Network AirspaceProtection

The overlooked layer of network security

Antenna for Hire™

Antenna for Hire™

What are digital
airborne attacks?​

Digital airborne threats are a class of network risks that leverage wireless devices in your corporate digital airspace (such as Wifi, cellular, 5G, Bluetooth, etc.) to launch attacks against your corporate network. In these attacks, the threat actor turns the wireless devices within the proximity of the corporate into Antenna for Hire™. Since the traffic is not routed through the enterprise network it bypasses organizational network security controls. Security teams are left without visibility into this risky traffic, and consequently, are not able to achieve full control and complete protection over their corporate network. 

Digital airborne threats cannot be ignored as they may lead to:

Unauthorized access to corporate network

Unauthorized access tocorporate network

The attacker compromises a computing device through the device’s wireless capability and uses the now-compromised device as a stepping stone into the corporate network.

Network and device hijacking

Network and devicehijacking

The attacker uses an Antenna for Hire™ within the corporate proximity and turns it into an Access Point (AP) under the attacker’s control.

Data leakage

Data leakage

Corporate data leaving the secure corporate network through an unsupervised network channel.

Digital airborne attacks in the wild

Current Malware

Current Malware

Emotet Trojan, NetWalker Ransomware, Mirage Trojan

On the researcher’s mind

On the researcher’s mind

In 2020 BlackHat featured eleven talks dedicated to wireless security. That’s more than x5 the amount of related talks just five years earlier.

Officially recognized

Officially recognized

In 2020, the Office of Inspector General at the US Department of the Interior emphasized the lack of security on the DOI’s wireless networks.

The pressing need for network airspace protection

A gaping hole in your network security

Wifi authentication and encryption do not address airborne attacks as these all happen on other channels not monitored or controlled by the enterprise wireless equipment. And in most cases, interaction with the victim machine is completely outside of the corporate network scope making NAC and wireless firewalls completely oblivious to such communications.

Your AP vendor does not have you covered

Some AP devices come with built-in Wireless Intrusion Detection Systems (WIDS).  However, these devices only check for rogue APs or Evil Twins through whitelisting, resulting in numerous false positives, and do not cover the full range of airborne attacks. Furthermore, these solutions are vendor-based whereas a typical corporate may have APs from multiple vendors.

IoT security simply doesn’t address airborne threatsy

Given that a corporate network is affected by so many IoT devices surrounding the enterprise but controlled by other organizations makes IoT security solutions irrelevant to the problem of airborne attacks.

Network Airspace Protection (NAP)(AirEye)

IoT Security

AP Vendors

Wireless channel detection services

Description

Prevention of any type of airborne attack

Asset inventory on corporate devices only. Lack visibility into connections so cannot indicate whether a connection is malicious.

Verifies only if their AP is legitimate. Any other AP, incl. competitor AP, is automatically considered rogue.

Lack context on whether the connection is compromised making these detection-only services.

Unauthorized Network Access

Network and Device Hijacking

Data Leakage

Network Airspace Protection (NAP)(AirEye)

Description

Prevention of any type of airborne attack

Unauthorized Network Access

Network and Device Hijacking

Data Leakage

IoT Security

Description

Asset inventory on corporate devices only. Lack visibility into connections so cannot indicate whether a connection is malicious.

Unauthorized Network Access

Network and Device Hijacking

Data Leakage

AP Vendors

Description

Verifies only if their AP is legitimate. Any other AP, incl. competitor AP, is automatically considered rogue.

Unauthorized Network Access

Network and Device Hijacking

Data Leakage

Wireless channel detection services

Description

Lack context on whether the connection is compromised making these detection-only services.

Unauthorized Network Access

Network and Device Hijacking

Data Leakage