Pluralsight blog Where devs, IT admins & creative pros go for news, tips, videos and more.
Supercharge your skills with expert-authored tech & creative training. Unlimited. Online. Get it now →
November 15, 2012

Ethical Hacking: Manufacturer Built-In Wireless Security


Watch these Ethical Hacking videos, and you’ll understand skills like network sniffing, social engineering, hijacking, and more. With these tactics of ethical hacking you’ll learn security techniques through the mind of an attacker.


Certainly the ethical hacker is happiest, I think, when he sees well beyond open authentication, which we can never really hope for because that would just be a Godsend. We hope for manufacturer specific wireless security. We hope for some solution that we find that’s actually implemented just by the manufacturer, not by a standards based security solution. This means that is has not been widely analyzed and widely scrutinized. There’s a lot of wireless manufactures, and I’m not going to name them by name, that have specific security technology built into their access points that’s unique to their company. They sell them as a benefit, but unfortunately what it means to them is that there’s plenty of vulnerability because of the lack of peer review. This is often the case because of the lack of testing.

Non-standard Technology

As an attacker the first thing I do is look for this kind of non-standard technology. I’ll look at what the manufacture IDs are for the wireless access points. I’ll start looking up the models and the information about them.

If that manufacturer does use this kind of manufacturer specific wireless security technology in any of their models, I’ll start probing for it. I’ll start Googling for vulnerabilities based on that manufacturer technology and, almost universally, I will find some that I can try to exploit. It may not be enabled or it may not be vulnerable. That’s fine. But again, bringing strength against weakness, this is going to be the weak area of anything beyond an open network.

Also, typically, these types of manufacturer specific security implementations in the wireless space are not immune to new attacks. While a lot of the standards are constantly probed, attacked, and analyzed by academics and security companies (and those results are published and then the more careful manufacturers release a patch or an update or they update the standard to accommodate for that), these kind of new attacks, when they are manufacturer specific, often go unnoticed.

If they are noticed, they often go unpatched for weeks or months or years. Ethical hackers love that because we just waltz right through it before the patch has a time to make its way to the company.

About the Author

has worked in the IT field for more than 20 years. He is an award-winning author, public speaker, and instructor on a variety of technology topics including security, virtualization, cloud computing, wireless and wired networking, and IT lifecycle processes. His operations experience includes managing the Xbox LIVE operations team, the largest cloud computing operations team in the world, and consulting on operations efficiency with countless clients around the world. Mike has published several books (including two for O’Reilly) and numerous papers. He is a frequent conference speaker and classroom instructor on IT operations, computer security, and technology frameworks. Mike holds a number of certifications and accreditations including Certified Information Systems Security Professional (CISSP) practitioner and instructor.

Author's Website: