Heartbleed Exploitable Over Enterprise Wireless Networks

open ssl heartbleed

The Heartbleed OpenSSL vulnerability can be exploited over wireless networks, according to a researcher who released PoC code for attacks against wireless authentication programs hostapd and wpa_supplicant.

Regardless that the fervor over the Heartbleed OpenSSL vulnerability has died down considerably, patching the bug should remain a top priority for enterprises because researchers continue to find new exploit vectors.

The latest takes aim at Heartbleed over wireless networks. A researcher with Portugal-based consultancy Sysvalue has shared details of attacks he calls Cupid in which he has built patches that modify hostapd and wpa-supplicant, two programs that act as wireless access and authentication management points. Hostapd, for example, sets up a configurable access point; it’s supported on Linux. Hackers could create a wireless network configuration of their choosing that would allow vulnerable clients to connect to it. Wpa_supplicant, also supported on Linux and Android, is used to connect to wireless networks.

“My Cupid patch is a series of modifications to those programs to trigger the vulnerability in order to check for vulnerable clients and servers,” researcher Luis Grangeia told Threatpost.

Grangeia’s attacks exploit Heartbleed without establishing a full TLS handshake.

Grangeia’s attacks exploit Heartbleed without establishing a full TLS handshake, sending an illicit heartbeat request right after Client Hello and before any crypto keys or certificates have been exchanged, he said. This behavior, meanwhile, is expressly forbidden in the TLS specification.

Heartbleed is a vulnerability in certain OpenSSL implementations. Despite the availability of a patch and encouraging remediation numbers from several sources, attacks have been escalating against VPN infrastructure, critical industrial control systems and others, in addition to vulnerable web servers.

Heartbleed is an exploit against a problem in OpenSSL’s heartbeat functionality, which if enabled, returns 64KB of memory in plaintext to any client or server requesting a connection. Already, there have been reports of attackers using Heartbleed to steal user names, session IDs, credentials and other data in plaintext if the attack is repeated enough times. More critically, researchers have also been able to piece together enough information to successfully reproduce a private SSL key.

Grangeia said he has yet to analyze the memory dumps he was able to collect.

“My point in releasing the [proof of concept] code is to get more people working on testing different configurations and analyzing the results,” he said.

In Grangeia’s attack, the TLS connection is not made over TCP, but rather over EAP, a wireless network authentication framework. Some wired networks built on 802.1x and peer-to-peer connections also use EAP; EAP-PEAP, EAP-TLS and EAP-TTLS connect over TLS, he said.

“To exploit vulnerable clients, hostapd (with the cupid patch) can be used to setup an ‘evil’ network such that, when the vulnerable client tries to connect and requests a TLS connection, hostapd will send malicious heartbeat requests, triggering the vulnerability,” Grangeia explained on his website. “To exploit vulnerable servers we can use wpa_supplicant with the cupid patch. We request a connection to a vulnerable network and then send a heartbeat request right after the TLS connection is made.”

The attacks work on password-protected networks because the vulnerability is triggered before a user would have to authenticate, he said.

Grangeia pointed out that the default installations of both wireless programs can be exploited on Ubuntu Linux running a vulnerable version of OpenSSL. He said that Android 4.1.0 and 4.1.1. also ship with a vulnerable version of OpenSSL and use wpa_supplicant to connect to wireless networks, and could be vulnerable as well. Grangeia said he was not able to test the vulnerable versions of Android.

“This needs to be tested in practice, as Google (or other phone manufacturers) could have compiled OpenSSL with the heartbeat extensions turned off,” he said.

In the meantime, enterprise network managers should be double checking their wireless deployments.

“I actually believe the most serious attack vectors are vulnerable corporate wireless solutions and network access control solutions,” he said. “Vendors should double check their firmware and notify customers, because this vulnerability has the potential to give attackers an open door to their customer’s networks.”

Suggested articles