Heartbleed && Wireless
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Heartbleed && Wireless

on

  • 17,721 views

New attack vectors for heartbleed: Enterprise wireless (and wired) networks. ...

New attack vectors for heartbleed: Enterprise wireless (and wired) networks.

This talk exposes a relatively obscure use of the heartbleed flaw: exploiting EAP-PEAP | EAP-TLS | EAP-TTLS network authentication protocols.

Update (02-06-2014): This blog post gives out more details and contains links to the cupid patch.
http://www.sysvalue.com/heartbleed-cupid-wireless/

Statistics

Views

Total Views
17,721
Views on SlideShare
13,541
Embed Views
4,180

Actions

Likes
12
Downloads
153
Comments
6

17 Embeds 4,180

http://www.zive.cz 2327
http://www.technewsworld.com 661
http://www.linuxinsider.com 538
https://twitter.com 517
http://www.101domain.ua 101
http://www.ecommercetimes.com 14
http://news.google.com 8
https://www.linkedin.com 3
http://tweetedtimes.com 2
http://www.nildatech.com 2
http://newsroom.ectnews.com 1
http://techloves.me 1
http://www.ectnews.com 1
http://www.google.com 1
https://translate.googleusercontent.com 1
http://translate.googleusercontent.com 1
http://www.pearltrees.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

15 of 6 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • > I'm aware that attentive developers like the people at Freeradius and Jouni Malinen were able to spot and fix the vulnerability in time. But that doesn't matter if there is no public awareness of the issue, as the patches/upgrades won't trickle down in a timely manner.

    All of the major distributions were notified, and upgraded their packages. They in turn notified all of their customers.

    There WAS massive awareness. All of the Telcos I'm in contact with were notified. All of the universities were notified, and the vulnerable ones told to upgrade.
    Are you sure you want to
    Your message goes here
    Processing…
  • Alan,

    My presentation and code is not an attack on any tools using OpenSSL, it's a call of attention to a vulnerability that was previously known about by attentive developers. I'm sorry some news sources (and developers) read it otherwise.

    The attack method however *is* new -- Up until now there were no publicly available tools that would trigger the heartbleed vulnerability via EAP. And the public availability of such tools -- and the attention they get -- is what prompts integrators of network products (and end customers) to upgrade to the latest (and patched) tools and libraries.

    I'm aware that attentive developers like the people at Freeradius and Jouni Malinen were able to spot and fix the vulnerability in time. But that doesn't matter if there is no public awareness of the issue, as the patches/upgrades won't trickle down in a timely manner.

    Best regards,

    LG
    Are you sure you want to
    Your message goes here
    Processing…
  • The 'new' attack method is no such thing. We (FreeRADIUS) worked together with Jouni Malinen (Hostap, who did most of the work) to valid the heartbleed issue and the fixes. We announced that we were vulnerable, and released fixes. This information has been available for about a month on http://freeradius.org.
    Are you sure you want to
    Your message goes here
    Processing…
  • Hi John,

    Thank you for helping clarify things regarding Apple. I did try to find information about Apple's OpenSSL usage, but other than the fact that Apple did use OpenSSL in some products in the past, I could not find definite claims about it. Note that I never say Apple is vulnerable on my slides. See my blog post for more information.

    We all agree it is not a new attack, but it is a new (unreleased until now) attack vector. Lets hope all the attention it got will make it obsolete as soon as possible.
    Are you sure you want to
    Your message goes here
    Processing…
  • 1. Apple iOS has never shipped OpenSSL, so it is NOT affected. Again, iPhones, iPads, iPod touches, and Apple TVs are NOT affected.

    2. OS X has never shipped a *vulnerable* version of OpenSSL, so is NOT affected. Also, OS X's built in 802.1X supplicant ('eapolclient'; Apple-written, not based on the open source wpa_supplicant) has never used OpenSSL. OS X Server used to ship a copy of FreeRADIUS, but again, it was used in conjunction with OS X's built-in non-vulnerable version of OpenSSL, so it was not vulnerable.

    3. FreeRADIUS may be the only RADIUS server to have used OpenSSL for its TLS support in any TLS-using EAP type, and they confirmed that they were vulnerable and published this fact with instructions to upgrade, back the same day (or within the week) of when the news of the Heartbleed bug first broke. So the fact that FreeRADIUS could be vulnerable is not news.

