Security concerns after device highjacked.
Freshman Member
I have two nwa50ax pro access points registered in Nebula. As I am away for a few days I left one powered off and the other online.
Today I discovered that somehow the access point that was left on has been highjacked and configured with many open wifi networks allowing unrestricted access to my LAN (see attachment).
How the hell is this possible? Even if someone has the details on the bottom of the access point (QR, MAC, serial) how can they add it to an alternative nebula account without being on the same LAN as the the access point itself?
As I now have no faith in Nebula security I have powered off both devices until Zyxel can explain what has happened.
This is terrible security and totally unfit for use.
All Replies
-
Hi @10megaton ,
The Nebula mobile app includes a feature that allows users to register access points using the Nebula QR code over the internet, without requiring a local network connection. This is a Nebula feature that enables users to register and manage your Nebula devices anywhere, anytime. This functionality serves two main purposes:
- Users don't need to manually enter the MAC address and serial number when the device is in unregistered status.
- Users can register previously used devices even when the original owner forgets to unregister the device from their account.
We also provide a feature that allows users to prevent other users from scanning their device's Nebula QR code to register the device, addressing security concerns.
For your case, it appears that someone has used your NWA50AX PRO's Nebula QR code to register your access point to their account. If you have the NWA50AX PRO device with the QR code, you can deregister the AP using the NCC Mobile App. For step-by-step instructions on this process, please refer to Part 1 of this FAQ.
How to register Access Point to Nebula — Zyxel Community
After deregistering the device, follow the steps outlined in this guide to prevent unauthorized device ownership override by other users.
How to prevent device ownership override by other user — Zyxel Community
Zyxel_Judy
0 -
Maybe someone knows you login to Nebula?
check if any other IP has logged in
I'm not sure if someone knows your wifi password they can then config your AP when in Nebula by standalone? or may be the AP reset to defaults which would of made it open?
0 -
Thank you did the reply.
When I try to re-register the device on the Nebula portal I get the "this device is locked by the device owner" error.
Also the prevent device override should be the default behaviour for security reasons. It's madness that anyone with the details can take over the device by default.
0 -
Hi @10megaton ,
To better assist you, please check the community inbox for further discussion.
Note that: Other users just can register your device if they have the device's Nebula QR code and you haven't enabled the feature to prevent device ownership override by other users.
Zyxel_Judy
0
Zyxel Employee
Guru Member
Categories
- All Categories
- 434 Beta Program
- 2.6K Nebula
- 170 Nebula Ideas
- 116 Nebula Status and Incidents
- 6.1K Security
- 395 USG FLEX H Series
- 295 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 43 Wireless Ideas
- 6.7K Consumer Product
- 267 Service & License
- 412 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
