Home > Wireless security > Skyjacking attack – then Cisco, now Aruba?

Skyjacking attack – then Cisco, now Aruba?

July 18th, 2011

Skyjacking Cisco WLC Aruba Mobility Controller AirWave Wi-Fi WIPSRecall “Skyjacking” vulnerability discovered with Cisco LAPs couple of years ago? It allowed hacker to transfer control of enterprise Cisco LAPs from enterprise WLC to hacker controlled WLC in the Internet with over-the-air attack. Once control is transferred, the hacker could change configuration on those LAPs in any way by adding, deleting and modifying SSIDs. The hacker could also tamper with Cisco monitor mode APs and take away the security layer. Cisco Skyjacking exploited vulnerability in Cisco’s over-the-air controller discovery protocol. Know more about it here 

Now a similar vulnerability seems to have been discovered in Aruba OS and AirWave console. The advisory states: “[a]n attacker could plant an AP with maliciously crafted SSID in the general vicinity of the wireless LAN and might trigger a XSS vulnerability in reporting section of the ArubaOS and AirWave WebUIs. This vulnerability could potentially be used to execute commands on the controller with admin credentials.” Though modus operandi is different from Cisco, the end result is similar – transferring the control of Wi-Fi controller to hacker by launching over-the-air attack.

No system is free from vulnerabilities and such things will continue to be discovered. But, you don’t have to give away “hack one, get one free”. You don’t have to give hackers control of Wi-Fi coverage and Wi-Fi security in a single shot. This can be achieved by ensuring that the Wi-Fi security layer operates independent of Wi-Fi infrastrucutre. This makes a strong case for using a separate and specialized security monitoring (WIPS) for Wi-Fi. With separate WIPS, even if you lose your Wi-Fi coverage to Skyjacking attacker, the WIPS will prevent any security damage over the compromised controller. It will also alert you when Skyjacking happens, so that immediate remediation can be done.

Not only such diversified approach safer, it is also cost effective! This is because, the specialized WIPS can help you get rid of hardware components such as controllers and will reduce your CapEx. The specialized WIPS will also reduce your OpEx with sleek monitoring workflow compared to WIPS bundled along with Wi-Fi infrastructure.

Hemant Chaskar

Hemant Chaskar is Vice President for Technology and Innovation at AirTight. He oversees R&D, product strategy, and intellectual property.Hemant has more than 15 years of experience in the networking, wireless, and security industry and holds several patents in these areas.

Twitter 

Wireless security , , ,

Comments

  1. No comments yet.
  1. No trackbacks yet.

Your email address will not be published. Required fields are marked *