Vulnerability, Potential Exploit In Cisco WLAN APs 35
An anonymous reader writes "The AirMagnet Intrusion Research Team has uncovered a new wireless vulnerability and potential exploit associated with Cisco wireless LAN infrastructure. The vulnerability involves Cisco's Over-the-Air-Provisioning (OTAP) feature found in its wireless access points. The potential exploit, dubbed SkyJack by AirMagnet, creates a situation whereby control of a Cisco AP can be obtained, whether intentionally or unintentionally, to gain access to a customer's wireless LAN."
Unintentionally? (Score:3, Insightful)
How do you unintentionally gain access to something? How should I picture this? "Gee, officer, I was leaning against this door and then it suddenly opened and I tripped and then I must have stumbled into the jewelry box and all those rings just happened to pour into my pockets, dunno how this happened..."
Re:Config option, not all that bad (Score:4, Insightful)
Re:Unintentionally? (Score:4, Insightful)
If, say, you have a bog standard XP laptop, with a bittorrent client or other uPNP-using application running on it, and you start it up within range of an open AP, you could very well connect to somebody else's network and reconfigure their router all automatically. Never mind what might happen if your box is 0wn3d and full of malware that might attempt to automatically spread to other machines on the network you just joined.
Technology has its share of "Golly shucks, officer, I dunno how this happened" excuses; but it also has huge amounts of automation going on.