NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Vulnerabilities in Personal Area Networks (PAN)

March 15, 2018

  • Blog
  • Archive

blog-vulnerabilities-personal-area-networks.jpg

Assessing for vulnerabilities on WANs and LANs is nothing new – after all, we should be performing these assessments on a regular basis to satisfy regulatory compliance requirements and achieve good cybersecurity hygiene. So, I think we can all accept that assessments and remediation for LANs and WANs is required by every organization, but what about PANs? If you are not familiar with the concept of a PAN, it is a Personal Area Network that is a typically a non-routable branch of an existing LAN or WAN. It may be the network hosted by your laptop connecting to headphones and mobile devices via Bluetooth, or a subset of cameras with their own WiFi network and SID connecting to your LAN via DVR (Digital Video Recorder) or NVR (Network Video Recorder).

While a typical vulnerability assessment may only detect the NVR, the PAN hosting the WiFi cameras could have their own vulnerabilities. Actually, I should state, they probably will have their own vulnerabilities not be detected during a typical network scan since the PAN is not routable. To that end, they do represent a significant risk and need mitigation because a threat actor can connect to many of these open PANs and leverage these devices, with lateral movement, to compromise your network.

Risk of Lateral Movement

Realistically, the risk is lower for PANs that connect via proprietary protocols or Bluetooth, but the concept is similar. If you can hack one device, the risk of lateral movement or surveillance increases to compromise a user’s identity or additional assets. If you need proof of this type of exploitation, take a look at the screenshot below.

blog-pan-a.jpg

This is from a popular camera system available online for purchase (highest rated vendor). The firmware is up to date, but an assessment of the PAN did reveal some curious vulnerabilities. What is disturbing to me is the age of these vulnerabilities (old school) and the associated CVE’s from 1999 (top two entries). My first thought is that they could be false positives, but after a few manual pen tests, they in fact where very real with no simple path for mitigation. My common sense then asked, “Who uses Anonymous FTP anyways in a real-world environment anymore?” Well, a brand-new camera system designed for homes and businesses certainly does and it is just waiting to be hacked. And, for a standard vulnerability assessment tool scanning a LAN, it would be missed.

So, how does a security professional identify and mitigate this type of threat? It takes more than just reading a vulnerability assessment report.

Identification and Classification

One of the benefits of a good vulnerability assessment solution is asset identification and classification. It is important to identify all the assets within your environment and determine if they could be hosting a PAN. See the screenshot below for a representation.

blog-pan-b.jpg

The NVR for this PAN is properly identified by the vulnerability assessment solution and with a little investigation, a security professional can determine it hosts a PAN full of cameras within the environment. The next step is to connect to the PAN (if possible – a threat actor will probably try harder than you), connect a camera via wired connection, or bridge the camera to an accessible network and perform a vulnerability assessment. The results will help determine all the assets on the PAN, and potentially which ones are vulnerable.

Remediation and Mitigation

Then comes the hard part. Can you remediate or mitigate the vulnerabilities sufficiently based on your organization’s security policy? If the vendor has no security updates or implemented the technology so poorly that anonymous FTP is required (like in this example), you might be SOL (Security Out of Luck). Then it becomes a business decision to replace the technology or accept the risk.

A Word of Caution

Now, just to be clear, the definition of a PAN does vary from one vendor to another, and some explicitly state the devices must be wearable. I find that definition too restrictive and that a PAN is more than mobile devices – any time a personal device or network subset is hosted by another technology for its own purposes. An NVR and camera as one example or mobile devices directly connected to a printer is another.

If your organization has these challenges, you are not alone. If you do not believe your business is hosting PANs, you are probably denying a simple fact and not aware they exist. They do any time one device can communicate to others over their own hosted network.

If you need help with a vulnerability assessment that can help uncover these types of threats within your environment, look no further than Retina CS. According to Forrester, the solution is a Leader with advanced capabilities to help perform these assessments and secure your network. For more information, contact us today.

Photograph of Morey J. Haber

Morey J. Haber, Chief Security Officer, BeyondTrust

Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.