Could there be malware on equipment bought on ebay, etc? Any ways to check firmware or load fresh firmware?

  • 1
  • Question
  • Updated 2 years ago
My question concerns an already somewhat ancient security advisory, relating to upload of arbitrary files or unauthenticated firmware.
Namely,
http://www.aerohive.com/support/security-bulletins/psa-20140905-001.html

Has this been seen in the wild? Could one simply have SSH'ed into an access point or branch router (that's what I have, a BR-200WP) and load new firmware or install malware?

Is there a way to check firmware integrity? I understand loading firmware off a USB stick is not possible but is there some way to restore to a known good image?

Obviously this is no longer a concern for new hardware. However since some of the old hardware predates this bulletin, I became concerned, unfortunately after the fact.

I might have made a mistake in taking the route of used networking gear, I'm trying to figure out if there is a way to salvage this or if I should cut my losses and move on.

This goes without saying, but I don't have a license and I wasn't really looking to get one. I was looking to get a couple of AP330 to upgrade from a Unifi setup.

Thanks a lot for having read through this and thanks in advance for any comments or guidance.
Photo of sgny

sgny

  • 2 Posts
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Since you will be removing some Ubiquiti access points from the great Wi-Fi landscape we will have to help you :-)

Configuration

Your issue is going to be that the Aerohive access points are designed to be configured through an on-premise or cloud based network management system called HiveManager or HiveManager NG.

The Aerohive feature set far exceeds that offered by Ubiquiti and this is why a NMS is required.  However, if you just want an extremely basic residential style configuration this can be configured through the CLI. 

Firmware Versions

You can upload firmware images to Aerohive access points by simply opening a web browser and entering the access point's IP address.  Enter "admin" as the username and the HiveManager/HiveManager Online's admin password as the password.  If the access point is new the password is "aerohive".

In the left hand pane will be three options:

1. Local Network Settings
2. HiveManager Configuration
3. Upgrade HiveOS Software

Click on the "Upgrade HiveOS Software" link in the left hand pane followed by the "Browse" button in the "HiveOS Image" area of the right hand pane.  A file requestor will appear and you should locate and select the HiveOS firmware you want to apply to the access point.

In the "Activation Time" area of the right hand pane select "Activate after xxx seconds" and enter 30 into the field.

Finally, click on the "Apply" button at the bottom to upload and extract the HiveOS firmware on the access point.

The "golden release" firmware version at the time of writing is 6.5r4 so I would start with that build. 
Photo of sgny

sgny

  • 2 Posts
  • 0 Reply Likes

Thank you very much for the detailed response.

I've already seen the list of commands for the CLI and it's pretty daunting, but it shouldn't really be too much trouble. I've searched through the community and there is a lot of information to make sense of configuration through the CLI.

From your answer, I realize that I overlooked the separate layer that is the bootloader. Since the bootloader was not implicated in that service bulletin, I should be able to be assured of a clean OS image as long as I can manage to get my hands on current firmware. I'll reach out to the local distributor on Monday to find out my options.

Would it make a difference to connect to the console directly (using a console cable) to perform the upgrade?

Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
The security advisory is about vulnerabilities in the libraries used to build the HiveOS firmware.  It is not about a third party application, such as a virus or malware, infecting the code on a running access point.  Just as you upgrade Windows, OS X and Linux installations you should upgrade the HiveOS versions on your Aerohive wireless network.

The security advisory is about versions 6.1r3 and earlier so upgrading to the 6.5r4 firmware will resolve all the vulnerabilities described as it was built with later versions of the libraries.

If you are worried about the code on the access point create an "isolated" network of the laptop, access point and un-managed PoE switch. 
(Edited)