    All of this information would have been revealed with a few brief web searches.

    I imagine the wpa_supplicant and hostapd projects probably also confirmed their vulnerability back the same week the Heartbleed news broke, but I don't have first-hand knowledge of that.

    I believe Cupid could be a useful tool for verifying that one's OpenSSL TLS-using EAP implementations have been successfully patched, but the existence of this aspect of the Heartbleed vulnerability has been known since the first week.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Heartbleed && Wireless Presentation Transcript

  • 1. HEARTBLEED && WIRELESS New attack vectors for heartbleed: Enterprise wireless (and wired) networks Luis Grangeia lgrangeia@sysvalue.com | twitter.com/lgrangeia 28 / 05 / 2014 @ Confraria IT Security - Lisbon
  • 2. WHAT IS HEARTBLEED “Catastrophic bug” on OpenSSL: "The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users. “On the scale of 1 to 10, this is an 11.” - Schneier
  • 3. source: xkcd.com
  • 4. source: xkcd.com
  • 5. WHAT IS “ENTERPRISE WIRELESS” •WPA / WPA2 Networks •Protected by multiuser authentication •Tipically using a EAP Method: •EAP-PEAP •EAP-TTLS / EAP-TLS •EAP-SIM / EAP-AKA
  • 6. EAP AND TLS •EAP-PEAP, EAP-TTLS, EAP-TLS •All these use a TLS tunnel over EAP to secure some part of the authentication process •EAP... OpenSSL... Heartbleed...
  • 7. + = ?
  • 8. SAY HELLO TO “CUPID”
  • 9. WHAT IS CUPID •cupid is a patch for wpa_supplicant and hostapd •Attempts to exploit heartbleed over EAP TLS tunneled protocols: • EAP-PEAP, EAP-TLS, EAP-TTLS •Targets both endpoints: client and server
  • 10. RadiusAccess PointTerminal ATTACK VECTORS
  • 11. RadiusAccess PointTerminal ATTACK VECTORS
  • 12. ATTACK VECTORS •Option 1: Use wpa_supplicant-cupid to attack a wireless network •Option 2: Set up a fake wireless network with hostapd-cupid to attack a vulnerable terminal
  • 13. ATTACK VECTOR 1 Evil client (wpa_supplicant-cupid) heartbleed Vulnerable Access Point
  • 14. ATTACK VECTOR 2 Vulnerable client heartbleed Evil Access Point (hostapd-cupid)
  • 15. TECHNICAL DETAILS •Patch is able to heartbleed at different stages: •before TLS Handshake (unencrypted!) •After TLS handshake and before application data •After application data
  • 16. DEMO TIME
  • 17. VULNERABLE STUFF (CONFIRMED) •wpa_supplicant • Android terminals, Linux devices •hostapd •freeradius Must (obviously) be linked to vulnerable openssl version
  • 18. VULNERABLE STUFF (POSSIBLY) •Everything that might use openssl for EAP TLS •iPhone, iPads, OSX? •Managed Wireless Solutions: • Aruba, Trapeze, Cisco / Meraki... •Other RADIUS servers besides freeradius •Other wireless endpoints supporting EAP: • VoIP Phones, printers... •Must test everything! Or patch.
  • 19. ENTERPRISE “WIRELESS” && “WIRED” •802.1x Wired Authentication (aka NAC) uses EAP also! •Actually, wpa_supplicant is also used on Linux to access NAC-controlled wired networks
  • 20. CUPID AVAILABILITY •Ask me for source code in private (for damage control) •Will (maybe) wait a few days before releasing to public •Tip to vendors: do not expect responsible disclosure for an exploit to a vulnerability that’s almost 2 months old...
  • 21. LESSONS LEARNED •OpenSSL sucks •Learned a bit more about: • TLS Protocol • EAP Protocol •Sacred cows killed: •“heartbleed can only be exploited over TCP connections” •“heartbleed can only be exploited after TLS handshake”
  • 22. FUTURE WORK & RECOMMENDATIONS •Improve patch and test ALL the things!! •Try different wireless devices •Compile and run wpa_supplicant-cupid on Android device •Look more closely for interesting bits of memory leaked. •Patch Wireless clients & Servers!