Offline Cryptographic Attacks Targeting the Wi-Fi Protected Access 2 Protocol

On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network.

Both the Wi-Fi Protected Access (WPA) and the Wi-Fi Protected Access 2 (WPA2) protocols are known to be susceptible to offline cryptographic attacks when a PSK is used as an authentication mechanism. This is not a new vulnerability or a new attack against these protocols. This is a new vector that allows an attacker to obtain the information required to attempt an offline attack against the PSK.

This new method is different from the existing attacks against the PSK because it does not require an attacker to wait for an Extensible Authentication Protocol over LAN (EAPOL) authentication exchange, capture it, and proceed to attempt an offline PSK recovery. This new vector allows an attacker to extract the required information from a single wireless frame transmitted during a roaming event. The following conditions for this capture apply:

  • The frame contains a Robust Security Network-Pairwise Master Key Identification (RSN-PMKID) option
  • The wireless infrastructure is configured to use WPA2 with a PSK mode of authentication
  • The wireless infrastructure supports the Proactive Key Caching (PKC) fast roaming option (PMKID roaming)

The wireless frame can be acquired by passively listening to traffic from the wireless network during the roaming.

It is important to note that this method does not make it easier or faster to recover the PSK for a Wi-Fi network. Instead, it is easier for an attacker to collect the information required to conduct a subsequent offline cryptographic attack. The likelihood of a successful recovery of the PSK is highly dependent on the complexity of the PSK in use.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180809-wpa2

Security Impact Rating: Informational

Related:

  • No Related Posts

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
 
The vulnerability is due to improper input validation on fields within CAPWAP Discovery Request packets by the affected device. An attacker could exploit this vulnerability by sending malicious CAPWAP Discovery Request packets to the Cisco WLC Software. A successful exploit could allow the attacker to cause the Cisco WLC Software to disconnect associated access points (APs). While the APs disconnect and reconnect, service will be unavailable for a brief period of time, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-dos

Security Impact Rating: High

CVE: CVE-2018-0443

Related:

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Information Disclosure Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
 
The vulnerability is due to insufficient condition checks in the part of the code that handles CAPWAP keepalive requests. An attacker could exploit this vulnerability by sending a crafted CAPWAP keepalive packet to a vulnerable Cisco WLC device. A successful exploit could allow the attacker to retrieve the contents of device memory, which could lead to the disclosure of confidential information.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-capwap-memory-leak

Security Impact Rating: High

CVE: CVE-2018-0442

Related:

Error: “Gateway is not Reachable”, Connection Goes Down After the VPN Tunnel is Established

  • Citrix Virtual Adapter is registered as an Ethernet adapter. Starting with Windows 8, the WCMSVC (Windows Connection Manager) disconnects low speed connections because an Ethernet Adapter is seen as more reliable and provides better performance compared to other adapters. That’s the reason, Wi-Fi, 3G/4G adapters get disconnected. But those connections are needed for actual communication with VPN gateway, VPN plugin shows “Gateway is not reachable”.

  • Related:

    Engineer says Emirate is virtually handing customer data to hackers

    … such as attacker’s access to the wireless networks of a victim, and thus are much less critical than, for example, SQL injection vulnerabilities,” says Kolochenko. “Nonetheless, these risks are material: some cybercrime gangs compromise and backdoor public wi-fi routers to intercept plaintext passwords …

    Related:

    Making Spotty WiFi a Bad Memory with the Latitude 7490

    EMC logo


    How many times have you arrived at a meeting on time, only to watch the presenter spend ten minutes troubleshooting a shaky WiFi connection? Or, you’re working from a coffee shop and, after a few minutes of feeling like the “Can you hear me now?” guy with a PC, you realize there’s only one corner with reliable connectivity.

    Dell Latitude 7490 laptop

    WiFi isn’t a nicety for today’s workforce, it’s a necessity. When your connection works, you don’t think about it, but when it doesn’t, work stops.

    Spotty connectivity is not only irritating for workers, it’s also a challenge for IT tasked with broadcasting solid WiFi to the farthest reaches of campus.

