackers can exploit this vulnerability by injecting packets into a WPA2-protected network without knowledge of the pre-shared key used during the authentication process.

As users we have been trained to always upgrade firmware when a new version has been released, but there is no guarantee that the newest version will be more secure than the previous version. With that said, we do strongly encourage end-users to upgrade their firmware immediately after the supporting vendor releases a new patch to prevent hackers from exploiting the firmware authentication bypass vulnerability identified.

2. Remote Code Execution

Remote code execution (RCE) vulnerabilities allow hackers to run commands on a remote machine. For instance, if a device has an RCE vulnerability, an attacker can install ransomware, steal proprietary information, or commandeer network resources for other malicious initiatives. They can also upload a backdoor to get access to the machine in the future, or turn the machine into a slave that is operated through a botnet that carries out a full distributed denial of service (DDoS) attack.  

Apart from keeping third-party software fully updated, it is vital to invest in a quality threat detection platform that can help with various tasks, such as alerting security teams when networks are vulnerable to remote code execution attacks.

3. Arbitrary File Uploads

An arbitrary file upload vulnerability is when an attacker has the ability to upload files to a network device’s file system, which can be then be used to gain access to the network. More commonly known as remote file inclusion (RFI) when an attacker does not previously have access to the target device, this is another flaw created through poor software development practices.

 

Detecting and Preventing AP Vulnerabilities

To identify the above types of vulnerabilities, you mainly need to reverse engineer the firmware code to spot programming errors or errors based on different libraries used within the codebase. AP vendors release firmware updates, alias patches to seal bugs detected through reverse engineering firmware code. Vulnerability fixes rely on ethical researchers to find the bug and then report that bug to the manufacturer, but there are plenty of unethical researchers that find bugs and don’t report them. These vulnerabilities are called zero days.

In the present digital age, you need to run optimal and secure Wi-Fi networks. For this reason, you should keep your network devices updated with the latest firmware version. AP vendors frequently roll out enhanced features into the network device’s operating systems to improve security and functionality. Users can only enjoy such new features only after updating their firmware with the latest versions available.

We cannot overemphasize the importance of keeping your AP device’s firmware updated. Some modern routers and APs update themselves in the background, but whatever model you have on your network, it is worth ensuring the firmware is up to date. This measure offers the latest bug fixes and security patches to protect your network from discovered exploits.

 

The Problem with Updating Firmware

As mentioned, router and other AP device manufacturers and vendors roll out firmware updates throughout the year to address discovered vulnerabilities. A CIO of a popular router company revealed they released nearly 200 fixes for its devices in one year alone. The number stands to increase with the rise in sophisticated attacks targeting networks.

The firmware updating process creates a major challenge. Typically, users have to find, download, and install router updates regularly, which is a potentially cumbersome task. In fact, even computer experts rarely remember to do that. On the other hand, few users know how to go about the process. These observations mean that most access points and routers may never get important security updates. A recent study shows that 86 percent of consumers never update their firmware.

 

Let Sonar and Pulsar Cyber Shield Do It for You

It is straightforward to implement security measures to protect wired network setups, but many organizations fail to apply the same security levels to improve Wi-Fi security. Characteristically, businesses lack an understanding of ways to enhance wireless access point security.

The Sonar Service included with Pulsar Cyber Shield can detect access points vulnerabilities effectively. The solution requires you to share the version of the firmware being run in the AP, and it will run an analysis to identify and consult on recommended changes if the current firmware version being run has vulnerabilities that put the company at risk of a ransomware attack.

Minimize your cyber risk with Pulsar Cyber Shield. Learn more.
Tim Connell

Tim Connell

As Head of Enterprise Products for Pulsar Security, he guides the team in creating solutions which satisfy the needs of real-world customers, specializing in the areas of data management, storage network visibility, and enterprise security. Tim holds technical certifications as an Offensive Security Certified Professional (OSCP), CompTIA Network+, CompTIA Security+, GIAC Penetration Tester (GPEN), GIAC Web App Penetration Tester (GWAPT), and GIAC Python Coder (GPYC).

LinkedIn
View all posts

Minimize your Cyber Risks with Pulsar Cyber Shield

A comprehensive array of services securing data,
network & firmware configurations, & your
wireless network.

Learn More 

100% of the team holds advanced cybersecurity certifications.

  • Certified Ethical Hacker
    Certified Ethical Hacker
    Certified Information Systems Security Professional
    Certified Information Systems Security Professional
    CompTIA Security+ Certified
    CompTIA Security+ Certified
    OSWP Offensive Security
    OSWP Offensive Security
    GIAC Security Expert
    GIAC Security Expert
    Offensive Security Certified Expert
    Offensive Security Certified Expert
    Offensive Security Certified Professional
    Offensive Security Certified Professional
    GIAC Exploit Researcher and Advanced Penetration Tester
    GIAC Exploit Researcher and Advanced Penetration Tester
    GIAC Web Application Penetration Tester
    GIAC Web Application Penetration Tester
    GIAC Certified Penetration Tester
    GIAC Certified Penetration Tester
  • GIAC Mobile Device Security Analyst
    GIAC Mobile Device Security Analyst
    GIAC Certified Incident Handler
    GIAC Certified Incident Handler
    GIAC Assessing and Auditing Wireless Networks
    GIAC Assessing and Auditing Wireless Networks
    GIAC Python Coder
    GIAC Python Coder
    GIAC Reverse Engineering Malware
    GIAC Reverse Engineering Malware
    GIAC Network Forensic Analyst
    GIAC Network Forensic Analyst
    GIAC Certified Forensic Analyst
    GIAC Certified Forensic Analyst
    GIAC Certified Forensic Examiner
    GIAC Certified Forensic Examiner
    GIAC Certified Intrusion Analyst
    GIAC Certified Intrusion Analyst
    GIAC Certified Detection Analyst
    GIAC Certified Detection Analyst
  • GIAC Continuous Monitoring Certification
    GIAC Continuous Monitoring Certification
    GIAC Certified Unix Security and Administration
    GIAC Certified Unix Security and Administration
    GIAC Certified Windows Security Administrator
    GIAC Certified Windows Security Administrator
    GIAC Critical Controls Certification
    GIAC Critical Controls Certification
    GIAC Security Essentials Certification
    GIAC Security Essentials Certification
    GIAC Defending Advanced Threats
    GIAC Defending Advanced Threats
    GIAC Law of Data Security & Investigation
    GIAC Law of Data Security & Investigation
    CompTIA Network+ Certified
    CompTIA Network+ Certified
    Scrum Alliance CSP-SM Certified
    Scrum Alliance CSP-SM Certified
    Microsoft MTA Security Fundamentals
    Microsoft MTA Security Fundamentals
  • Microsoft MTA Database Fundamentals
    Microsoft MTA Database Fundamentals
    CISCO Certified CCNA
    CISCO Certified CCNA
    AWS Certified Solutions Architect Associate
    AWS Certified Solutions Architect Associate
offsec
  • Home
  • Services
  • Partners
  • About
  • Contact
  • Contact

Copyright © 2023 Pulsar Security

|

Privacy Policy

|

Terms & Conditions

Website Design & Development by CommonPlaces Interactive