Gunnar Assmy - Fotolia

Manage Learn to apply best practices and optimize your operations.

Protect vulnerable routers from the wireless Heartbleed flaw

Cupid, a spinoff of the Heartbleed flaw is attacking vulnerable routers and stealing sensitive data. Kevin Beaver discusses how to defend against the threat.

I read about a new exploit that makes it easy for attackers to use Heartbleed against wireless networks and the devices connecting to them. What is the best way to prevent sensitive data from being taken from vulnerable routers?

Heartbleed is a serious flaw and apparently 97% of Global 2000 companies are still vulnerable. While I don't think it's the most critical flaw to ever hit the Web like some believe, it certainly needs attention. The flaw not only affects corporate wireless networks but also the home networks that most corporate environments extend to. In effect, Cupid -- a spawn of the Heartbleed flaw -- is using wireless networks to expand the attack surface of every corporate environment.

To protect against these attacks, you need to be like one of the 3% of the Global 2000 companies, which requires these three things:

  1. Knowing your network, specifically the wireless systems you have under your control.
  2. Understanding how these wireless systems are vulnerable to Heartbleed/Cupid exploits.
  3. Doing something about it -- which means patching, revoking the affected SSL certificates and changing your private keys. You may need to replace the affected systems altogether.

Beyond this, you're going to be hard-pressed to fix the problem with any other access points your users connect to unless all systems are updated across the board. The truth of the matter is you can't control the wireless networks your users connect to all the time. The best you can do is ensure personal firewall/intrusion prevention system software use, update malware protection, maintain current patches and other security basics.

On a related note, be sure to disable Wi-Fi Protected Setup (WPS) on your consumer-grade access points. A great tool called Reaver Pro can exploit a known flaw in WPS that allows for PIN cracking to obtain your WPA pre-shared key, easy as pie.

Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your question now via email! (All questions are anonymous.)

Next Steps

Learn more about Heartbleed's incident response lessons.

Gain further insight into open source security following the Heartbleed flaw.

This was last published in September 2014

Dig Deeper on Network device security: Appliances, firewalls and switches

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.