You are here

Home » Forums » General discussion

Virus vulnerability?

4 posts / 0 new
Log in or register to post comments
Last post
Tue, 06/14/2016 - 10:03
#1
VE3RTJ
Virus vulnerability?
Saw an article recently about a rash of attacks on UBNT networks, specifically Airmax CPE devices, that culminated in this blog post on the UBNT blog:

http://community.ubnt.com/t5/airMAX-Updates-Blog/Important-Security-Noti...

Near as I can understand, once a device is flashed with AREDN, the vulnerability is removed, but wondered if anyone had any concerns about this kind of thing? Frankly, I didn't know these devices were even targets for this kind of stuff. Guess I'm kind of naive.
Top
Tue, 06/14/2016 - 10:21
kg9dw
kg9dw's picture
Targets
Oh yes, they are definitely targets. Since under the covers they are running an OS (Linux based in this case) they are definitely vulnerable. Looking at the notes, it is possible that a similar attack vector could exist in other firmware.

Our local WISP just learned this lesson the hard way. They had a system wide outage that required them to re-program every tower radio and every consumer radio (hundreds of radios). While they have never shared the root cause, speculation is that they were hit by one of these attacks. Once the attackers were into the core network, they started changing the SSIDs of radios making them unreachable remotely. I would guess that the WISP used the same user and password on every single radio. 

Evil is everywhere. 
Top
Tue, 06/14/2016 - 10:24
K5DLQ
K5DLQ's picture
This was a vulnerability
This was a vulnerability specific to AirOS, from what I read.  If you have flashed AREDN into the node, you have eliminated that specific vulnerability.
 
Top
Tue, 06/14/2016 - 13:48
KG6JEI
Certainly is a risk, but this
Certainly is a risk, but this particular attack did not affect the AREDN firmware.
 
​Its one of those items we do keep an eye on. Its why we keep upgrading the core operating system behind the scenes (its not a big selling point to most people, but those who know system security will understand this one)  and why we are not using an Operating System from 2007 like another mesh solution does.
 
I tend to by default of my day to day job hold one of the primary eyes for project security, but in general everyone on the team is intended to be looking to be sure we don't insert any vulnerabilities, and that we tighten down the software and keep it clean (A new code review server just went up in the backend, not sure the team is ready to publicly disclose its URL as it may not be ready for non developer user interaction, but its one of the items that goes on in the background to be sure we continue to put out a good secure solution)
 
In the end these mesh nodes are a computer network, they need to be given the respect of that knowing they are computers not just radios and as such are subject to a more computer like approach of patching and securing.
 
To this end we also maintain a Security Team to handle responsible disclosure reports, details are listed on the About Us page: ​ http://www.aredn.org/about-us/
 
In the end it something that is always on our mind and certainly something we look at. We dealt with Heartbleed (not that its a big deal for HAM networks but I still didn't sleep till a fix had been pushed out), we dug deep into the ShellShock to be sure the vulnerabilities didn't exist here (another loss of sleep night to investigate), and we even looked at this one as well when it first came out.  Its a part of being a volunteer on the project that doesn't have the glamor of new features but its an area that we spend time on. Its one reason to stay updated even if you don't need the new features in newer versions.
 
Top

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer