High-end Security Features of the GWN series Access Points

Posted by Phil Bowers, Director of Marketing on Jun 19, 2017
Phil Bowers, Director of Marketing

High-end Security Features of the GWN series Access Points

Like any technology, WiFI has its own share of security concerns. The nature of wireless networks allows hackers or anyone with malicious intent to locate themselves close to an access point in order to infiltrate a network. According to Kasperksy, approximately 24.7% of Wi-Fi hotspots in the world do not use any encryption at all, and that does not even include the WiFi networks that are under-secured. More than 80 percent of U.S. companies have been successfully hacked, according to a Duke University/CFO Magazine Global Business Outlook Survey. Additionally, a survey by PricewaterhouseCoopers in early 2017 found that there has been a 38% increase in the instances of phishing scams and other cyber security incidents from 2015 to 2016.

Being that a WiFi attack can occur in only 2 seconds, we set out to create our GWN series of WiFi Access Points to solve many WiFi security problems by building a variety of high-end security protections into the GWN series.

Unique security certificate per AP

We build a unique security certificate into every GWN series Access Point to encrypt the data and traffic going back and forth between the AP, the controller and the controller’s web user interface. As you probably know by now, the controller for any GWN series AP can be any other GWN series AP or Router. This encryption protects the traffic from being hacked or intercepted as it shared between the AP and the controller. Most other manufacturers use the same security certificate on all or most of their APs, which allows anyone who may be able to hack into one AP to hack into all of that manufactures’ APs. Grandstream builds a completely unique security certificate into every GWN series access point to prevent the issue previously described. This means that every single GWN series AP has a completely different security certificate than every other GWN series AP. The reason we do this is to make it nearly impossible to hack into any AP. Even if someone was able to hack into one security certificate they are not able to get anywhere because every other GWN series AP has a different, unique security certificate.

Random default password per AP

Here we are talking about the default password used to access a WiFi network offered by an access point. For most deployments, the user wants WiFi to be available quickly, upon initial boot up of the access points. The problem with this is that most manufacturers will use an identical default WiFi password across all of their APs. Therefore, if you know the default password for one of that manufactures’ APs, you know the default password for every network and every AP they sell. Anyone with malicious intent can use this default password knowledge to hack into any network being broadcasted by the same brand of APs anywhere in the world. Grandstream builds a completely random default WiFi password on to every single GWN series unit, which is printed on the back of the back of the unit itself. This makes it impossible to use the default password from any GWN series AP to get into any networks being broadcasted by other GWN series devices. As a result, GWN series networks are more secure and you are able to get networks up and running faster by not having to worry about initial passwords right away.

Anti-Hacking security / Critical Data and Control Lockdown

Firmware is one of, if not the most critical element of your access point and your WiFi network. It is the backbone of your network as it controls and manages your network and runs access points. If someone is able to hack into your APs and access or change the firmware, they can completely take over your network.

Our GWN series is built to protect this firmware by building digital signatures into each layer of the firmware. If the firmware is tampered with in any way, the digital signature for that portion of the firmware will fail the verification upon re-boot or firmware upgrade, and the system will block any changes to it and prevent illegally modified firmware from being installed. In addition, the firmware file is encrypted so that hackers cannot find out what is in the firmware and what is running on the device to try to reverse engineer the firmware itself.


Looking to buy our GWN series Access Points or Routers? Contact us or chat us to find a Grandstream partner near you.

Learn more about the GWN series:

Topics: Security, WiFi