Rogue Access Points: What to Look Out For


Whether your company works in-person or remotely, it’s important to be aware of the threats posed by company devices connecting to a rogue access point.

Simply connecting to the wrong WIFI network on a company device can allow hackers to infiltrate a network and conduct a cyber attack.

A rogue access point can be implemented internally or externally and should always be considered malicious until it is further investigated as threats can easily escalate once a hacker has access to a system.

Often rogue access points can be implemented and used alongside company networks if they are safe and secure, however, it’s important to stay vigilant and ensure you check each and every network your company devices connect to.

Therefore in this post, we will be looking at what a rogue access point is, who can install them, and how to detect them.

What Is a Rogue Access Point?

A rogue access point is any access point that has been installed on a network infrastructure without consent.

For example, this may be a device not sanctioned by an administrator but operating in a network anyway, or a WIFI network that belongs to a nearby company and isn’t recognised as a used network within your organisation.

A rogue access point ultimately provides unauthorised network access for internal and external sources.

They can be set up by an employee or an intruder such as a cybercriminal, but they are also set up when employees want to access a network but there are no other options available.

However, if a malicious hacker sets up an access point they can gain access to a network and pose risks such as leaking sensitive information such as passwords and cardholder data.

hacker wearing a mask

Who Can Install a Rogue Access Point?

Rogue access points can essentially be installed by anyone, and they can be considered ‘rogue’ whether they are intentionally malicious or not.

In fact, it might be that your own employees or an internal source could pose more of a risk or bring a rogue access point into your organisation.
Although it’s likely that employees will not pose a threat by entering a rogue access point, they are still considered rogue even if they are installed by a trusted source.

Employees may install or use a rogue access point for reasons such as:

  • A duplication of a WIFI network by your IT department
  • Bringing personal devices to work such as an IPad, mobile, or laptop which can bring a rouge access point into the corporate setting
  • Your organisation’s internet connection as if it’s weak, your employees may decide to purchase and use a private network while at work

Cyber Criminals

On the other hand, hackers are more malicious with their aims and use rogue access points to gain access to sensitive information.

One way to use them is through Evil Twins or WIFI Pineapples which are rogue access points disguised to look identical to your organisation’s network.

This tricks your employees into joining this network rather than the secure organisation network set up by your IT department.

If this network looks authentic the chances are your teams may accidentally join this network without checking or thinking, and this will lead to success for the hacker.

Cyber threat actors can then proceed to connect to the user’s laptop and steal credentials and confidential information without being detected.

wires and cables

How to Detect a Rogue Access Point

There are a few ways to detect rogue access points based on the scale of your company, the budget you have to spend on cyber security, and the amount of time you want to invest in the process.

If you are to accurately discover access points and fill the gaps, it’s important to consider the different methods you can use to scan and protect your company data.

Let’s explore some of these below.

Wireless Scanning

Wireless scanning is the most common and least expensive method for detecting rogue access points.

It is the easiest process for any team member to use, however, it’s best practice to leave this type of task to your dedicated IT security team.

In order to scan for access points, you can use wireless sniffing tools that will capture information from the points closest to your network.

This method requires you to physically walk around your facility with your device to detect WIFI networks that are potentially a threat.

However, it’s important to consider that this tool is only valid at the exact time of data capture as an internal or external source may install a rogue access point immediately after you conduct the search and it will likely be missed.

The search process is simple, the closer you get to a WIFI network the stronger the signal will be and then it’s easy to work out where the networks are in your organisation and whether they’re a threat or not.

Some rogue access points may just be working alongside your company network and therefore they are not a problem for your company. However, if it is interacting directly with your organisation’s network, this needs to be remedied.

This method is highly useful for smaller companies that use a small facility or building and is therefore easy to quickly assess the threats.

However, for larger organisations that are spread over multiple buildings or floors, this method can prove to be slightly more difficult and can take more time and effort.

Centralised Detection

Centralised detection is the most preferred method and is an option that avoids your employees having to walk around the building to retrieve data.

This process is a lot more simple as a centralised console is attached to the wired side of the network to monitor activity.

There are a variety of console products out there to be used which are available from different vendors and they are effective at detecting rogue access points. This means your company can then use the information detected to take immediate appropriate action.

