Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:00 AM
Connect Directly

Metro-Mesh: A Hacker's Paradise?

The hidden dangers of the hotzone

Wireless metro-mesh technology promises a new era in anytime, anywhere public access Internet for the masses.

So-called mesh technology -- in case you've been living under a rock for the last year -- allows 802.11 wireless access points to pass data amongst themselves over the air, removing the need for multiple wired connections back to the Internet. Proponents of the technology, which has been taken up in cities such as Philadelphia and San Francisco over the past year, say that it will enable low-cost metropolitan WiFi access as well other services such as VOIP.

There is, however, one question that doesn't often seem to get asked about metro-mesh technology in the cavalcade of press coverage and industry hype: Just how secure is this technology?

On the face of it sounds secure enough. Most of the established and startup vendors in this space encrypt the wireless traffic sent over the mesh access points -- or "nodes," as the industry prefers to call them.

"We haven't had any reports of that," says Karrie Rockwell, the marketing director of MobilePro, when asked about hacks at the mesh network the firm runs in Tempe, Ariz. She points out that everything run over the network, which uses equipment from Strix Systems, has 128-bit encryption.

As previous wireless LAN attacks have shown, however, a cunning hacker may not necessarily need to crack the code to get user information or damage the network.

Security researcher Shawn Merdinger, who has previously worked with Cisco and TippingPoint, says that municipal metro deployments are going to be "a very serious security challenge to many people."

He foresees two main forms of attack:

Spoofing: This is essentially where hackers make users believe that they are logging onto the legitimate network when in fact they are connecting to the hacker's AP. Such "evil twin" attacks could potentially allow hackers to steal all kinds of personal information.

"Using gear like cheap Linksys WRT54Gs [APs], they'll run custom firmware like FairuzaUS and other Linux firmware images to conduct attacks like man-in-the-middle, scans, and exploiting vulnerabilities on the connecting clients," says Merdinger. "Since these boxes are so cheap, there's almost a throwaway cost here."

Denial of service: Since most mesh WiFi networks run in the unlicensed 2.4GHz band, hackers may not even need to use WiFi to conduct denial-of-service attacks against these networks.

"I think we'll see more esoteric attacks come into play as there is now a free wireless infrastructure in place," Merdinger says. "For example, widespread Bluetooth attacks and Bluetooth spamming are a real possibility with muni WiFi networks combined with small PCs like GumStix with Bluetooth."

As such networks evolve, Merdinger also imagines that WiFi-savvy users will use the free access to increase their personal bandwidth.

"For example, a single normal client might get 128-kbit/s download speed over muni WiFi; by consolidating several of these connections together using multiple cards in a box folks can abuse the systems," the security wonk explains. "The long-distance capability of yagi WiFi antennas makes it likely that they'll be able to make connections to APs far away from their immediate area."

It's impossible to know yet how much of a threat these kinds of attacks pose because very few major cities have actually launched metro-mesh networks yet. It is not hard to imagine, however, that certain hackers will see the next big target not as their local superstore but their local municipal network.

We sent Merdinger's potential security risks list to several mesh vendors and analysts but have not yet received any response.

— Dan Jones, Site Editor, Unstrung, special to Dark Reading

Organizations mentioned in this article:

  • Cisco Systems Inc. (Nasdaq: CSCO)
  • FairuzaUS
  • GumStix
  • MobilePro Corp.
  • Strix Systems Inc.
  • TippingPoint Technologies Inc.

    Dan is to hats what Will.I.Am is to ridiculous eyewear. Fedora, trilby, tam-o-shanter -- all have graced the Jones pate during his career as the go-to purveyor of mobile essentials. But hey, Dan is so much more than 4G maps and state-of-the-art headgear. Before joining the ... View Full Bio

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 7/6/2020
    Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
    Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
    Another COVID-19 Side Effect: Rising Nation-State Cyber Activity
    Stephen Ward, VP, ThreatConnect,  7/1/2020
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Threat from the Internetand What Your Organization Can Do About It
    The Threat from the Internetand What Your Organization Can Do About It
    This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-07-08
    Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
    PUBLISHED: 2020-07-07
    An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
    PUBLISHED: 2020-07-07
    Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
    PUBLISHED: 2020-07-07
    A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
    PUBLISHED: 2020-07-07
    Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.