    It’s with this rampant problem in mind that Dell is excited to introduce the Dell Latitude 7490 with Intelligent Wireless, featuring the exclusive Active Steering Antenna (ASA) technology, announced at CES 2018.

    How ASA Makes the Most of Weak WiFi

    ASA is designed to give the Latitude 7490 connectivity superpowers. It intelligently detects the location of the strongest wireless signal and reconfigures itself to use that path.

    Think of it like this. Say you’re out to dinner with a friend and that person launches into a story. Will you be able to hear better if you’re facing that person or if your back is turned? That may seem like a silly question, but your PC’s WiFi antenna may very well have its back turned on the best reception spot in the room without your knowing it.

    Effectively, ASA technology makes sure your laptop antenna is “facing” the strongest WiFi signal for the best possible connection.

    How? The antenna chooses from multiple different radio wave patterns to automatically find and lock into the optimal choice for the environment, helping to eliminate dead spots and deliver a more reliable WiFi connection with increased, range and speed.

    ASA Test Performance

    In Dell’s real-world tests, the Latitude 7490 offered substantial throughput improvements over non-ASA-enabled laptops. The most significant improvements were in the locations and orientations where signal reception is on the edge of usability.

    On average, the Latitude 7490 with ASA technology experiences a 40 percent average 11ac throughput enhancement over the same laptop with a passive antenna solution. That translates into fewer dropped connections, successful file transfers and faster email syncs, even on the fringe of the network.

    The Future of Intelligent Wireless

    ASA is an important step in Dell’s journey to improve connectivity for mobile workers. For users, it means less time spent troubleshooting their connection and more time being productive. For IT, it means that last mile of coverage on campus is no longer the last mile.

    Dell is proud to be the first and only to offer ASA technology, exclusively available in certain configurations of the Dell Latitude 7490. There are more connectivity advancements to come as we continue working to solve the real challenges our commercial customers face on a daily basis.

    For the workers relying on a wireless connection to access company files, collaborate and communicate throughout the day (in other words: just about everyone), spotty connectivity is a serious hurdle. Dell is giving those workers tools to be productive and to office anywhere.



    ENCLOSURE:https://blog.dell.com/uploads/2018/02/dell-latitude-7490_964x500.jpg

    Update your feed preferences


       

       


       


       

    submit to reddit
       

    Related:

    Online Hello From Pyongyang: Airport May Boast Sort of Wi-Fi – Report

    Despite North Korea traditionally being one of the least Wi-Fi friendly countries, its main internet provider appears to have put a router at the international departure area of Pyongyang’s airport, Eric Talmadge, AP’s Pyongyang bureau chief since 2013, wrote.

    The service is only available or better say visible, to travelers who have gone through the customs area and arrived at the departures lobby. Talmadge, who has traveled to North Korea and back dozens of times, said he, surprisingly enough, noticed a familiar three-bar sign at the lobby while he was expecting his return flight and decided to give it a try.

    Having paid two dollars for allegedly 30 mins of internet surfing he was hardly shocked to find the password an attended had given him on a slip of paper did not work. Nor did it start working when an amiable staffer from the internet service area rushed to help.

    What was comforting indeed, is that Talmadge knew perfectly well that airport Wi-Fi, the way it operates around the globe, is more “aspirational” than “functioning”, since it outright exposes devices to hackers’ attacks.

    READ MORE: PornHub Reveals North Korean Elite’s Porn Preferences

    Still, according to the journalist, the whole story bears pretty much resemblance to, for instance, newly-maintained but half-working ATM or coffee vending machines, with developers having rendered it absolutely impossible to make use of them:

    “Despite its own instructions, for the life of me, I couldn’t find a slot on the machine to insert my money or any indication of how much it would cost,” Talmadge wrote, not, though, dismissing the idea that the airport Wi-Fi could have been in a test mode.

    North Korea has recently allowed more citizens to access smartphones and an isolated intranet, enabling citizens who can afford it to communicate in a novel way and thus giving the dictatorship new opportunities to monitor its people and boost its powers. Meanwhile, the Internet is left to be a prerogative of the select few, or the trusted elite that is allowed to surf the Internet with relative freedom.

