Heartbleed Goes Wireless

Wednesday, June 4, 2014 @ 07:06 AM gHale

While most organizations have patched the Heartbleed bug in their OpenSSL installations, there are new vectors for exploiting the vulnerability, one of which is wireless.

The new attack method, called Cupid, and uncovered by Portuguese security researcher Luis Grangeia, occurs on TLS connections over the Extensible Authentication Protocol (EAP), an authentication framework typically used in wireless networks and peer-to-peer connections.

Siemens Patches Heartbleed Holes
Unified Automation Heartbleed Vulnerability
Wonderware Patches Heartbleed Hole
Digi Mitigates Heartbleed Hole
ABB Working Toward Heartbleed Patch

EAP is not an actual authentication mechanism, but a framework that provides common functions and negotiation of authentication methods. The EAP methods impacted by the Cupid attack are the ones that use TLS, namely EAP-PEAP, EAP-TLS and EAP-TTLS.

The attack, which affects clients and servers, relies on modifications made to “hostapd” and “wpa_supplicant,” applications that share code since they’ve been developed by the same author.

Vulnerable clients can end up exploited with the modified hostapd application, designed for deploying configurable Access Points on Linux. The attacker sets up a network that sends malicious heartbeat requests when a vulnerable client requests a TLS connection. In the case of servers, the attack relies on an altered version of the wpa_supplicant application.

“We request a connection to a vulnerable network and then send a heartbeat request right after the TLS connection is made,” said Grangeia, a partner and security services manager at SysValue S.A., in a blog post.

Grangeia said it’s not necessary to establish a full TLS connection in order to perform these Cupid attacks since heartbeat responses can go to or end up received before keys and certificates exchange. The attacker doesn’t need a valid password to exploit the vulnerability, only a valid username that might end up requested to redirect the user to the proper authentication server.

If successful, an attacker can gain access to the contents of the memory, which can include the private key of the certificate used on the TLS connection, and authentication credentials.

The researcher said default installations of wpa_supplicant, hostapd, and freeradius (RADIUS server implementation) can end up exploited on Ubuntu if a vulnerable version of OpenSSL is in play. Mobile devices running Android 4.1.0 and 4.1.1 also use wpa_supplicant to connect to wireless networks, so they are also vulnerable.

As far as servers go, home routers don’t use EAP, but organizations running managed wireless solutions could feel the impact if they’re using OpenSSL. Grangeia also highlights that 802.1x Network Access Controlled wired networks could also fall victim.

Essentially everything that uses a vulnerable version of OpenSSL for EAP TLS is susceptible to Cupid attacks.

The Cupid patches for hostapd and wpa_supplicant are available on GitHub.

Leave a Reply

You must be logged in to post a comment.