Logo air

Network Airspace Threats

Home | Why Aireye | Network Airspace Threats

Why You Should Look at Your Corporate Network Airspace

The majority of the corporate devices today include dual connectivity – on one hand connected to the corporate network and on the the other, acting as Wireless Receptors open to connecting to any wireless channel.

The vicinity of the corporate is also about with Antenna for Hire – broadcasting wireless devices.

While it is the corporate wireless security policy to allow employees and corporate-controlled devices to communicate only on supervised channels, corporations find that they cannot effectively enforce that wireless policy.

For example, a common policy violation occurs when an employee that is required to communicate over a restricted wireless network turns to a less restricted, or even a Guest or an open network when lacking wireless reception.

Attackers are also aware of this lack of control and enforcement and leverage Antenna for Hire as a proxy to penetrate the corporate network through Wireless Receptors. 

Why should you look at your corporate network airspace?

In fact, an AirEye survey showed that 44% of experienced IR professionals investigated incidents related to wireless attacks or vulnerabilities.

40% of surveyors mentioned they did not have sufficient forensic data in such attacks, and another 40% were not sure whether data was leaked. By not leaving forensics or attack data, this attack surface is used over and over again by attackers.

Request Demo
Meraki User? Start Free!

Who Should Care About Their Network Airspace?

Each company needs to consider their network airspace security as part of their network security strategy.

The endless number of wireless broadcasting devices in the vicinity of the network means that each company today needs to have visibility into all their corporate networks – including shadow networks, have a solid wireless security policy that is enforceable and be capable of preventing wireless attacks.

These include financial companies, banks, telcos, manufacturing, healthcare, retailers, software companies and defense.

Even the rare organizations with the most secure controls that do not allow for corporate wireless networks, have an issue through shadow networks due to the pervasiveness of wireless-capable devices. Also these organizations need to ensure they are protected from wireless attacks and enforce that a corporate-owned device does not connect to an unauthorized channel in their network airspace.

Companies must enforce their wireless security policy and protect their corporate network airspace to eliminate the risk of:

Unauthorized access to the corporate network

noncorporate devices accessing corporate devices through their wireless capabilities.
Unauthorized access to the corporate network

Device hijacking

corporate devices being taken control of through wireless attacks
device_hijacking

Data Leakage

corporate devices accessing unmonitored and unauthorized channels.
data_leakage

Segmentation hopping

bypassing network access controls through the network airspace
segmentation_hopping

How Medical Devices Can Be Easily Exploited (And Protected)

nacp-sep-arrow
A4H Reconnaissance

A4H Reconnaissance

Search over the internet for an Antenna for Hire (A4H)
Example: Security camera
A4H Control

A4H Control

Remotely take control of the Antenna for Hire (A4H)
Example: Exploit CVE-20XX-XXXX in security camera
WR Reconnaissance

WR Reconnaissance

Use the A4H to search for a Wireless Receptor at a corporate
Example: Boardroom TV broadcasting via Wi-Fi Direct
Exploit

Exploit

Take over the Wireless Receptor
Example: Connect to the boardroom TV via Wi-Fi Direct
Unauthorized Network Access

Unauthorized Network Access

Penetrate into the wired or wireless network through Wireless Receptor (WR)
Example: Use TV authorization to access wired network
Segmentation Hopping

Segmentation Hopping

Identify Wireless Receptors (WR) on other segment and hop wirelessly
Example: Hop from boardroom TV to employee’s laptop via laptop’s enabled hotspot
C&C Communications & Exfiltration

C&C Communications & Exfiltration

Connect to an unmonitored channel. Create a tunnel to a C&C
Example: Connect to cafeteria open Wi-Fi and connect via HTTPS to C&C

Wireless Attacks Are Remote and Software Based

The corporate IT landscape includes an increasing number of Wireless Receptors – wireless-capable devices, ranging from corporate laptops, printers, and even coffee machines. Each of these may create shadow networks, flying under the radar of the security team, and posing a security risk to the corporate network.

Outside the corporate, there is an endless number of Antenna for Hire – wireless devices broadcasting in the vicinity of the organization, ranging from security cameras to a router at a nearby cafe.

Attackers leverage the Antenna for Hire and gain unauthorized network access, device hijacking or data leakage, using Wireless Receptors as a springboard into the corporate network.

In essence, the Antenna for Hire acts as a proxy for the attacker without needing to physically be in the vicinity of the corporate.

Wireless attacks are remote & software based visibility_shadow networks

Shadow Networks

One of the biggest concerns security teams is shadow networks – networks generated by corporate-controlled devices.

No security solution today apart from NACP can identify, monitor and place controls over shadow networks.

Here are just a few examples of network entry points that are created by shadow networks and the risk they pose:

shadow_networks-1

Entry Point

An employee establishes a mobile hotspot on their computer.
entry_point_vs_security

Security Risk

Creates an insecure path for data to leave the organization.
An employee’s laptop back at the corporate still continuously probes for a common cafe’s network after having connected to one during remote work.
entry_point_vs_security
Allows attackers to hijack the device and create a network bridge between an attacker controlled device and the corporate network.
A network generated by the corporate printer, caused by the printer’s enabled Peer to Peer (Wi-Fi Direct) capability.
entry_point_vs_security
Allows an attacker to communicate with the printer device over an insecure channel and use it as a bridge into the internal network.
A portable X-Ray device emitting its own open network for its sensor plates to transmit patient data.
entry_point_vs_security
Provides an easy path for an attacker into the hospital’s network.
A Peer-to-Peer communication between forklifts at a factory.
entry_point_vs_security
Creates a path for lateral movement (e.g. for ransomware proliferation) through an insecure and unmonitored channel.
A boardroom monitor to which corporate laptops connect to.
entry_point_vs_security
Allows the attacker to hijack the laptop which later connects to the corporate network.
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do..
AI-driven | Saas | Zero-touch | Non-intrusive
Request a Demo
Logo air
Linkedin

Why Aireye?

Network Airspace Threats

Resources

Hadassah Medical Center Use case
Enterprise Wireless Security Best Practices
Anatomy of an Over-the-Air Attack

Solutions

By Over-the-Air Threat

Unauthorized Access
Data Leakage
Segmentation Hopping
Device Hijacking

By Industry

Healthcare Providers
Defense Manufacturers
Other Industries

Technology

Platform

How it Works
The Gap in Network Airspace Security & How We Close It

Values

Visibility
Control
Protection

Partners

Meraki

About

Who We Are
In The News
Blog
Careers
Contact Us

Copyright © 2024 Aireye | All Rights Reserved | Cookies Policy | Privacy Policy