    Related:

    Remote Desktop block when connected to my company WiFi?

    I need a solution

    I have a Symatec block when trying to access my computer on a RD Client from a IPad WHEN my computer is connected to the WiFi network in my office.

    When I connect with a network cable in my office all is working fine with remote desktop and RD Client. I have no oppertunity to run a 20 meter cable, please support with this blocking in Symatec!

    Security History: ‘Medium’ ‘Unauthorized access blocked (Access Process Data)’ ‘Blocked’

    0

    Related:

    Keep Your Customers and Employees Happy with a Wi-Fi Network That Just Works

    OfficeConnect Wi-Fi makes it simple for small businesses to offer fast, reliable connectivity to employees and guests.

    HPE OC20_blog.jpgBeing a small business doesn’t mean that you need to make sacrifices—and that includes your network. The consumer-grade wireless router and switch you bought at the office supply store were fine when you started out, but as your business grows and your staff rely on more mobile devices and applications, the demands can quickly overwhelm your network and degrade the end user experience.

    We all know how frustrating it is when wireless connectivity fails or you are waiting for a spinning wheel to access an application. To support your business-critical voice, video and cloud-based applications, you need fast, ultra-reliable Wi-Fi and wired connectivity that’s simple to set up and simply works. That’s what HPE OfficeConnect OC20 delivers.

    Ready-to-go Wi-Fi for non-technical users

    As a small business, you face big challenges every day, but Wi-Fi shouldn’t be one of them. HPE OfficeConnect OC20 access points (APs) provide your employees and guests with super-fast and reliable Wi-Fi.

    With an intuitive mobile app, you can easily set up and monitor your network in minutes—all from your smartphone. The companion Android or iOS mobile app does all the heavy lifting for you. It automatically discovers the new OfficeConnect AP—all you need to do is create a network name and password, and your network is ready to go. When you’re ready to expand, new APs will automatically join the existing network, with no setup required.

    With OC20, you no longer have to worry about complex Wi-Fi settings or managing your Wi-Fi network. The APs intelligently optimize your Wi-Fi coverage and performance to keep your employees connected and your applications running at top speed. And with the OfficeConnect mobile app, you can quickly monitor your network at a glance, including wireless performance, how many devices are on and who’s connected to the Wi-Fi network.

    Build your clientele while keeping your network secure

    Offering guest Wi-Fi can help you build your client base. Today’s customers expect to stay connected while they wait and will quickly find their way to businesses that offer free Wi-Fi. With the OC20 APs, you can offer your customers secure access to your Wi-Fi network. OC20 keeps your guest network separate from your employee network, thereby preventing guests from accessing your corporate data.OC20_2J.jpgOC20_1J.jpg

    You can even build your brand by customizing your guest log-in page with your logo or create a guest access schedule that limits access to specific days and times. For example, you can provide Wi-Fi access only during business hours from 8am to 5pm.

    The OfficeConnect OC20 APs are specifically designed to keep your network secure and protected. With our customizable website filtering, you can set access guidelines for employees and guests to further protect your network from online threats. For example, you can block access to malicious websites or objectionable content, all with the touch of a button.

    Smart managed switches to power your Wi-Fi network

    OfficeConnect1920S J.jpgOur smart managed switches like the OfficeConnect 1920S come with many advanced features that can secure and optimize your network. They’re simple to configure and easy to manage through a web-based browser, even if you don’t have a network admin on staff. These switches not only improve the availability of business-critical applications, they also protect sensitive information by tightly enforcing network access controls, while optimizing network bandwidth for increased productivity and efficiency. With Power over Ethernet (PoE+), you also can power your wireless access points, security cameras, IP phones and a host of other IP devices without the cost of additional cabling and with the OfficeConnect mobile app. You can even monitor your 1920S switches as well as your wireless network.

    HPE OfficeConnect solutions make managing technology easy and simple. So you can focus on what matters to you—growing your business.

    Read the OC20 solution brief.

    Learn more about OC20.

    And check out our previous blog that talks about Wi-Fi for Small Businesses Made Simple.

    Learn more about Small Business OfficeConnect Portfolio:www.hpe.com/officeconnect

    Related: