Cradlepoint routers are kind of AWESOME! I have customers use them for all sorts of things. Customers use Cradlepoint routers in police cars, fire trucks, buses, billboards, remote (as in the BOONIES) office connectivity, and out of band management to name just a few of the awesome use cases. I wanted to throw out 5 fun ways you could use a Cradlepoint as well as 5 not-so-legalish ways hackers could use them.

These things are beefy little things. They are 3G/4G capable, multi-SIM capable, weather hardened, WiFi producing, firewalling, and encrypting magic boxes. Want a 40Mbps connection for your 5 MacBook pros while camping in the Rockies? A Cradlepoint router is what you need! If you haven’t checked them out, shoot me a message, I’ll hook you up!

And now on to my list…..

Here are 5 FUN ways to “misuse” a Cradlepoint Router:

  1. Have an outside office day. Does everyone remember those beautiful days in school when the teachers would say: “It’s just too beautiful to be inside. Let’s have class outside.” With a Cradlepoint router, you can do that after #adulting becomes a thing! No longer are you tied to your desk for corporate connectivity. Bring the whole office out to the park, have a picnic, and get work done at the same time!
  2. Advertise (Digitally) at your office, your home, or your car. Why not? Everyone else is inundating the world with advertisements, why shouldn’t you advertise what you want? Sell your ad space to local companies, campaign for politicians, put your resume and recent work on the side of your car… the possibilities are endless! With a Cradlepoint, you can connect anything to the internet and you’ve just become Don Draper!
  3. Stream….EVERYTHING. Ever see the Truman Show? Edtv? You don’t need a film crew, you don’t need a huge bubble world to contain you. With a GoPro, an iPhone, and a Cradlepoint, you can literally stream your entire life. From birth to death, from sunrise to sunset. NSFW moments? Put behind a paywall, encrypt, whatever. With the internet in a purse or backpack you can become the next viral hit!
  4. Bypass evil internet caps. Seriously…. Why are cable companies putting data usage caps on customers? With 4k video becoming more prevalent, dropbox-like applications syncing everything all the time, and cell companies pushing calls to WiFi, it’s just downright wrong! Well, we can use our Cradlepoint router to dynamically manage bandwidth AND data usage for up to 3 internet providers at once all while load balancing among them. No more overages, better service, and all with the help of our handy dandy router!
  5. Annoy your kids/spouse/friends. Have kids driving? Throw a Cradlepoint with GPS in the trunk and keep track of their whereabouts, speeds, etc. Have a conniving spouse? Track his/her movements to the counseling center (you two should be in counseling). Want to annoy friends? Throw an Amazon Echo under their seat, connect it to the Cradlepoint and drop-in, call, or play music at random times.

All those are fun ways to use a Cradlepoint that are more along the “personal” lines. But what about hackers? These little things are so cool, they can be put to use in nefarious ways.

Here are 5 ways hackers could use these routers to do damage to your networks. Don’t worry, I’ll give you ways to combat these techniques as well!

  1. SSID Cloning. Hackers can duplicate your corporate SSID and put together a honeypot credential stealing login page to get all of your employee credentials. Seriously, how many users know the difference between a walled garden and WPA2? Fix: Certificate based WiFi , Wireless Intrusion Detection/Prevention, Endpoint Security Policy
  2. Breached Network RAT (Remote Access Tunnel). One of the oldest tricks in the hacker playbook. Act as a delivery man, HVAC repairman, or intern. Get access to the internal network. Plug in, get connectivity to the internal network and tunnel out to the internet with reverse SSH. Fix: A Cradlepoint can bypass your firewalls/internet infrastructure, so the fix here is policy based Network Access Control (NAC), data exfiltration detection, and Data Loss Prevention (DLP).
  3. Network Cloning. A combination of the 2 above. Clone the IP addressing scheme of an internal network and post a webpage asking for users to log in to “access their files”. Get the credentials and away you go. Fix: NAC and Wireless Intrusion Prevention
  4. Network Interference / Disruption. Maybe theft and exfiltration isn’t the goal. maybe it’s just wreaking havoc. A misplaced router can do damage to internal networks by interfering with DNS and DHCP requests. Fix: NAC
  5. Bypass for Corporate Security Measures. Let’s face it. Corporate Security Measures are the banes of our existence. I want to watch my cat videos on youtube and post pictures of my kid on Facebook 24/7. I don’t want to work. You know you feel the same way. If you could “get around” those pesky security guys, you totally would. Well, if you throw up a Cradlepoint router, you’ve got connectivity to the internet. If you plug said Cradlepoint into your corporate network, you’ve now got the best of both worlds. The unrestricted internet and the corporate blah you have to have to do your job. Fix: Endpoint Security Policies, NAC, and quarterly/monthly SSID Scanning (because we all know that suppressing wireless signals is legally murky).

So, there you go. 5 fun ways to use a Cradlepoint and still get work done and 5 not so fun ways to use a Cradlepoint and how to combat the bad guys that would use these techniques.

I love my job… the technology out there is super cool! If you have questions, shoot me a message!


Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Architecture

The Forgotten Threat: DNS Exfiltration

Dear Mr. CISO, I’m sure you have DLP (Data Loss Prevention) products. Please tell me your security team does. Maybe they have endpoint DLP, storage DLP, or cloud DLP solutions in place. I’m doing my Read more…

Hacking

Please… Stop calling it Petya….

Dear Security Vendor Marketing Teams, Please, stop calling it Petya. It’s not. It’s not even a variant in the FAMILY of Petya. It “may” have borrowed some code from Petya and have similar behavior, but Read more…

Architecture

Please do anything…Do SOMETHING!

Dear Mr. CISO, For the love of all things sacred…. Patch your systems! If you don’t have one of the 49 vendors that could have stopped WannaCry/NotPetya/Eternalblahblah, GET ONE! But more importantly, have a security Read more…