ee Herald                                   
Home | News | New Products | India Specific | Design Guide | Sourcing database | Student Section | About us | Contact us | What's New
Processor / MCU / DSP
Memory
Analog
Logic and Interface
PLD / FPGA
Power-supply and Industrial ICs
Automotive ICs
Cellphone ICs
Consumer ICs
Computer ICs
Communication ICs (Data & Analog)
RF / Microwave
Subsystems / Boards
Reference Design
Software / Development kits
Test and Measurement
Discrete
Opto
Passives
Interconnect
Sensors
Batteries
Others

News

   Date: 27th Aug 09

Airmagnet say Cisco's WLAN AP can be skyjacked

AirMagnet's engineers have identified security loophole in Cisco WLAN Access Points
Cisco's OTAP feature is the entry-point for intruders. The venerable Cisco's OTAP feature allow unconnected WiFi AP to listen to traffic from other nearby Cisco APs to quickly locate nearby controllers.
Airmagnet engineers have named this venerability has SkyJacking

The two elements of vulnerability are, unintentional exposure or leakage of information in all lightweight Cisco APs and a threat for APs to be incorrectly assigned to an outside Cisco controller either by accident or at the direction of a potential hacker.

Further explanation from Airmagnet goes like this:
In normal operation, Cisco APs generate an unencrypted multicast data frame that travels over the air and includes a variety of information in the clear. From these frames a hacker listening to the airwaves could determine the MAC address of the wireless controller that the AP is connected to, the IP address for that controller, and a variety of AP configuration options. These frames are always unencrypted regardless of the encryption scheme used in the network, and are always sent regardless of whether the OTAP feature is turned on or not. At the very least, this allows anyone listening to the network to easily find the internal addresses of the wireless LAN controllers in the network, and potentially target them for attack. All lightweight Cisco deployments are subject to this exposure.

Unlike the vulnerability, the SkyJack exploit requires the actual OTAP feature to be enabled. With that feature enabled, a newly deployed Cisco AP will listen to the above-mentioned Multicast Data Frame to determine the address of its nearest controller. The potential exists for the Cisco AP to "hear" multicast traffic from a neighboring network and incorrectly connect to a neighbor or otherwise unapproved Cisco controller. This ultimately could lead to an enterprise's access point connecting outside of the company to an outside controller, and therefore being under outside control. This same mechanism could be done intentionally by a hacker to purposely SkyJack APs and take control of an enterprise's access point.
Airmagnet website url is http://www.airmagnet.com
          
Events
Advertise
Send News
Send Article
Feedback
eeherald.com
India Search
Home | News | New Products | India Specific | Design Guide | Sourcing database | Student Section | About us | Contact us | What's New
©2006 Electronics Engineering Herald