Products > Security

Physical security for wireless networking equipment

(1/3) > >>

I have demonstrated (and contributed on Wikipedia) that anyone with physical access to a wireless router can gain access and/or obtain a wireless passphrase without special tools (Windows: Show characters) by pressing the Wi-Fi Protected Setup button and/or using preset security information on the unit which can include the Wi-Fi Protected Setup PIN number - once someone gets hold of this PIN number, there is no going back if it cannot be changed and/or disabled.

Even though a law in Germany requires wireless routers to have wireless security enabled out of the box if it does not manually require enabling of wireless networking functionality, the law does not (as far as I know) address physical security with respect to provision of information on physical security with respect to Wi-Fi Protected Setup and preset security information printed on the unit.

Physical security with respect to Wi-Fi Protected Setup and/or preset security information printed on the unit has made it to a number of tech publications, but I will enjoy true success when governments publically acknowledge this security issue.

I wanted a rude username:
Physical access == game over for security.

This has always been true in IT, and modern devices uphold this proud tradition, honouring it in new and creative ways. A recent example is the discovery that some network-connected security cameras, as soon as you plug a USB key into them, immediately start saving their video onto the key so you can retrieve it on your second visit.  ;D

It's worth adding that WPS pins can be bruteforced easily and that some router manufacturers generate the default pin and WPA passphrase from the MAC address. Additionally, the firmware of those boxes is often full of careless vulnerabilities...

In other words, if you want security you have to disable WPS and change the WiFi password. And install a third party firmware like OpenWRT if possible. (And disabling the web interface as well.)

However, non of this will protect you against an attacker with physical access. In that case it's indeed game over... :horse:

Syntax Error:
Do not forget the other end of an enterprise wireless access point, the wireless/link aggregation switch. This is often co-located with the other switches/routers, so lock it away in a steel box in the security room and disable all but physical wired console access. A wifi client sat in a store cafe should NOT be able to log into the link aggregation server at their gateway I.P. address, but it can happen.

Nothing really new here. If you have physical access to the device then all bets are off, there is always a way to extract data from it or break into it. Fortunately it's relatively easy to secure the device in most cases, certainly for home routers put it inside your house and the only people who can access it without breaking into your house are the people who are authorized to be there. If you are really paranoid you can lock it in a cabinet.


[0] Message Index

[#] Next page

There was an error while thanking
Go to full version