Ubiquiti, a global networking technology company came onto the mainstream marketplace beginning in 2005 with a clever idea of offering products at low prices to mass markets guiding channel players to monetize their services instead of the hardware. Every strategy has its pluses and minuses and some would say Ubiquiti’s low-price leader concept swung the pendulum too far, reducing their own ability to re-invest profits into their research and development department. Others would say the low-price leader concept has worked and put the UniFi brand on the map alongside networking names like Cisco Meraki. Regardless of which viewpoint you align to, the number of businesses with Ubiquiti UniFi access points around the world is impressive and therefore a prime target for cyber criminals as evidenced by vulnerability disclosed last year.
Thinking of how exposed a business would be to eavesdropping, credential theft, and web history/email theft if attackers were to hack past a UniFi access point, Wi-Fi professionals at Miercom, recently tested Ubiquiti’s UniFi Secure HD access point (AP) to determine if it could automatically detect and prevent the six known Wi-Fi threats. The UAP-AC-SHD was only able to automatically detect one of the six threats – the Evil Twin AP – and failed to automatically detect the other five. The UAP-AC-SHD also failed to automatically prevent all six threats. Results are seen in the table below and full test details can be downloaded here. Note the blue columns show the UAP-AC-SHD operating alone and the red columns show it when a WatchGuard AP125 is added to the network to protect the UAP-AC-SHD from Wi-Fi hacks.
If you’re a cyber security expert, you’re likely not surprised at these findings as most Wi-Fi equipment makers have put security on the back burner for years mostly because the general market doesn’t have the exposure to how severe of a problem Wi-Fi hacking is and therefore isn’t top of mind to most buyers. However if you’re not a security expert or if you’re using a Ubiquiti access point right now, you might be a bit shocked. Especially when the UniFi Secure HD AP contains a dedicated radio that “Constantly monitors and protects against threats” as displayed on the website.
Feeling my electrical engineering roots tugging at me, I had to dig deeper to see if there was some kind of technical detail footnote could explain away why the dedicated security radio inside the UAP-AC-SHD appeared to be mostly ineffective at stopping major Wi-Fi hacks. Alas! On page 5 of the UniFi Secure HD AP datasheet was this text with the ol’ asterisk footnote:
Threat Management The UniFi SHD AP’s dedicated security radio provides persistent threat management to act as a Wireless Intrusion Prevention System (WIPS)* and Wireless Intrusion Detection System (WIDS). Such a dedicated radio affords frequency agility – meaning all available Wi-Fi channels are monitored constantly for threats – not just the channels the AP is using.
* Currently full-time rogue access point detection is the main WIPS feature of the dedicated security radio.
My footnote quest was over but I still feel unfulfilled because the UAP-AC-SHD actually failed the Rogue AP detection test causing me to chalk it up to features still under development at Ubiquiti.
You can protect your UniFi APs from Hacking
Miercom test professionals recognized that WatchGuard has been gearing its cloud-managed AP roadmap with unique security feature sets. To determine how existing Ubiquiti UniFi networks can become Trusted Wireless Environment compliant, Miercom configured a WatchGuard AP125 AP as a security sensor dedicated to protecting the UAP-AC-SHD from the six known Wi-Fi threats. The results show that Ubiquiti Wi-Fi networks that would’ve been vulnerable to the six Wi-Fi threats are 100% protected once a WatchGuard AP125 APs was added. From a deployment perspective, network and security administrators will find a simple solution where the UniFi APs continue to connect Wi-Fi users as usual and the WatchGuard APs act as a sort of Wireless Intrusion Prevention System (WIPS) sentry, constantly monitoring the air space and wired network for presence of any of the six threats.
Wi-Fi hacking is a hot topic, but one that’s plagued by ambiguous and often contradictory technical terminology. Thankfully, there is a solution to the problem: the Trusted Wireless Environment. The Trusted Wireless Environment framework succinctly defines the six Layer 2 Wi-Fi hacks that affect nearly every business today and provides a simple test criterion to determine if a Wi-Fi network is protected from each type of attack.
Those interested in testing their own Ubiquiti Wi-Fi networks for Trusted Wireless Environment compliance can follow the Trusted Wireless Environment test guide, and contact Miercom via their website for a more thorough test involving live client workloads. Lastly, if you’re wondering how many WatchGuard APs you need to add to your existing Ubiquiti Wi-Fi network to protect it, any WatchGuard reseller near you has access to a professional service from WatchGuard that will provide you with a predictive simulation survey that determines the recommended number of WatchGuard APs, installation locations, and WIPS/Wi-Fi coverage range.