Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

Vulnerabilities in Personal Area Networks (PAN)

March 15, 2018

  • Blog
  • Archive

blog-vulnerabilities-personal-area-networks.jpg

Assessing for vulnerabilities on WANs and LANs is nothing new – after all, we should be performing these assessments on a regular basis to satisfy regulatory compliance requirements and achieve good cybersecurity hygiene. So, I think we can all accept that assessments and remediation for LANs and WANs is required by every organization, but what about PANs? If you are not familiar with the concept of a PAN, it is a Personal Area Network that is a typically a non-routable branch of an existing LAN or WAN. It may be the network hosted by your laptop connecting to headphones and mobile devices via Bluetooth, or a subset of cameras with their own WiFi network and SID connecting to your LAN via DVR (Digital Video Recorder) or NVR (Network Video Recorder).

While a typical vulnerability assessment may only detect the NVR, the PAN hosting the WiFi cameras could have their own vulnerabilities. Actually, I should state, they probably will have their own vulnerabilities not be detected during a typical network scan since the PAN is not routable. To that end, they do represent a significant risk and need mitigation because a threat actor can connect to many of these open PANs and leverage these devices, with lateral movement, to compromise your network.

Risk of Lateral Movement

Realistically, the risk is lower for PANs that connect via proprietary protocols or Bluetooth, but the concept is similar. If you can hack one device, the risk of lateral movement or surveillance increases to compromise a user’s identity or additional assets. If you need proof of this type of exploitation, take a look at the screenshot below.

blog-pan-a.jpg

This is from a popular camera system available online for purchase (highest rated vendor). The firmware is up to date, but an assessment of the PAN did reveal some curious vulnerabilities. What is disturbing to me is the age of these vulnerabilities (old school) and the associated CVE’s from 1999 (top two entries). My first thought is that they could be false positives, but after a few manual pen tests, they in fact where very real with no simple path for mitigation. My common sense then asked, “Who uses Anonymous FTP anyways in a real-world environment anymore?” Well, a brand-new camera system designed for homes and businesses certainly does and it is just waiting to be hacked. And, for a standard vulnerability assessment tool scanning a LAN, it would be missed.

So, how does a security professional identify and mitigate this type of threat? It takes more than just reading a vulnerability assessment report.

Identification and Classification

One of the benefits of a good vulnerability assessment solution is asset identification and classification. It is important to identify all the assets within your environment and determine if they could be hosting a PAN. See the screenshot below for a representation.

blog-pan-b.jpg

The NVR for this PAN is properly identified by the vulnerability assessment solution and with a little investigation, a security professional can determine it hosts a PAN full of cameras within the environment. The next step is to connect to the PAN (if possible – a threat actor will probably try harder than you), connect a camera via wired connection, or bridge the camera to an accessible network and perform a vulnerability assessment. The results will help determine all the assets on the PAN, and potentially which ones are vulnerable.

Remediation and Mitigation

Then comes the hard part. Can you remediate or mitigate the vulnerabilities sufficiently based on your organization’s security policy? If the vendor has no security updates or implemented the technology so poorly that anonymous FTP is required (like in this example), you might be SOL (Security Out of Luck). Then it becomes a business decision to replace the technology or accept the risk.

A Word of Caution

Now, just to be clear, the definition of a PAN does vary from one vendor to another, and some explicitly state the devices must be wearable. I find that definition too restrictive and that a PAN is more than mobile devices – any time a personal device or network subset is hosted by another technology for its own purposes. An NVR and camera as one example or mobile devices directly connected to a printer is another.

If your organization has these challenges, you are not alone. If you do not believe your business is hosting PANs, you are probably denying a simple fact and not aware they exist. They do any time one device can communicate to others over their own hosted network.

If you need help with a vulnerability assessment that can help uncover these types of threats within your environment, look no further than Retina CS. According to Forrester, the solution is a Leader with advanced capabilities to help perform these assessments and secure your network. For more information, contact us today.

Morey J. Haber

Chief Technology Officer and Chief Information Security Officer at BeyondTrust

Morey J. Haber is Chief Technology Officer and Chief Information Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored four Apress books: Privileged Attack Vectors (2 Editions), Asset Attack Vectors, and Identity Attack Vectors. In 2018, Bomgar acquired BeyondTrust and retained the BeyondTrust name. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. Morey currently oversees BeyondTrust strategy for privileged access management and remote access solutions. In 2004, he joined eEye as Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.