| ▲ | economistbob 3 hours ago |
| I just read the paper, and my take is that practically every home wifi user can now get pwned since most WiFi routers use the same SSID and 2.4 and 5Ghz. It can even beat people using Radius authentication, but they did not deep dive on that one. I am curious about whether the type of EAP matters for reading the traffic. Essentially everyone with the SSID on multiple access point MAC addresses can get pwned. Neighhood hackers drove me to EAP TLS a few years ago, and I only have it on one frequency, so the attack will not work. The mitigation is having only a single MAC for the AP that you can connect to. The attack relies on bouncing between two. A guest and regular, or a 2.4 and 5, etc. I need to research more to know if they can read all the packets if they pull it off on EAP TLS, with bounces between a 2.4 and 5 ghz. It is a catastrophic situation unless you are using 20 year old state of the art rather that multi spectrum new hotness. It might even get folks on a single SSID MAC if they do not notice the denial of service taking place. I need to research the radius implications more. TLS never sends credentials over the channel like the others. It needs investigation to know if they get the full decryption key from EAP TLS during. They were not using TLS because their tests covered Radius and the clients sending credentials. It looks disastrous if the certificates of EAP TLS do not carry the day and they can devise the key. That is my take. |
|
| ▲ | supernetworks 2 hours ago | parent | next [-] |
| EAP TLS provides strong authentication, is much better than the other enterprise authentication options, but will not block these lateral attacks from other authenticated devices. The second half of the deployment is putting each identity into a VLAN to defend against the L2/L3 disconnects that can occur. I work on https://supernetworks.org/. We propose a solution to these flaws with per-device VLANs and encourage per-device passwords as well. More practically the risk for these attacks is as follows. A simple password makes sense for easy setup on a guest network, that's treated as untrusted. These passwords can probably be cracked from sniffing a WPA2 key exchange -- who cares says the threat model, the network is untrusted. But this attack lets the insecure network pivot out into the secure one. |
| |
| ▲ | economistbob 2 hours ago | parent [-] | | My consumer grade routers cannot handle all that fancy VLAN stuff. Thanks for mentioning that. | | |
| ▲ | wtallis an hour ago | parent [-] | | More precisely: the manufacturer's software on your consumer grade routers refuses to expose that functionality to the end user. They're almost always relying on VLANs behind the scenes to separate the WAN and LAN ports. |
|
|
|
| ▲ | Sytten 2 hours ago | parent | prev | next [-] |
| They still need to be able to connect to one of the network no? So a home network without guest would be fine is my understanding? |
| |
| ▲ | economistbob 2 hours ago | parent | next [-] | | It requires disassociating and reassociating to the MAC so it requires two, which would cause a denial of service one would notice while watching it. Whether they can denial of service their way to the key, while someone is not actively watching, was not addressed. The paper is about essentially getting data from clients when there are two MACs. They glossed over the one MAC situation by saying someone would notice it so it was not useful. My concern is doing it asynchronously against things when no one is watching. Basically it takes turn being the client and the AP both so that it can get the traffic from both. It is an evil twin attack doubled. It might have broken EAP TLS. If your wifi is off when you are not using it and you are not getting denial of serviced while using it and you have only one Mac for your SSID, this attack is not occuring. | |
| ▲ | varispeed 2 hours ago | parent | prev [-] | | Social vector? Come up with some tradesperson spiel if person invites home, ask for wifi password, you are in. Some people also have passwords easy to break. Friend of mine literally had "hunter22" as WiFi password. | | |
| ▲ | economistbob 2 hours ago | parent [-] | | I had organized neighbors who broke WPA3 using tools, i disabled downgrade to WPA2 and they still broke it. I had one that setup an evil twin to catch my Linux login They stole the IP of one of boxes so they could get my login, and joined my network to setup the credential stealer. I caught this when my password didn't work at the ssh login. That was an apartment and they knew when I caught them. The problem is not wardrivers. The problem is your neighbors running 24x7 cyber operations. It happens everywhere. When I moved to a house there was a persistent attacker, and finally I setup my own key and authentication infrastructure. They broke everything. Finally I had to go EAP TLS and rotate certificates every three months. Evil twin attack that keeps switching sides... The first of its kind, soon to be automated into a single button if it isn't already. Does the temporal key mechanisms prevent them from taking a key they denial of serviced their way to while I was work -- do the temporal mechanisms prevent them from sniffing all my packets when I get home. They will not use it to get data during the denial of service.... But if they can get that radius key and use it five hours later during some backups or something... That is the question. | | |
|
|
|
| ▲ | jcalvinowens 2 hours ago | parent | prev [-] |
| > Essentially everyone with the SSID on multiple access point MAC addresses can get pwned You still have to be able to authenticate to some network: the spoofing only allows users who can access one network to MITM others, it doesn't allow somebody with no access to do anything. In practice a lot of businesses have a guest network with a public password, so they're vulnerable. But very few home users do that. |
| |
| ▲ | economistbob 2 hours ago | parent | next [-] | | I run a website, video game servers, and Nextcloud. I have the nextcloud set to only allow access from my IP. It has to be open to the world with a domain name so I can use LetsEncrypt certs so it cannot only use private ip addresses which cannot be easily configured and trusted for https. I have been relying on EAP TLS via wifi so my phones could upload their photos and videos to Nextcloud.It was way cheaper than doing it via AWS, which is what I used to do and used ethernet LAN connections only. If this works asynchronously across time to allow authentication to my network which uses EAP TLS, will knock me out of being able to use Nexctloud on my mobile devices since plugging an ethernet in after I take photos is too cumbersome to do very often. I love Nextcloud, but do not want to pay Amazon for EC2 etc. My read is this allows them to mimic both client and access point to assemble the handshake and obtain radius authentication. Rather than have to verify a certificate on the client or crack complex passwords, they pretend to the client sending the response it sends when the certificate is verified. Then they switch MAC to the SSID MAC and send the next part to the client. Previous evil twin attacks were one sided rather than basic frame assemblers. I read that paper as describing a successful reconstruction of the Radius authentication handshakes at layer 2 after the fact for use later rather than caring about actual certificate validations. Basically handing a three letter agency quality tool to the Kali Linux fan club. I am hoping I read it wrong, | | |
| ▲ | jcalvinowens 10 minutes ago | parent [-] | | I admittedly don't have practical experience with RADIUS, but I read it as a more narrow attack: > We verified that an attacker, having intercepted the first RADIUS packet sent from the enterprise AP, can brute-force the Message Authenticator and learn the AP passphrase. I thought RADIUS fundamentally negotiates based on a PSK between the AP and the RADIUS box, which the attacker doesn't have? They're saying this gives you the ability to brute force that PSK, but if the PSK isn't weak (e.g. a dictionary word) that's hopeless. |
| |
| ▲ | 2OEH8eoCRo0 2 hours ago | parent | prev [-] | | It is common for ISPs to issue network equipment that enable a guest network by default. I wonder if those are vulnerable. |
|
