What is a rogue device?

A rogue wireless device is a wireless device that remains connected to a system but does not have permission to access and operate in a network. Rogue wireless devices may be access points (rogue access points or rogue APs) or end user computers (rogue peers). If left connected, both types can pose security threats to networks and organizations.

Computer-based rogue threats, or rogue peers, are end-user computers that are connected to a network without permission. These devices are usually laptops and netbooks that can serve as APs. Rogue peers pose more risks than rogue APs, given that laptops have little to no security features. This can allow other unauthorized devices to connect to the device and network.

Additionally, rogue APs may allow other unauthorized end user devices to connect to the network and consume network bandwidth.

Source: https://www.techopedia.com/definition/4086/rogue-wireless-device

Types of Rogue Devices

Rogue devices can be wireless access points (sometimes referred to as rogue APs) or end-user computers (rogue peers). If left connected, either type of rogue device can pose a security threat. Rogue APs can be further classified into web robots (bots) and sniffers:

• A bot is a system that performs a repetitive task. Malicious bots can be used to send email spam or cause denial of service (DoS) on a network. Bots can also be formed into a collective of zombies and used to carry out even more powerful attacks.
• A sniffer is an eavesdropper that passively sits on the network and stealthily inspects traffic. Sniffers can be maliciously used for the reconnaissance of valuable data.

What Harm Can a Rogue Access Point Do?

Rogue access points and their clients undermine the security of a network by potentially allowing unchallenged access to the network by any wireless user or client in the physical vicinity. Rogue access points can also interfere with the operation of your network. Rogue access points can do the following damage:

• Allow a hacker to conduct a man-in-the-middle attack. The attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
• Flood the network with useless data, creating a denial of service.
• Send fake SSIDs advertising attractive features such as free Internet connectivity. Once a user connects, the fake SSID is added to the client’s wireless configuration and the client begins to broadcast the fake SSID, thereby infecting other clients.
• Provide a conduit for the theft of company information.