Cupid exploits Heartbleed bug on WiFi networks and Android
Posted on 02 June 2014.
Nearly two months have passed since the public revelation of the Heartbleed bug affecting the widely used open source cryptographic library OpenSSL. The reaction of the security community, software and hardware vendors, website owners and providers of online services was almos immediate and, for the first time ever, even the wider public knew that something was very wrong.

But since then, the frenzy has died down a bit, and many now believe that the danger has passed. Not so, says Luis Grangeia, partner and security services manager at SysValue.

He proved that the same exploit that has been used to exploit Heartbleed can also be used to target any device running an unpatched version of OpenSSL, and he says the attack is successful against wireless and some wired networks. He dubbed the exploit "Cupid."

"Cupid is the name I gave to two source patches that can be applied to the programs 'hostapd' and 'wpa_supplicant' on Linux. These patches modify the programs behavior to exploit the heartbleed flaw on TLS connections that happen on certain types of password protected wireless networks," he explained in a blog post on Friday.

"This is basically the same attack as Heartbleed, based on a malicious heartbeat packet. Like the original attack which happens on regular TLS connections over TCP, both clients and servers can be exploited and memory can be read off processes on both ends of the connection. The difference in this scenario is that the TLS connection is being made over EAP, which is an authentication framework/mechanism used in Wireless networks. Itís also used in other situations, including wired networks that use 802.1x Network Authentication and peer to peer connections."

"EAP is just a framework used on several authentication mechanisms. The ones that are interesting in this context are: EAP-PEAP, EAP-TLS and EAP-TTLS, which are the ones that use TLS," he concluded.

The exploit can be successfully turned against Android devices running 4.1.0 or 4.1.1, Linux systems/devices that still have older OpenSSL libraries, and most corporate managed wireless solutions as they use EAP based authentication mechanisms. Most home routers cannot be targeted, as they use those particular authentication mechanisms.

He also pointed out that previous beliefs that Heartbleed can only be exploited over TCP connections and after a TLS handshake are false.

He published the exploit code and asked researchers to test it against more networks and devices.









Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //