Business travelers who tether their iPhones as mobile hotspots beware. Researchers at the University of Erlangen-Nuremberg in Germany have discovered a weakness in the way iOS generates default passwords for such connections that can leave a user’s device vulnerable to man-in-the-middle attacks, information leakage or abuse of the user’s Internet connection.
Andreas Kurtz, Felix Freiling and Daniel Metz published a paper that describes the inner workings of how an attacker can exploit the PSK (pre-shared key) authentication iOS uses to establish a secure WPA2 connection when using the Apple smartphone as a hotspot. The researchers said that attackers would find the least resistance attacking the PSK setup rather than trying their hand at beating the operating system’s complex programming layers.
During the PSK setup, users have to establish a password to protect the session. In previous versions, users were able to choose their own passwords, but in iOS 6 for example, the operating system proposes four-to-six-character passwords generated from a default list of 1,842 words and then tags on a random four-digit number. The mechanism relies on words vulnerable to dictionary or brute-force attacks, and builds primarily from a list of 10 common words such as “suave,” “head,” “coal,” and “coach.” Using additional hardware to guess the four-digit number, the researchers were able to crack the tethering passwords in less than a minute.
“The process of selecting words from that word list is not random at all, resulting in a skewed frequency distribution and the possibility to compromise a hotspot connection in less than 50 seconds,” the paper said. “Spot tests show that other mobile platforms are also affected by similar problems. We conclude that more care should be taken to create secure passwords even in PSK scenarios.”
WPA2 supports two authentication methods: a RADIUS server or a shared key. For mobile hotspots, the research paper said session authentication and encryption relies on a password which is used to derive a PSK which is used with in a four-way handshake to create temporary keys used to encrypt sessions and do integrity checks. An attacker would need to capture one of the four-way handshakes between the Wi-Fi device and hotspot and conduct a brute-force attack to crack the password.
“It should be noted that all generated keys are only valid for the lifetime of a single session and that generation of those keys only relies on the PSK,” the paper said. “This implies that the security level of the whole mobile hotspot depends on the quality of the passphrase.”
Mobile devices already have a significant attack surface which is exacerbated by the multiple ways they’re enabled to connect to the Internet, via everything from Wi-Fi to Bluetooth, NFC, RFID, and over cellular radio standards such as GSM and CDMA. Once the hotspot feature is enabled, a software-based access point churns up allowing other wireless devices to connect using PSK. This can lead to a number of additional risks, elevated by the weak passwords.
The researchers said they were able to find not only the password scheme but the relatively short list of words used by iOS to develop default passwords by reverse engineering iOS mobile hotspots. Initial attempts against a pre-determined list of more than 52,000 words took close to an hour to crack, which is not a realistic attack against a business traveler, for example. Deeper digging eventually extracted the exact word list from the official Preferences system app which generates the default passwords, the paper said.
“We found out, that every time a new hotspot password is generated an English-language dictionary file is accessed from the file system,” the paper said. “Consequently, we monitored all accesses to the file system by intercepting all open() system calls to the iOS kernel and analyzed the corresponding backtrace of the method calls that caused this file access.”
In order to pull off an attack, someone would have to monitor Wi-Fi traffic and wait for a wireless client to connect to a mobile hotspot, de-authenticate a client, forcing the user to reconnect, which increases the possibility of capturing the four-way handshake necessary to snare the PSK. An attacker, the researchers said, could use freely available tools to pull off each step of the attack, including identifying iOS targets, de-authenticating wireless clients, capturing the WPA handshake and cracking the passwords.
The researchers said they built an app called Hotspot Cracker which automates the generation of the word list used for default passwords.
“The app also gives explanations and hints on how to crack a captured WPA handshake using well-known password crackers,” the paper said. “Future releases might also automate the process of capturing and cracking hotspot passwords. As computing power on smart devices is limited, one solution is to involve online password cracking services like CloudCracker, to crack hotspot passwords on-the-fly.”