Network Security News

Cisco wireless LAN access points vulnerable to hacker attack

Tuesday, August 25, 2009

Security researchers at AirMagnet have uncovered a security flaw in Cisco's wireless LAN infrastructure that could allow a hacker to hijack a wireless access point to gain access to a customer's network.

The vulnerability involves Cisco's Over-the-Air-Provisioning (OTAP) feature found in its wireless access points (APs). The OTAP feature allows a Cisco AP that is not connected to a Cisco controller to listen to traffic from other nearby Cisco APs and use that information to quickly locate a nearby WLAN controller to associate to.

AirMagnet said there is an unintentional exposure or leakage of information in all lightweight Cisco APs and the potential for APs to be incorrectly assigned to an outside Cisco controller (what the researchers call "SkyJacked") either by accident or at the direction of a potential hacker.

The potential exists for the Cisco AP to "hear" multicast traffic from a neighboring network and incorrectly connect to a neighbor or otherwise unapproved Cisco controller. This ultimately could lead to an enterprise's access point connecting outside of the company to an outside controller and therefore being under outside control.

This same mechanism could be done intentionally by a hacker to purposely SkyJack APs and take control of an enterprise's access point.

AirMagnet said it has informed Cisco of this vulnerability and potential exploit. Cisco is "taking appropriate actions."ADNFCR-1765-ID-19329478-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now