Holes Fixed in Wireless Router

Tuesday, December 11, 2012 @ 02:12 PM gHale


Mitigation details are available for an insufficient entropy vulnerability in SSH key generation that impacts Tropos wireless mesh routers, according to a report on ICS-CERT.

By impersonating the device, an attacker can obtain the credentials of administrative users and perform a Man-in-the-Middle (MitM) attack.

RELATED STORIES
Rockwell Mitigates Vulnerability
Wireless System Vulnerability
Photovoltaic System Holes Mitigated
ABB Patches Webserver Hole

Tropos validated the remotely exploitable vulnerability, discovered by the independent research group of Nadia Heninger, and J. Alex Halderman, Zakir Durumeric and Eric Wustrow, and produced an embedded operating software update that mitigates the vulnerability.

The following Tropos products suffer from the issue:
• All wireless mesh routers running Mesh OS versions prior to release 7.9.1.1
An attacker can gain unauthorized access to the router by determining the authentication keys from reused or non-unique SSH host keys. By exploiting this vulnerability, the attacker can perform a MitM attack to affect the integrity of the data on the system.

Tropos Networks is a U.S.-based company that offers wireless mesh routers to build large scale, communication networks for aggregating multiple smart grids, industrial controllers, and fixed and mobile communication applications.

Tropos said they have products deployed across several sectors including the transportation, energy, water, emergency services, and critical manufacturing sectors. Tropos estimates these products see use primarily in the United States (79% product deployment) and over 50 additional countries (21% total).

The Tropos products do not use sufficient entropy when generating keys for SSH connections, thereby making them weak. By calculating private authentication keys, an attacker could perform a MitM attack on the system by knowing the non-unique host key. This could enable the attacker to gain unauthorized access to the system and read information on the device, as well as inject data into the SSH stream compromising the integrity of the data.

CVE-2012-4898 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.1. An attacker with a high skill would be able to exploit this vulnerability.

Tropos Networks released customer notification and an update (Tropos Mesh OS 7.9.1.1) for its network device embedded software. A user can download the update from the Tropos software page.
http://support.tropos.com

Download of the update requires a valid user name and password. The updated firmware fixes the vulnerability by using sufficient entropy to generate unique SSH host keys.



Leave a Reply

You must be logged in to post a comment.