However, for centralised detection to be successful the rogue access points must be in the range of your monitor, so again for large companies, it may be worth spacing more than one monitor throughout your building.

This way all access points that are surrounding your organisation can be detected and checked.

Although an effective and easier option, centralised monitoring is often more expensive than other methods and only works if your company has a wireless local area network (WLAN). This is a wireless distribution method for two or more devices.

hacker using code on laptop and mobile

Why Do Rogue Access Points Pose a Threat?

Much like any cyber security threat, rogue access points can be dangerous in the wrong hands.

Cybercriminals can use this method to steal information and gain access to a company network, however, they go unnoticed by employees and users.

By setting up a rogue access point, hackers can gain access to devices once a user connects to their malicious network.

Unfortunately, this often goes undetected as users are unaware that they have let a hacker into the network by connecting to a specific WIFI.

As more devices enter the workplace, and more people are working remotely there is an increase in the threat posed to company networks.

This is because employees can take their devices home or to a public space to work and this increases the chance of wireless devices being connected to a rogue access point rather than a trusted network.

How To Protect Your Organisation from Rogue Access Points

There are a few things you can do to protect your organisation and be more prepared to avoid connecting to rogue access points instead of a secure network.

First up is education…

Educate Your Employees and Create a Strong Policy

Firstly, educating your employees is key to ensuring that our company is aware of rogue access points as a cyber threat.

It’s important that all teams in your organisation are aware of how connecting to or setting up a wireless access point without authorisation can be considered a danger to company data.

This can help to prevent the installation of accidental rogue access points and can be carried out through various types of team training.

For example, here at TLR, we provide training boot camps at multiple levels to prepare your team with the knowledge they need to combat all threats, whether they have been detected or not.

Additionally, we provide cyber war games that situate your employees in simulated real-life cyber security threat scenarios helping to provide them with the skills they need for future real-time threats.

Training is essential to be better educated on all cyber security threats whether your organisation is vulnerable to them or not.

Along with providing team training, it’s important to have the correct policies in place so your employees know exactly what to look out for.

In the case of rogue access points, it’s a good idea to implement a no-exceptions policy that ensures no installations of any wireless access points occur that are independent to what your IT team has installed.

If a wireless access point is installed, it should be thoroughly checked by your IT department to ensure that the network doesn’t pose a threat to your company and can work safely alongside the WIFI networks used within your organisation.

security cameras on grey wall

Physically Secure Your Network

There are a few simple tasks that you can conduct around the workplace to ensure extra protection of company data.

For example, it is best practice to do regular physical sweeps of the workspace to identify any suspicious devices or online activity.

A good way of keeping track of devices is to identify, tag, and secure every piece of company equipment, as then during a future sweep, it will be easy to spot when something is missing or has been tampered with.

Equally, access controls to company data and files should be controlled internally and therefore if you are a senior team member or a member of the IT department, it’s a good idea to keep the access controls tight and monitor them closely.

Although rogue access points can be installed by internal sources, it just means that the most important data is as secure as possible and protected from internal and external threats.

Use a Network Performance Scanning Tool

Using software or tools dedicated to cyber security is also a good way to help prevent the threats posed by a rogue access point.

By scanning devices and controllers, these tools can monitor both thick and thin access points which means it becomes easier to identify which gaps should be prioritised as a major risk compared to others.

Using a tool such as TLR’s Continuous Automated Vulnerability Scanning or CAV’s can help to detect weaknesses within your company network and alerts your relevant teams to act accordingly.

Rogue Access Points: What to Look Out For

Rogue access points should be treated with concern just like any other cyber threat to your organisation’s network.

Just like other attacks such as Phishing, Ransomware, or Trojan virus attacks, rogue access points can allow hackers to gain access to a network unnoticed and therefore data can be breached, leaked, stolen or used against your company.

Therefore, it’s important not to overlook these networks as they can cause as much harm as other risks in the cyber world.

This is where TLR can help as we provide services that can help to scan your networks such as CAV’s and training programmes that will help to ensure your team is robust and aware of all cyber threats.

If you feel your organisation could benefit from our services, don’t hesitate to contact a member of our team today!

Become cyber resilient

Get in touch today to see how we can make you more cyber resilient. Empowering you to lead from the front.

Written by

Dave Roberts