Researchers at AirMagnet, which makes intrusion-detection systems for WLANs, discovered a vulnerability in Cisco Systems WiFi network equipment used by many corporations around the world. According to AirMagnet, Cisco gear is at risk of being used in denial-of-service attacks and data theft. The exploit could be used against networks that have the Over-the-Air-Provisioning feature turned on. It affects all lightweight Cisco wireless access points.
“We found it in our labs,” Wade Williamson, director of product management at AirMagnet, said on Monday. “We don’t know about it being exploited in the wild.”
According to C/Net, the Cisco access points generate an unencrypted multicast data frame that is sent over the air and includes unencrypted data like the MAC address and the IP address of the wireless controller, as well as some configuration options, he said. The controller is used to manage the access points.
With that information, someone listening to the network could easily find the internal addresses of the WLAN controllers in the network. Sniffing that information out of the air is relatively simple and can be done with free tools like NetStumbler, said Wade Williamson, director of product management at AirMagnet.
The access point could end up connecting to an outside controller if it hears multicast data from that network instead, and thus it would be under someone else’s control, he said.
AirMagnet has informed Cisco about the problems and Cisco is working on a solution, Williamson said.
AirMagnet recommends that Cisco customers should be advised not to run the OTAP feature, as it could actively put new sensors in danger of being SkyJacked. AirMagnet also adds that customers might want to use their AirMagnet Enterprise – which is capable of detecting wireless snooping with hacking tools to alert staff of an impending exploit.
